As php has stopped support for Mcrypt from 7.2 and onwards. I do not know enough to convert Mcrypt to Openssl.
I was wondering if someone could provide the OpenSSL equivalent for this? For the record, I am not looking to support Mcrypt so I have to decrypt my mcrypt encrypted strings(passwords) via openSSL.
To Encode via mcrypt->
static function encode($value= NULL, $key= NULL){
if(!$value){
return false;
}
$text = $value;
$iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB);
$iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
$crypttext = mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, $text, MCRYPT_MODE_ECB, $iv);
return trim(self::safe_b64encode($crypttext));
}
private function safe_b64encode($string= NULL) {
$data = base64_encode($string);
$data = str_replace(array('+','/','='),array('-','_',''),$data);
return $data;
}
Updated
Unfortunately it looks like there is not a way your going to be able to do what you want. Had you used the MCRYPT_RIJNDAEL_128 mode with a 256 byte key there may have been hope.
AES-256 and MCRYPT_RIJNDAEL_256 encryption are not the same thing, even though AES is basically Rijndael. It all has to do with the block size. What you want to do just is not compatible.
Your options are this:
Use a version of PHP that still has the MCRYPT libraries available and decrypt the passwords to a file and then encrypt them with your new encryption method.
A PECL option looks available that would allow you to install a pseudo version of MCRYPT with your latest version of PHP.
For just encrypting and decrypting your passwords OpenSSL should be fine, but
OpenSSL has limitation especially when you want to encrypt large amounts of data. It requires you to write additional code to break apart your data into smaller chunks before you encrypt and then put it back together after you decrypt.
I highly recommend that you skip OpenSSL and learn the LibSodium library which is now supported on the latest PHP versions.
http://php.net/manual/en/book.sodium.php
Here is a good page to read to get you started.
https://paragonie.com/blog/2015/05/using-encryption-and-authentication-correctly
Some more Libsodium resources.
https://github.com/paragonie/pecl-libsodium-doc/blob/v1/chapters/01-quick-start.md
Good Luck~
You have so many choices when it comes to encrypting data, so that's why you should implement it yourself. I recommend you the library diffuse/php-encryption, see this link for a detailed tutorial.
Related
I am trying to come up with a secure algorithm to encrypt and decrypt specific strings in my project I am working on. I am using the mcrypt_encrypt with the MCRYPT_RIJNDAEL_256 block cipher variation.
I have tested many and found this one to seem quite secure.
I am making the encrypt and decrypt into functions so I can call upon them for multiple instances in the future of my project. So far this is what I have come up with. My question here is if there is any way to make this more secure, harder to decrypt or if there are any newer formulas/methods that are known to be better.
function encrypt($privatekey, $stringe)
{
$var = mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $privatekey, $stringe,
MCRYPT_MODE_CBC, $privatekey);
return base64_encode($var);
}
function decrypt($privatekey, $stringd)
{
$stringd = str_replace("~", "+", $stringd);
$var = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $privatekey,
base64_decode($stringd), MCRYPT_MODE_CBC, $privatekey);
$var = rtrim($var, "\0\4");
return $var;
}
I have tested many and found this one to seem quite secure.
What tests did you conduct, exactly?
Rijndael256 is a 256-bit block variant of Rijndael (for which the 128-bit block size variant is known as AES). However, when implemented in pure software (like mcrypt is implemented), it's vulnerable to cache-timing attacks.
What is the most secure mcrpyt_encrypt algorithm?
Mcrypt's implementations are not secure. That's why it was deprecated in PHP 7.1, and removed in PHP 7.2.
See this answer for safe-to-use example code backed by libsodium. For PHP 7.1 and below, you want to install the Sodium extension from PECL or install sodium_compat.
I have an application that was build on CakePHP 1.2, and stored some encrypted data. I am rebuilding the application and need to decrypt the data in the new app to update the encryption on it. The ciphers and methods used to encrypt the data in CakePHP 1.2 are not available in PHP 7.1+. Does anyone know of a way that I can decrypt the data in a PHP 7.1+ environment so that it can be encrypted with newer technologies?
Current method that encrypts/decrypts data
function _cryptData(&$data, $direction) {
$ivSize = mcrypt_get_iv_size(MCRYPT_TRIPLEDES, MCRYPT_MODE_CBC);
switch ($direction) {
case 'encrypt':
$iv = mcrypt_create_iv($ivSize, MCRYPT_RAND);
$data = base64_encode($iv) . '|' . base64_encode(mcrypt_encrypt(MCRYPT_TRIPLEDES, Configure::read('CakeMix.cryptKey'), $data, MCRYPT_MODE_CBC, $iv));
break;
case 'decrypt':
list($iv, $encoded) = explode('|', $data);
$data = mcrypt_decrypt(MCRYPT_TRIPLEDES, Configure::read('CakeMix.cryptKey'), base64_decode($encoded), MCRYPT_MODE_CBC, base64_decode($iv));
break;
}
}
The shown code in your question seems to be custom, ie non-CakePHP core code, so this seem more just PHP related.
