We Keep Coding

Encrypt with Crypto.JS and decrypt with PHP 7.3

I'm upgrading my code from PHP 5.6 to 7.3 which is a Woocommerce Plugin for my Ionic app. In the meantime I noted that mcrypt_decrypt is deprecated in PHP 7. I tried to figured out how to change my code, but it still does not return the same string. Here is my encryption code in the app:
var password = this.password;
if (this.appConfig.App_Secret != '') {
var key = CryptoJS.enc.Utf8.parse(CryptoJS.MD5(this.appConfig.App_Secret).toString());
var iv = CryptoJS.enc.Utf8.parse(CryptoJS.MD5(this.appConfig.App_Secret).toString().substr(0, 16));
password = CryptoJS.AES.encrypt(password, key, { iv: iv }).toString();
}
And this is my old decryption code in PHP:
$iv=substr(md5(get_option('sow_rest_api_secret')),0,16);
$key = md5(get_option('sow_rest_api_secret'));
$data = base64_decode($decrypt_str);
$result = mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $key, $data, MCRYPT_MODE_CBC, $iv);
return rtrim($result,"\0");
I change the line with the $result variable from
$result = mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $key, $data, MCRYPT_MODE_CBC, $iv);
to
$result = openssl_decrypt($data, 'aes-128-gcm', $key, $options=OPENSSL_RAW_DATA, $iv);
Can you give support?

Quoting this php.net comment:
Also, MCRYPT_RIJNDAEL_256 is not AES-256, it's a different variant of the Rijndael block cipher. If you want AES-256 in mcrypt, you have to use MCRYPT_RIJNDAEL_128 with a 32-byte key. OpenSSL makes it more obvious which mode you are using (i.e. 'aes-128-cbc' vs 'aes-256-ctr').
This means that you've been using AES-256 before, and not AES-128.
Furthermore, CryptoJS uses CBC mode by default, as correctly noted by #Topaco.
Putting this together:
$result = openssl_decrypt($data, 'aes-256-cbc', $key, $options=OPENSSL_RAW_DATA, $iv);
should give the same result, as your previous mcrypt_decrypt solution.

OpenSSL Encryption / Decryption php

I am doing encryption which is working good but with same method I am doing decryption I am getting blank string not getting decryption string. I am using method AES-256-ECB and key is hexadecimal so I pass as
$key = pack('H*','xxxxxxxxxxxx');
Encryption is going correct but decryption is not working. Please help me what I am doing wrong.
function encrypt(string $data, string $key, string $method): string
{
$ivSize = openssl_cipher_iv_length($method);
$iv = openssl_random_pseudo_bytes($ivSize);
$encrypted = openssl_encrypt($data, $method, $key, OPENSSL_RAW_DATA, $iv);
$encrypted = strtoupper(implode(null, unpack('H*', $encrypted)));
return $encrypted;
}
function decrypt(string $data, string $key, string $method): string
{
$data = pack('H*', $data);
$ivSize = openssl_cipher_iv_length($method);
$iv = $iv = openssl_random_pseudo_bytes($ivSize);
$decrypted = openssl_decrypt($data, $method, $key, OPENSSL_RAW_DATA, $iv);
return trim($decrypted);
}

Your functions are working perfectly for me with the following code:
$key = pack('H*','aaaaaaaaaaaaa');
$method = 'aes-256-ecb';
$encrypted = encrypt('test string', $key, $method);
$decrypted = decrypt($encrypted, $key.'a', $method);
echo $decrypted; // Output: 'test string'
Since you're getting an empty string for decryption, this means that you've either got the wrong key or cipher text when decrypting. Make sure the key you are using for decryption is exactly the same as the key you're using for encryption, including any manipulations done on it, such as the pack() function you've done here. Even one byte difference and you're not going to be able to decrypt.
Also make sure neither the key nor the cipher text are being truncated when they are stored. If using a database and the column type is too small for what you are trying to store, it will truncate the values.

PHP7.1 mcrypt alternative

Mcrypt function has been deprecated as of PHP 7.1.0.
My deprecated string encode / decode functions:
$key: secret key
$str: string
$encoded = base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, md5($key), $str, MCRYPT_MODE_CBC, md5(md5($key))));
$decoded = rtrim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256, md5($key), base64_decode($str), MCRYPT_MODE_CBC, md5(md5($key))), "\0");
Can you suggest some alternatives?

