PHP7.1 mcrypt alternative
You should use openssl_encrypt instead.
mcrypt is deprecated, what is the alternative?
It's best practice to hash passwords so they are not decryptable. This makes things slightly more difficult for attackers that may have gained access to your database or files.
If you must encrypt your data and have it decryptable, a guide to secure encryption/decryption is available at https://paragonie.com/white-paper/2015-secure-php-data-encryption. To summarize that link:
- Use Libsodium - A PHP extension
- If you can't use Libsodium, use defuse/php-encryption - Straight PHP code
- If you can't use Libsodium or defuse/php-encryption, use OpenSSL - A lot of servers will already have this installed. If not, it can be compiled with --with-openssl[=DIR]
Exact alternate to mcrypt_encrypt in PHP 7.2
You might need to "pad all the things"
If you read this entry on leaseweb it states over and over that mcrypt pads thing automatically to the correct block sizes that it can chew. That leads of course to different outputs because of all the null bytes.
So I'd suggest you make sure all your data you feed into your phpseclib code are padded with the correct amount of null bytes to simulate the input mcrypt feeds into the cipher.
Default if you look at the code of PHPSECLIB it pads by a character decided by the number of characters to pad.
mcrypt however pads with character 0.
So, let's fix this.
The changed code you need is:
$cipher->disablePadding();
$length = strlen($text);
$pad = 32 - ($length % 32);
$text = str_pad($text, $length + $pad, chr(0));
I used the latest version of PHPSECLIB as avaialble on github, so my code differs from your example code. This is the full working example on my machine.
<?php
include "vendor/autoload.php";
include "phpseclib/bootstrap.php";
set_include_path(get_include_path() . PATH_SEPARATOR . 'phpseclib');
include('Crypt/Rijndael.php');
include('Crypt/Random.php');
use phpseclib\Crypt\Rijndael as Crypt_Rijndael;
$text = '57F0-ECD3-1A3B-341E-BA39-F81B-F020-0DE0';
$secret = 'lkirwf897+22#bbtrm8814z5qq=498j5';
$iv = '741952hheeyy66#cs!9hjv887mxx7@8y';
function encrypt128($secret, $iv, $str)
{
return base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $secret, $str, MCRYPT_MODE_CBC, $iv));
}
function encryptRJ256($key,$iv,$text)
{
$cipher = new Crypt_Rijndael('cbc');
$cipher->setBlockLength(256);
// keys are null-padded to the closest valid size
// longer than the longest key and it's truncated
$cipher->setKeyLength(256);
$cipher->setKey($key);
// the IV defaults to all-NULLs if not explicitly defined
$cipher->setIV($iv);
$cipher->disablePadding();
$length = strlen($text);
$pad = 32 - ($length % 32);
$text = str_pad($text, $length + $pad, chr(0));
return base64_encode($cipher->encrypt($text));
}
function decryptRJ256($key,$iv,$text)
{
$cipher = new Crypt_Rijndael('cbc'); // could use CRYPT_RIJNDAEL_MODE_CBC
$cipher->setBlockLength(256);
// keys are null-padded to the closest valid size
// longer than the longest key and it's truncated
$cipher->setKeyLength(256);
$cipher->setKey($key);
// the IV defaults to all-NULLs if not explicitly defined
$cipher->setIV($iv);
$cipher->disablePadding();
return $cipher->decrypt(base64_decode($text));
}
echo $text;
echo encrypt128($secret, $iv, $text);
echo "\n";
$text = encryptRJ256($secret, $iv, $text);
echo $text;
echo "\n";
echo decryptRJ256($secret, $iv, $text);
Related Topics
I Cannot Use MySQL_* Functions After Upgrading PHP
How to Export a SQL Table Without Access to the Server or PHPmyadmin
PHP to Store Images in MySQL or Not
Why and How to Use Anonymous Functions in PHP
Convert Month from Name to Number
How to Check If an Uploaded File Is an Image Without Mime Type
PHP Simplexml Check If a Child Exists
Are the PHP Preg_Functions Multibyte Safe
How to Check the Performance of MySQL Indexing
How to Pass Jquery Variables to PHP Variable
Uploading a File in Chunks Using HTML5
How to Pass an Array via $_Get in PHP
PHP Warning Permission Denied (13) on Session_Start()
Pdostatement (Mysql): Inserting Value 0 into a Bit(1) Field Results in 1 Written in Table
PHP 7.4 Deprecated Get_Magic_Quotes_Gpc Function Alternative