Mcrypt is deprecated, but still available in PHP 7.1, it has only been removed as of PHP 7.2. Mcrypt can also still be used with PHP 7.2+, you'd just have to install it manually, as it's been moved to PECL, see for example Issue in installing php7.2-mcrypt. You could also use a polyfill like phpseclib/mcrypt_compat. So you should be able to continue using Mcrypt for decryption, and port the data to whatever encryption you like.
Furthermore it should generally also be possible to decrypt the data using OpenSSL, though there seem to be pitfalls around null padding, see for example Decrypt mcrypt with openssl. Here's a basic example:
$data = openssl_decrypt(
base64_decode($encoded),
'des-ede3-cbc',
Configure::read('CakeMix.cryptKey'),
OPENSSL_RAW_DATA | OPENSSL_NO_PADDING,
base64_decode($iv)
);
There's quite a lot of topics on replacing Mcrypt with OpenSSL, which you may want to have a look at for further options.
Since mcrypt was deprecated in PHP 7.1 and I have a lot of data encrypted/decrypted with mcrypt in existing project, how to migrate my PHP code from mcrypt to OpenSSL? I have the following code to encrypt:
$encoded = base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, 'salt', 'source string', MCRYPT_MODE_ECB));
And decryption code is:
$source = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, 'salt', base64_decode('encoded string'), MCRYPT_MODE_ECB);
What openssl_ functions should I use in the above examples to get the same results without encoded data conversion?
Or the only way is to run a script which will decrypt all my stored encrypted data with mcrypt and encode with openssl?
Thanks
OpenSSL doesn't have the Rijndael-256 cipher; there's no equivalent - you'll have to decrypt and re-encrypt everything.
But also:
You're missing padding and authentication.
Don't use ECB mode.
"salt" is not a proper encryption key, nor is any regular string. Use random_bytes() to generate your keys, with the proper key length for the chosen algorithm.
All of the above can be summed up like this: don't do it on your own, use a well-vetted library like defuse/php-encryption.
Cryptography is no simple thing and you can't do it properly with just 5 lines of code.
In PHP, which (decryptable) encryption algorithm is most secure one?
I mean MD5 can't be decrypted back right?
I've found full working class with mcrypt (then encoded with base64 again) which can encrypt and decrypt back.
Sample mcrypt (Encrypt):
function encrypt($value) {
if(!$value){return false;}
$text = $value;
$iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB);
$iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
$crypttext = mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $this->key, $text, MCRYPT_MODE_ECB, $iv);
return trim($this->safe_b64encode($crypttext));
}
Then encode again with base64:
function safe_b64encode($string) {
$data = base64_encode($string);
$data = str_replace(array('+','/','='),array('-','_',''),$data);
return $data;
}
(Sorry for the code just with the encrypt, without decrypt. I just giving sample.)
But I just want to know if there other more secure algorithm then using mcrypt.
You probably want MCRYPT_RIJNDAEL_256. Rijndael with blocksizes of 128, 192 and 256 bit is a generalization of AES which only supports a blocksize of 128 bit.
See: http://us.php.net/manual/en/mcrypt.ciphers.php and http://us.php.net/manual/en/book.mcrypt.php
Just to clarify: MD and SHA algorithms are HASH algorithms: they calculate a check sum of given data so you can later verify that it hasn't been altered. Think of it like this:
Your data is 592652. You want a checksum to know this hasnt been altered so, you do something like:
5+9+2+6+5+2=29
2+9=11
1+1=2
Now, when you want to check your data, you can put it through same calculation and see if you get the same result:
2
However there is no way to take that 2 and get back your original data: 592652.
Of course real calculations hash algoriths are different, this example is just a demonstration of the general idea. This is not encryption.
As for encryption, AES family of algorithms is probably most secure these days, I'd go AES-512. As others noted RIJNDAEL should be preferred. (AES and Rijndael are used exchangably, theyre almost the same thing: Rijndael is the name of the algorithm while AES is the name of the encryption standard that adops Rijndael as its method).
Base64 is not an encryption algorithm.
On PHP you can use the mcrypt extension to securely encrypt and decrypt data.
Blowfish is one of the most secure (and the default in mcrypt) algorithms supported by PHP.
See the full list of supported algorithms here.
Given that the question changed, this would be the new answer:
mcrypt is not an encryption algorithm. It's a library that provides an interface to different encryption algorithms to encrypt arbitrary data.
In a PHP context this is more or less the only decent thing you have to encrypt data.
Problem
I need to encrypt data in Javascript and decrypt it in PHP. Mcrypt seems the way to go on the PHP side, and AES seems thoroughly good enough, but I'm having trouble finding a javascript decryption algorithm that matches it. Any suggestions? I'm open to replacing any of the assumptions (mcrypt, aes, ECB, etc) if it'll help get a compatible js encryption/decryption library.
Code
The PHP looks pretty much like this:
$iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB);
$iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
$encrypted = mcrypt_encrypt( MCRYPT_RIJNDAEL_256, $key, $plaintext,
MCRYPT_MODE_ECB,$iv );
Rationale
Not that it matters, but the point here is to encrypt some credentials to an external system so that we can pass it around our server without our analytics and logging servers picking it up in the clear. It'll eventually be decrypted in the PHP just before it's sent to the external system.
I ended up using the SlowAES library, which has parallel implementations in PHP and JS:
http://kevinkuchta.com/_site/2011/08/matching-php-and-js-encryption/