Mcrypt_Decrypt() Error Change Key Size

mcrypt_decrypt() error change key size

Did you update to 5.6? It says

Invalid key and iv sizes are no longer accepted. mcrypt_decrypt() will now throw a warning and return FALSE if the inputs are invalid. Previously keys and IVs were padded with '\0' bytes to the next valid size.

Reference

Read the last line of that quote, and there you will find your solution :)

mcrypt_decrypt(): Key of size 15 not supported by this algorithm. Only keys of sizes 16, 24 or 32 supported

That means you need to pad your key with \0 (that's what previous versions were doing for you)

$key=$key."\0";

mcrypt_decrypt() error change key size

Did you update to 5.6? It says

Invalid key and iv sizes are no longer accepted. mcrypt_decrypt() will now throw a warning and return FALSE if the inputs are invalid. Previously keys and IVs were padded with '\0' bytes to the next valid size.

Reference

Read the last line of that quote, and there you will find your solution :)

mcrypt_decrypt(): Key of size 15 not supported by this algorithm. Only keys of sizes 16, 24 or 32 supported

That means you need to pad your key with \0 (that's what previous versions were doing for you)

$key=$key."\0";

mcrypt_encrypt(): Key of size

Used to be if your key was too short that PHP would pad it with \0. This is no longer the case since PHP version 5.6.0. You should check how big required key is for the cipher being used: http://php.net/manual/en/function.mcrypt-get-key-size.php Note there are other ways to check key size, check the documentation. Simple way I understand key size: a string like 'fubar' in ASCII is 5 * 8 = 40 bytes (8 bytes per char). But that's making assumptions about character set in use. Some comments at php.net better explain how to roll a key of correct size:

$key = pack('H*', "bcb04b7e103a0cd8b54763051cef08bc55abe029fdebae5e1d417e2ffb2a00a3");

Here the 64 char string will be converted into 32 byte key because bc is a byte, b0 is another, etc. From http://php.net/manual/en/function.mcrypt-encrypt.php

You can double check number of bytes with strlen(). From above example strlen($key) will print out 32.

mcrypt_decrypt(): Size of key is too large for

The error message says it all. AES256 requires a 256-bit (that is, 8 character) key; the key you are passing to it is too large.

mcrypt warning on update to php 5.6.2; Key of size x not supported

Before this change, keys of an invalid size were padded with \0 up to the next valid keysize, so presumably you should be able to do the same with your key by adding four null bytes \0\0\0\0 to the end.

Now the caveat is that of course this is a weak key that will not provide the intended level of security, but it isn't going to be any worse than it already was, and you have other significant security issues with how you're encrypting as well, such as the use of ECB mode which is generally disastrous for security.

So, when you do decide it's time to update, choosing a key of a valid size is only one of the changes that needs to be made, and you should probably be do this as soon as you feasibly can.

---

Related Topics