You should use openssl_encrypt instead.

Consider using defuse or RNCryptor, they provide a complete solution, are being maintained and is correct.

For MCRYPT_RIJNDAEL_256 I posted a full answer for PHP7.3 here: https://stackoverflow.com/a/53937314/243782
snippet:
works like this with the phpseclib library
$rijndael = new \phpseclib\Crypt\Rijndael(\phpseclib\Crypt\Rijndael::MODE_ECB);
$rijndael->setKey(ENCRYPT_KEY);
$rijndael->setKeyLength(256);
$rijndael->disablePadding();
$rijndael->setBlockLength(256);
$decoded = $rijndael->decrypt($term);

echo encrypt_openssl($str, $key);
function encrypt_openssl($msg, $key, $iv = null) {
$iv_size = openssl_cipher_iv_length('AES-256-CBC');
if (!$iv) {
$iv = openssl_random_pseudo_bytes($iv_size);
}
$encryptedMessage = openssl_encrypt($msg, 'AES-256-CBC', $key, OPENSSL_RAW_DATA, $iv);
return base64_encode($iv . $encryptedMessage);
}
mcrypt may be removed in PHP 7.1 alternative openssl

As mentioned above, open_ssl is a good alternative for mcrypt.
The only problem I had with open_ssl, is that it cannot be used for large strings.
I wrote a script (static class), which overcomes this problem (large strings are split up in chunks and encrypted/decrypted separately in the background).
See public gist:
https://gist.github.com/petermuller71/33616d55174d9725fc00a663d30194ba

Decryption is not working with AES 128 bit CBC in PHP

I'm trying to encrypt and decrypt a token with the AES 128 bit CBC encryption in PHP.
If I try to encrypt and decrypt a token, the result is not the original token.
Here is my code:
$decrKey = "123456789abcdefg";
$decrIV = "xyz123456789abcd";
function encryptAES($data,$key,$iv)
{
$decr= mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $key, base64_encode($data), MCRYPT_MODE_CBC, $iv);
return $decr;
}
function decryptAES($data,$key,$iv)
{
$decr= mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $key, base64_decode($data), MCRYPT_MODE_CBC, $iv);
return $decr;
}
$token = "abcdefghijk";
echo $token;
$tokenEncrypt = encryptAES($token,$decrKey,$decrIV);
echo "encrypt: ".$tokenEncrypt ;
$tokenDecrypt = decryptAES($tokenEncrypt,$decrKey,$decrIV);
echo "decrypt: ".$tokenDecrypt ;
What do i miss?

You should base 64 encode the result of the encryption method (called the ciphertext), and decode it again before decryption. You are currently base 64 encoding the plain text in the encryption function instead of the ciphertext. Encoding the plain text is not necessary. It would be however a good idea to use a well defined character-encoding for the plain text.
$encr = base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $key, $data, MCRYPT_MODE_CBC, $iv));
return $encr

mcrypt_decrypt doesn't work after encrypt

I want to decrypt an encrypted response using mcrypt_decrypt but this doesn't work, so I'm using this snippet of code for test and the response should be "This is a test":
// Encryption Algorithm
// the $shared_key and $init_vector are not real
$cipher_alg = MCRYPT_RIJNDAEL_128;
$shared_key = "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF";
$key = pack("H*", $shared_key);
$init_vector = "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF";
$iv = pack("H*", $init_vector);
echo mcrypt_decrypt($cipher_alg, $key, utf8_encode(mcrypt_encrypt(
$cipher_alg, $key, utf8_encode('This is a test'), MCRYPT_MODE_CBC, $iv)), MCRYPT_MODE_CBC, $iv);
And the response is:
æ †,?7÷q†Ý³‚¢gTô1ò‚ù’Ü”®mÀ{ëQS
What I'm doing wrong?

You are utf8 encoding the encrypted stuff. That way it is modified and can not be decrypted anymore.
echo mcrypt_decrypt($cipher_alg, $key, mcrypt_encrypt(
$cipher_alg, $key, 'This is a test'), MCRYPT_MODE_CBC, $iv), MCRYPT_MODE_CBC, $iv);