Laravel - Decryptexception: 'The MAC Is Invalid'

Laravel - DecryptException: 'The MAC is invalid'

The problem is you generated a new APP_KEY, then if you try to decrypt the old encrypted data it will show the DecryptException: The MAC is invalid.

If you want to decrypt the old data you need to restore your old APP_KEY.

After realizing that, now, adding a new problem there, if you stored new data with another APP_KEY or another encryption method you have a problem on the data because they are mixed on the table.

In case you don't know when do you started with the new encrypt method or differentiate the new encrypted entries, the fastest solution would be reset all the passwords with the new encrypt method.

You can learn more about how Laravel encryption works on the official Laravel docs.

Laravel 5: Decryption error The Mac is invalid

It was an error on redis server.
Hope that someone will help.

what is difference in 'The MAC is invalid' and 'The Payload is invalid' laravel?

Laravel encode and decode with base64 the playload. Here take a look :

/**
 * Get the JSON array from the given payload.
 *
 * @param  string  $payload
 * @return array
 *
 * @throws \Illuminate\Contracts\Encryption\DecryptException
 */
protected function getJsonPayload($payload)
{
    $payload = json_decode(base64_decode($payload), true);

    // If the payload is not valid JSON or does not have the proper keys set we will
    // assume it is invalid and bail out of the routine since we will not be able
    // to decrypt the given value. We'll also check the MAC for this encryption.
    if (! $this->validPayload($payload)) {
        throw new DecryptException('The payload is invalid.');
    }

    if (! $this->validMac($payload)) {
        throw new DecryptException('The MAC is invalid.');
    }

    return $payload;
}

/**
 * Verify that the encryption payload is valid.
 *
 * @param  mixed  $payload
 * @return bool
 */
protected function validPayload($payload)
{
    return is_array($payload) && isset($payload['iv'], $payload['value'], $payload['mac']) &&
           strlen(base64_decode($payload['iv'], true)) === openssl_cipher_iv_length($this->cipher);
}

/**
 * Determine if the MAC for the given payload is valid.
 *
 * @param  array  $payload
 * @return bool
 */
protected function validMac(array $payload)
{
    $calculated = $this->calculateMac($payload, $bytes = random_bytes(16));

    return hash_equals(
        hash_hmac('sha256', $payload['mac'], $bytes, true), $calculated
    );
}

Illuminate/Encryption/Encrypter.php

As you can see there is a double check, if you modify manually the payload it won't necessarily have the correct structure and will return The payload is invalid.

Then, when the payload is valid, it will try with the MAC. When the content doesn't match, it will return The MAC is invalid.

The MAC Invalid

Try

php artisan cache:clear 
composer clear-cache 
composer dump-autoload

and clear browser cache

Refer this

How to solve The payload is invalid in Laravel 8 when the payload suddenly becomes NULL

As per official documentation

Laravel's encryption services provide a simple, convenient interface
for encrypting and decrypting text via OpenSSL using AES-256 and
AES-128 encryption.

All of Laravel's encrypted values are signed using a message
authentication code (MAC) so that their underlying value can not be
modified or tampered with once

Before using Laravel's encrypter, you must set the key configuration option in your config/app.php configuration file.

It means encryption decryption depends on app key value.If new app key generated then old encrypted value will not work with new app key

Ref:https://laravel.com/docs/8.x/encryption

Updated

The issue is encrypted value was stored partially in database table due to data type varchar(191).

So better to change data type varchar(191) to longtext or text

---

Related Topics