Preparing For Removal of Mcrypt in PHP 7.2

Preparing for removal of Mcrypt in PHP 7.2

You can't convert it, because Rijndael-256 is not AES-256, and the OpenSSL extension doesn't ship with Rijndael-256 support.

AES-256 is Rijndael-128 with a 256-bit (32-byte) key.

Unfortunately, you'll have to re-encrypt all of your data.

Edit: Also, the scheme you're currently using has some problems:

• It lacks authentication (HMACs are the easiest way to do it in PHP)
• It lacks proper padding (mcrypt pads with zero bytes; you need something like PKCS#5 padding instead), which is required for block mode encryption to be safe.
• It's not byte-safe (you're using mb_substr())

The good news is that OpenSSL will do PKCS#5 padding for you automatically, but you should go even further and use a solid encryption library like defuse/php-encryption.

How to remove mcrypt functions in php

Finally I got the solution - thank you all for your help and support by pushing me into the right direction and asking the right questions. The main thing I missed was ECB-Mode (I took CBC...). So all the stuff with the $iv wasn't really needed.

To complete the answer here my new functions:

function _encrypt_openssl($cleartext, $key = "th1s1sav3rys3cr3tk3y") {
   if ($m = strlen($cleartext) %8) {
      $cleartext .= str_repeat("\0", 8-$m);
   } 
   $encrypted_openssl = openssl_encrypt($cleartext , "DES-EDE3-ECB", $key, OPENSSL_RAW_DATA | OPENSSL_NO_PADDING, null);
   return bin2hex($encrypted_openssl);
}

function _decrypt_openssl($crypttext, $key = "th1s1sav3rys3cr3tk3y") {
   return openssl_decrypt(hex2bin($crypttext), 'DES-EDE3-ECB', $key, OPENSSL_RAW_DATA | OPENSSL_NO_PADDING, null);
}

PHP 7.2 with mcrypt in Windows

Basically I think you have mentioned all possibilities and you do not have a choice. Do not downgrade to PHP 5.6 this approach has no future.

MCrypt was removed from PHP for one of the main reasons why you want to upgrade PHP: Security. The MCrypt library is not maintained anymore. Therefore installing the MCrypt extension is also a bad idea. But it can be a temporary solution (follow e.g. those instructions https://serverpilot.io/community/articles/how-to-install-the-php-mcrypt-extension.html).

The only good solution is migrating from mcrypt to something else. There are questions regarding this topic on Stackoverflow already (e.g. Upgrading my encryption library from Mcrypt to OpenSSL). Alternativly you could use some encryption library. Migrating a large amount of code/data might be a pain but this is the most future-oriented approach in this case.

Cleaning up redundant PHP extensions - Switch everything to mcrypt or openssl?

I don't know if openssl is faster (I'd think so, because it's an extremely optimized library).
But openssl is much more powerful. If you could need some additional function in the near future (RSA for example or certificates) you'll need openssl. If you now decide to migrate to mcrypt, you'd need to migrate again.

Therefor I'd recommend openssl.

Decrypt mcrypt with openssl

If you encrypt in mcrypt without adding PKCS7 manually, mcrypt will happily pad your plaintext with NUL bytes.

OpenSSL will do PKCS7 padding for you whenever using aes-X-cbc. The unfortunate consequence of this is that if you have AES-CBC(NULL_PADDED(plaintext)) and try to decrypt it, openssl_decrypt will attempt to remove the padding and fail.

Compare http://3v4l.org/bdQe9 vs http://3v4l.org/jr68f and http://3v4l.org/K6ZEU

The OpenSSL extension does not currently offer you a way to say "This string is not padded, please don't strip the padding for me" and then remove the NUL bytes on your own. You must encrypt with PKCS7 padding in order for decryption to succeed.

Although this is a limitation of OpenSSL, it bears emphasizing that the only reason you're running into it is because mcrypt is terrible.

---

Related Topics