I have OpenCart 1.5.6.4 with encryption.php file in system library folder.
The codes in encryption.php are :
<?php
final class Encryption {
private $key;
private $iv;
public function __construct($key) {
$this->key = hash('sha256', $key, true);
$this->iv = mcrypt_create_iv(32, MCRYPT_RAND);
}
public function encrypt($value) {
return strtr(base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $this->key, $value, MCRYPT_MODE_ECB, $this->iv)), '+/=', '-_,');
}
public function decrypt($value) {
return trim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $this->key, base64_decode(strtr($value, '-_,', '+/=')), MCRYPT_MODE_ECB, $this->iv));
}
}
?>
For migration from php 5.6 to php 7.2 , I need to replace Mcrypt Encription with OpenSSL Encription.
I have replaced mcrypt_create_iv(32, MCRYPT_RAND) with openssl_random_pseudo_bytes(32, true) , but for encrypt function and decrypt function , I do not know what parameters to use for these functions.
What changes needed in encription.php codes?
I originally wrote this to address the empty iv warning that comes up with the current encryption class for OC3:
Warning: openssl_encrypt(): Using an empty Initialization Vector (iv) is potentially insecure and not recommended
And recently backported it to work with OC1.5 for the precise reason you posted this question. Here's a complete drop in replacement for system/library/encryption.php that will work on OC1.5.6.4 and PHP7.2:
final class Encryption {
private $cipher = 'aes-256-ctr';
private $digest = 'sha256';
private $key;
public function __construct($key) {
$this->key = $key;
}
public function encrypt($value) {
$key = openssl_digest($this->key, $this->digest, true);
$iv_length = openssl_cipher_iv_length($this->cipher);
$iv = openssl_random_pseudo_bytes($iv_length);
return base64_encode($iv . openssl_encrypt($value, $this->cipher, $key, OPENSSL_RAW_DATA, $iv));
}
public function decrypt($value) {
$result = NULL;
$key = openssl_digest($this->key, $this->digest, true);
$iv_length = openssl_cipher_iv_length($this->cipher);
$value = base64_decode($value);
$iv = substr($value, 0, $iv_length);
$value = substr($value, $iv_length);
if (strlen($iv) == $iv_length) {
$result = openssl_decrypt($value, $this->cipher, $key, OPENSSL_RAW_DATA, $iv);
}
return $result;
}
}
Related
I have old PHP project where used mcrypt_encrypt
But this function doesn't work in new PHP.
I try to convert it to php7+, use openssl_encrypt, but I got no same result, what I do wrong?
Maybe do you know other way to get same result?
mcrypt_encrypt function:
public static function cryptToCode($data)
{
$iv_size = #mcrypt_get_iv_size(MCRYPT_CAST_128, MCRYPT_MODE_ECB);
$iv = #mcrypt_create_iv($iv_size, MCRYPT_DEV_URANDOM );
$code = #mcrypt_encrypt(MCRYPT_CAST_128, self::KEY_TRANSLATE_ID, $data, MCRYPT_MODE_ECB, $iv);
$code = bin2hex($code);
return $code;
}
openssl_encrypt function:
public static function cryptToCodeSSL($data, $key = self::KEY_TRANSLATE_ID, $method = "cast-128-ecb") //"cast-128-ecb"
{
$iv_size = openssl_cipher_iv_length($method);
$iv = openssl_random_pseudo_bytes($iv_size);
$code = openssl_encrypt($data, $method, $key, OPENSSL_RAW_DATA, $iv);
$code = bin2hex($code);
return $code;
}
Done:
I found library http://www.gilfether.com/phpcrypt/
I got same result.
The mcrypt module is deprecated in PHP 7.1, so I have to refactor my old encrypt / decrypt functions with the openssl functions. Actually I found no way doing this.
My major problem is: The script still must be able to decrypt existing crypted data. I have no chance to decrypt with my function und re-crypt the data with a new function again!
Here's my existing code:
function _encrypt($cleartext, $key = "th1s1sav3rys3cr3tk3y") {
if ($cleartext) {
$td = mcrypt_module_open(MCRYPT_TripleDES, "", MCRYPT_MODE_ECB, "");
$iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($td), MCRYPT_RAND);
mcrypt_generic_init($td, $key, $iv);
$encrypted_data_raw = mcrypt_generic($td, $cleartext);
$encrypted_data = bin2hex($encrypted_data_raw);
mcrypt_generic_deinit($td);
return $encrypted_data;
} else {
return false;
}
}
function _decrypt($crypttext, $key = "th1s1sav3rys3cr3tk3y") {
if ($crypttext) {
$td = mcrypt_module_open(MCRYPT_TripleDES, "", MCRYPT_MODE_ECB, "");
$iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($td), MCRYPT_RAND);
mcrypt_generic_init($td, $key, $iv);
$decrypted_data = trim(mcrypt_decrypt(MCRYPT_TripleDES, $key, hex2bin($crypttext), MCRYPT_MODE_ECB, $iv));
mcrypt_generic_deinit($td);
return $decrypted_data;
} else {
return false;
}
}
UPDATE:
This is the way I tried so solve it - to get the same $iv i took simply the same code as in the old function and try to implement it in the way described here: php: mcrypt_encrypt to openssl_encrypt, and OPENSSL_ZERO_PADDING problems
function _encrypt2($cleartext, $key = "th1s1sav3rys3cr3tk3y") {
$td = mcrypt_module_open(MCRYPT_TripleDES, "", MCRYPT_MODE_ECB, "");
$iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($td), MCRYPT_RAND);
$message_padded = $cleartext;
if (strlen($message_padded) % 8) {
$message_padded = str_pad($message_padded,
strlen($message_padded) + 8 - strlen($message_padded) % 8, "\0");
}
$encrypted_openssl = openssl_encrypt($message_padded, "DES-EDE3-CBC", $key, OPENSSL_RAW_DATA | OPENSSL_NO_PADDING, $iv);
return bin2hex($encrypted_openssl);
}
I hope you can give me good hints.
Finally I got the solution - thank you all for your help and support by pushing me into the right direction and asking the right questions. The main thing I missed was ECB-Mode (I took CBC...). So all the stuff with the $iv wasn't really needed.
To complete the answer here my new functions:
function _encrypt_openssl($cleartext, $key = "th1s1sav3rys3cr3tk3y") {
if ($m = strlen($cleartext) %8) {
$cleartext .= str_repeat("\0", 8-$m);
}
$encrypted_openssl = openssl_encrypt($cleartext , "DES-EDE3-ECB", $key, OPENSSL_RAW_DATA | OPENSSL_NO_PADDING, null);
return bin2hex($encrypted_openssl);
}
function _decrypt_openssl($crypttext, $key = "th1s1sav3rys3cr3tk3y") {
return openssl_decrypt(hex2bin($crypttext), 'DES-EDE3-ECB', $key, OPENSSL_RAW_DATA | OPENSSL_NO_PADDING, null);
}
<?php
class Encryption {
var $skey = "1234561234561234"; // you can change it
public function safe_b64encode($string) {
$data = base64_encode($string);
$data = str_replace(array('+','/','='),array('-','_',''),$data);
return $data;
}
public function safe_b64decode($string) {
$data = str_replace(array('-','_'),array('+','/'),$string);
$mod4 = strlen($data) % 4;
if ($mod4) {
$data .= substr('====', $mod4);
}
return base64_decode($data);
}
public function encode($value){
if(!$value){return false;}
$text = $value;
$iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB);
$iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
$crypttext = mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $this->skey, $text, MCRYPT_MODE_ECB, $iv);
return trim($this->safe_b64encode($crypttext));
}
public function decode($value){
if(!$value){return false;}
$crypttext = $this->safe_b64decode($value);
$iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB);
$iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
$decrypttext = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $this->skey, $crypttext, MCRYPT_MODE_ECB, $iv);
return trim($decrypttext);
}
}
It's my encryption.php file. I tried to solve this error and research lots of time but i could not find proper answer. I am newer in PHP.
Error :
A PHP Error was encountered
Severity: 8192
Message: Function mcrypt_create_iv() is deprecated
Filename: libraries/Encryption.php
Line Number: 27
The manual http://php.net/manual/en/function.mcrypt-create-iv.php states:
Warning
This function was DEPRECATED in PHP 7.1.0, and REMOVED in PHP 7.2.0.
Alternatives to this function include:
random_bytes()
There is an alternate solution if you don't want to use random_bytes(), and it is shown here:
PHP 7 - mcrypt deprecated, need alternative
Here are my encrypt and decrypt functions
public function encrypt($text){
$key = hash("md5", KEY);
$iv = mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_TWOFISH, MCRYPT_MODE_CBC), MCRYPT_RAND);
$result = base64_encode(mcrypt_encrypt(MCRYPT_TWOFISH, $key, $text, MCRYPT_MODE_CBC, $iv));
return $result;
}
public function decrypt($text){
$key = hash("md5", KEY);
$iv = mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_TWOFISH, MCRYPT_MODE_CBC), MCRYPT_RAND);
$result = trim(mcrypt_decrypt(MCRYPT_TWOFISH, $key, base64_decode($text), MCRYPT_MODE_CBC, $iv));
return $result;
}
When encryption is run on a JSON string to be stored as a text file and then retrieved and decrypted the front section of the resulting string has replacement and/or incorrect characters:
Expected:
{"players":[{"label":"...
Actual:
�Ӹ�!G#${�W�Rՙ�bel":"...
If it makes any difference the actual placement/incorrect chars are different each time I refresh the page on the same file.
In case anyone comes across this...
The IV needs to be prepended to the file before encoding, like so:
public function encrypt($text){
$key = hash("md5", KEY);
$iv = mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_TWOFISH, MCRYPT_MODE_CBC), MCRYPT_DEV_URANDOM);
$result = base64_encode($iv.mcrypt_encrypt(MCRYPT_TWOFISH, $key, $text, MCRYPT_MODE_CBC, $iv));
return $result;
}
Then when decrypting take the IV from the decoded string and use it to decrypt, like so:
public function decrypt($text){
$key = hash("md5", KEY);
$decode = base64_decode($text);
$iv = substr($decode, 0, 16);
$decrypt = substr($decode, 16);
$result = mcrypt_decrypt(MCRYPT_TWOFISH, $key, $decrypt, MCRYPT_MODE_CBC, $iv);
return $result;
}
I am trying to mcrypt some data using a class I created (methods below). This is how you mcrypt data then using pack, then you can use unpack to get the data back.
$packed = $server->cache->pack("packed", array(123,123,123), "Password");
if(!$packed){
echo "Could not encrypt data\n";
}
$server->cache->unpack("packed", "Password");
when I pack it, I do a var_dump on the json_encode() data, and get this:
string(13) "[123,123,123]"
When I unpack it, I do a var_dump on the mcrypt_decode() string, and get this:
string(32) "[123,123,123]"
Why are the lengths different? When I do a json_decode() on the mcrypt_decode() string, I get null back, and this is the reason. If I trim the data it works, but I shouldn't have to trim it.
Here are the methods:
<?php
public function put($key, $value, $life = 0)
{
$this->cache[$key] = $value;
$life = (int)$life;
if($life > 0)
{
$life = strtotime("now + $life seconds");
}
$this->life[$key] = $life;
}
public function get($key)
{
return $this->cache[$key];
}
public function pack($key, $value, $secret, $life = 0)
{
if(!function_exists("mcrypt_encrypt"))
{
$this->put($key, $value, $life);
return false;
}
$iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB);
$iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
$value = json_encode($value);
var_dump($value);
$cryptdata = mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $secret, $value, MCRYPT_MODE_ECB, $iv);
$this->put($key, $cryptdata, $life);
return true;
}
public function unpack($key, $secret)
{
if(!function_exists("mcrypt_decrypt"))
{
return json_decode($this->get($key), true);
}
$cryptdata = $this->get($key);
$iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB);
$iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
$data = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $secret, $cryptdata, MCRYPT_MODE_ECB, $iv);
//$data = json_decode($data, true);
var_dump($data);
}
When using a block cipher mode like ECB (you shouldn't be using that one btw), MCrypt will NUL-pad the data, so that its length is dividable by the encryption algorithm's block size.
If you must know, for Rijndael-256 the block size is 256 bits or 32 bytes.
Considering that you're encrypting JSON data, you can just rtrim() the data and not worry about it. There's no way around that unless you switch to a counter mode like CTR.