Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
php AES-128-CBC mcrypt & openssl
<?php
function encrypt_mcrypt($msg, $key, $iv = null) {
$iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC);
if (!$iv) {
$iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
}
$pad = $iv_size - (strlen($msg) % $iv_size);
$msg .= str_repeat(chr($pad), $pad);
$encryptedMessage = mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $key, $msg, MCRYPT_MODE_CBC, $iv);
return base64_encode($iv . $encryptedMessage);
}
function decrypt_mcrypt($payload, $key) {
$raw = base64_decode($payload);
$iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC);
$iv = substr($raw, 0, $iv_size);
$data = substr($raw, $iv_size);
$result = mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $key, $data, MCRYPT_MODE_CBC, $iv);
$ctrlchar = substr($result, -1);
$ord = ord($ctrlchar);
if ($ord < $iv_size && substr($result, -ord($ctrlchar)) === str_repeat($ctrlchar, $ord)) {
$result = substr($result, 0, -ord($ctrlchar));
}
return $result;
}
function encrypt_openssl($msg, $key, $iv = null) {
$iv_size = openssl_cipher_iv_length('AES-128-CBC');
if (!$iv) {
$iv = openssl_random_pseudo_bytes($iv_size);
}
$encryptedMessage = openssl_encrypt($msg, 'AES-128-CBC', $key, OPENSSL_RAW_DATA, $iv);
return base64_encode($iv . $encryptedMessage);
}
function decrypt_openssl($payload, $key) {
$raw = base64_decode($payload);
$iv_size = openssl_cipher_iv_length('AES-128-CBC');
$iv = substr($raw, 0, $iv_size);
$data = substr($raw, $iv_size);
return openssl_decrypt($data, 'AES-128-CBC', $key, OPENSSL_RAW_DATA, $iv);
}
@henryatman

This comment has been minimized.

Copy link

henryatman commented Dec 18, 2017

thank you

@waltzie

This comment has been minimized.

Copy link

waltzie commented Feb 6, 2019

AES-256 refers to the key size, where the 256 in RIJNDAEL refers to block size
The above code work only if the MCRYPT_RIJNDAEL_128 encryption is made using a 128bit keysize.

Below the code to be able to decrypt MCRYPT_RIJNDAEL_128 encrypted using a 256 bit keylen

// ZERO Padding ISO/IEC 9797-1, ISO/IEC 10118-1
function pad_zero($data) {
$len = mcrypt_get_block_size (MCRYPT_RIJNDAEL_128,MCRYPT_MODE_CBC);
if (strlen($data) % $len) {
$padLength = $len - strlen($data) % $len;
$data .= str_repeat("\0", $padLength);
}
return $data;
}

function encrypt_openssl($msg, $key, $iv) {
$encryptedMessage = openssl_encrypt(pad_zero($msg), 'AES-256-CBC', $key, OPENSSL_RAW_DATA|OPENSSL_ZERO_PADDING , $iv);
return $iv . $encryptedMessage;
}

function decrypt_openssl($data, $key) {
$iv_size = openssl_cipher_iv_length('AES-256-CBC');
$iv = substr($data, 0, $iv_size);
$data = substr($data, $iv_size);
$decrypted = openssl_decrypt($data, 'AES-256-CBC', $key,OPENSSL_RAW_DATA|OPENSSL_ZERO_PADDING , $iv);
$decrypted = rtrim($decrypted, chr(0));
return $decrypted;

@pzhuchkov

This comment has been minimized.

Copy link

pzhuchkov commented Mar 14, 2019

@waltzie thx.

I migrate from php 7.0 to 7.2 and remove mcrypt extension.
For correct encrypting data by openssl AES-128-CBC your example work fine

$json = ''; // your data for encrypt
$key = ''; // your key for encrypt

$cipher = "AES-128-CBC";
$options = OPENSSL_RAW_DATA | OPENSSL_ZERO_PADDING;

$ivSize = openssl_cipher_iv_length($cipher);`
$iv = openssl_random_pseudo_bytes($ivSize);

$cipherText = openssl_encrypt(pad_zero($json), $cipher, $this->key, $options, $iv);
$cipherText = $iv . $cipherText;

public function pad_zero($data)
 {
        $len = 16;
        if (strlen($data) % $len) {
            $padLength = $len - strlen($data) % $len;
            $data .= str_repeat("\0", $padLength);
         }
        return $data;
 }
@alexeygon

This comment has been minimized.

Copy link

alexeygon commented Oct 1, 2019

$pad = $ivSize - (strlen($plainText) % $ivSize); $plainText .= str_repeat(chr($pad), $pad);
Very helpful for me. Thank you!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.