Skip to content

Instantly share code, notes, and snippets.

@srsbiz
Last active December 24, 2022 15:01
Show Gist options
  • Save srsbiz/8373451ed3450c0548c3 to your computer and use it in GitHub Desktop.
Save srsbiz/8373451ed3450c0548c3 to your computer and use it in GitHub Desktop.
php AES-128-CBC mcrypt & openssl
<?php
function encrypt_mcrypt($msg, $key, $iv = null) {
$iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC);
if (!$iv) {
$iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
}
$pad = $iv_size - (strlen($msg) % $iv_size);
$msg .= str_repeat(chr($pad), $pad);
$encryptedMessage = mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $key, $msg, MCRYPT_MODE_CBC, $iv);
return base64_encode($iv . $encryptedMessage);
}
function decrypt_mcrypt($payload, $key) {
$raw = base64_decode($payload);
$iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC);
$iv = substr($raw, 0, $iv_size);
$data = substr($raw, $iv_size);
$result = mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $key, $data, MCRYPT_MODE_CBC, $iv);
$ctrlchar = substr($result, -1);
$ord = ord($ctrlchar);
if ($ord < $iv_size && substr($result, -ord($ctrlchar)) === str_repeat($ctrlchar, $ord)) {
$result = substr($result, 0, -ord($ctrlchar));
}
return $result;
}
function encrypt_openssl($msg, $key, $iv = null) {
$iv_size = openssl_cipher_iv_length('AES-128-CBC');
if (!$iv) {
$iv = openssl_random_pseudo_bytes($iv_size);
}
$encryptedMessage = openssl_encrypt($msg, 'AES-128-CBC', $key, OPENSSL_RAW_DATA, $iv);
return base64_encode($iv . $encryptedMessage);
}
function decrypt_openssl($payload, $key) {
$raw = base64_decode($payload);
$iv_size = openssl_cipher_iv_length('AES-128-CBC');
$iv = substr($raw, 0, $iv_size);
$data = substr($raw, $iv_size);
return openssl_decrypt($data, 'AES-128-CBC', $key, OPENSSL_RAW_DATA, $iv);
}
@henryatman
Copy link

thank you

@waltzie
Copy link

waltzie commented Feb 6, 2019

AES-256 refers to the key size, where the 256 in RIJNDAEL refers to block size
The above code work only if the MCRYPT_RIJNDAEL_128 encryption is made using a 128bit keysize.

Below the code to be able to decrypt MCRYPT_RIJNDAEL_128 encrypted using a 256 bit keylen

// ZERO Padding ISO/IEC 9797-1, ISO/IEC 10118-1
function pad_zero($data) {
$len = mcrypt_get_block_size (MCRYPT_RIJNDAEL_128,MCRYPT_MODE_CBC);
if (strlen($data) % $len) {
$padLength = $len - strlen($data) % $len;
$data .= str_repeat("\0", $padLength);
}
return $data;
}

function encrypt_openssl($msg, $key, $iv) {
$encryptedMessage = openssl_encrypt(pad_zero($msg), 'AES-256-CBC', $key, OPENSSL_RAW_DATA|OPENSSL_ZERO_PADDING , $iv);
return $iv . $encryptedMessage;
}

function decrypt_openssl($data, $key) {
$iv_size = openssl_cipher_iv_length('AES-256-CBC');
$iv = substr($data, 0, $iv_size);
$data = substr($data, $iv_size);
$decrypted = openssl_decrypt($data, 'AES-256-CBC', $key,OPENSSL_RAW_DATA|OPENSSL_ZERO_PADDING , $iv);
$decrypted = rtrim($decrypted, chr(0));
return $decrypted;

@pzhuchkov
Copy link

@waltzie thx.

I migrate from php 7.0 to 7.2 and remove mcrypt extension.
For correct encrypting data by openssl AES-128-CBC your example work fine

$json = ''; // your data for encrypt
$key = ''; // your key for encrypt

$cipher = "AES-128-CBC";
$options = OPENSSL_RAW_DATA | OPENSSL_ZERO_PADDING;

$ivSize = openssl_cipher_iv_length($cipher);`
$iv = openssl_random_pseudo_bytes($ivSize);

$cipherText = openssl_encrypt(pad_zero($json), $cipher, $this->key, $options, $iv);
$cipherText = $iv . $cipherText;

public function pad_zero($data)
 {
        $len = 16;
        if (strlen($data) % $len) {
            $padLength = $len - strlen($data) % $len;
            $data .= str_repeat("\0", $padLength);
         }
        return $data;
 }

@alexeygon
Copy link

$pad = $ivSize - (strlen($plainText) % $ivSize); $plainText .= str_repeat(chr($pad), $pad);
Very helpful for me. Thank you!

@oliverdotbecker
Copy link

oliverdotbecker commented Mar 12, 2020

thanks @pzhuchkov.

Was able to replace the old mcrypt with some small changes!

Using "AES-256-CBC" instad of the 128 to replace the MCRYPT_RIJNDAEL_128.

@franciscols
Copy link

Thanks for the @srsbiz and @oliverdotbecker! That last clue (AES-256-CBC) was instrumental to help my problem!

@darwintnt
Copy link

It worked for me, thank you so much @srsbiz

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment