<?php
class Encryption {
var $skey = "1234561234561234"; // you can change it
public function safe_b64encode($string) {
$data = base64_encode($string);
$data = str_replace(array('+','/','='),array('-','_',''),$data);
return $data;
}
public function safe_b64decode($string) {
$data = str_replace(array('-','_'),array('+','/'),$string);
$mod4 = strlen($data) % 4;
if ($mod4) {
$data .= substr('====', $mod4);
}
return base64_decode($data);
}
public function encode($value){
if(!$value){return false;}
$text = $value;
$iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB);
$iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
$crypttext = mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $this->skey, $text, MCRYPT_MODE_ECB, $iv);
return trim($this->safe_b64encode($crypttext));
}
public function decode($value){
if(!$value){return false;}
$crypttext = $this->safe_b64decode($value);
$iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB);
$iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
$decrypttext = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $this->skey, $crypttext, MCRYPT_MODE_ECB, $iv);
return trim($decrypttext);
}
}
It's my encryption.php file. I tried to solve this error and research lots of time but i could not find proper answer. I am newer in PHP.
Error :
A PHP Error was encountered
Severity: 8192
Message: Function mcrypt_create_iv() is deprecated
Filename: libraries/Encryption.php
Line Number: 27
The manual http://php.net/manual/en/function.mcrypt-create-iv.php states:
Warning
This function was DEPRECATED in PHP 7.1.0, and REMOVED in PHP 7.2.0.
Alternatives to this function include:
random_bytes()
There is an alternate solution if you don't want to use random_bytes(), and it is shown here:
PHP 7 - mcrypt deprecated, need alternative
Related
I have old PHP project where used mcrypt_encrypt
But this function doesn't work in new PHP.
I try to convert it to php7+, use openssl_encrypt, but I got no same result, what I do wrong?
Maybe do you know other way to get same result?
mcrypt_encrypt function:
public static function cryptToCode($data)
{
$iv_size = #mcrypt_get_iv_size(MCRYPT_CAST_128, MCRYPT_MODE_ECB);
$iv = #mcrypt_create_iv($iv_size, MCRYPT_DEV_URANDOM );
$code = #mcrypt_encrypt(MCRYPT_CAST_128, self::KEY_TRANSLATE_ID, $data, MCRYPT_MODE_ECB, $iv);
$code = bin2hex($code);
return $code;
}
openssl_encrypt function:
public static function cryptToCodeSSL($data, $key = self::KEY_TRANSLATE_ID, $method = "cast-128-ecb") //"cast-128-ecb"
{
$iv_size = openssl_cipher_iv_length($method);
$iv = openssl_random_pseudo_bytes($iv_size);
$code = openssl_encrypt($data, $method, $key, OPENSSL_RAW_DATA, $iv);
$code = bin2hex($code);
return $code;
}
Done:
I found library http://www.gilfether.com/phpcrypt/
I got same result.
I have OpenCart 1.5.6.4 with encryption.php file in system library folder.
The codes in encryption.php are :
<?php
final class Encryption {
private $key;
private $iv;
public function __construct($key) {
$this->key = hash('sha256', $key, true);
$this->iv = mcrypt_create_iv(32, MCRYPT_RAND);
}
public function encrypt($value) {
return strtr(base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $this->key, $value, MCRYPT_MODE_ECB, $this->iv)), '+/=', '-_,');
}
public function decrypt($value) {
return trim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $this->key, base64_decode(strtr($value, '-_,', '+/=')), MCRYPT_MODE_ECB, $this->iv));
}
}
?>
For migration from php 5.6 to php 7.2 , I need to replace Mcrypt Encription with OpenSSL Encription.
I have replaced mcrypt_create_iv(32, MCRYPT_RAND) with openssl_random_pseudo_bytes(32, true) , but for encrypt function and decrypt function , I do not know what parameters to use for these functions.
What changes needed in encription.php codes?
I originally wrote this to address the empty iv warning that comes up with the current encryption class for OC3:
Warning: openssl_encrypt(): Using an empty Initialization Vector (iv) is potentially insecure and not recommended
And recently backported it to work with OC1.5 for the precise reason you posted this question. Here's a complete drop in replacement for system/library/encryption.php that will work on OC1.5.6.4 and PHP7.2:
final class Encryption {
private $cipher = 'aes-256-ctr';
private $digest = 'sha256';
private $key;
public function __construct($key) {
$this->key = $key;
}
public function encrypt($value) {
$key = openssl_digest($this->key, $this->digest, true);
$iv_length = openssl_cipher_iv_length($this->cipher);
$iv = openssl_random_pseudo_bytes($iv_length);
return base64_encode($iv . openssl_encrypt($value, $this->cipher, $key, OPENSSL_RAW_DATA, $iv));
}
public function decrypt($value) {
$result = NULL;
$key = openssl_digest($this->key, $this->digest, true);
$iv_length = openssl_cipher_iv_length($this->cipher);
$value = base64_decode($value);
$iv = substr($value, 0, $iv_length);
$value = substr($value, $iv_length);
if (strlen($iv) == $iv_length) {
$result = openssl_decrypt($value, $this->cipher, $key, OPENSSL_RAW_DATA, $iv);
}
return $result;
}
}
The mcrypt module is deprecated in PHP 7.1, so I have to refactor my old encrypt / decrypt functions with the openssl functions. Actually I found no way doing this.
My major problem is: The script still must be able to decrypt existing crypted data. I have no chance to decrypt with my function und re-crypt the data with a new function again!
Here's my existing code:
function _encrypt($cleartext, $key = "th1s1sav3rys3cr3tk3y") {
if ($cleartext) {
$td = mcrypt_module_open(MCRYPT_TripleDES, "", MCRYPT_MODE_ECB, "");
$iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($td), MCRYPT_RAND);
mcrypt_generic_init($td, $key, $iv);
$encrypted_data_raw = mcrypt_generic($td, $cleartext);
$encrypted_data = bin2hex($encrypted_data_raw);
mcrypt_generic_deinit($td);
return $encrypted_data;
} else {
return false;
}
}
function _decrypt($crypttext, $key = "th1s1sav3rys3cr3tk3y") {
if ($crypttext) {
$td = mcrypt_module_open(MCRYPT_TripleDES, "", MCRYPT_MODE_ECB, "");
$iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($td), MCRYPT_RAND);
mcrypt_generic_init($td, $key, $iv);
$decrypted_data = trim(mcrypt_decrypt(MCRYPT_TripleDES, $key, hex2bin($crypttext), MCRYPT_MODE_ECB, $iv));
mcrypt_generic_deinit($td);
return $decrypted_data;
} else {
return false;
}
}
UPDATE:
This is the way I tried so solve it - to get the same $iv i took simply the same code as in the old function and try to implement it in the way described here: php: mcrypt_encrypt to openssl_encrypt, and OPENSSL_ZERO_PADDING problems
function _encrypt2($cleartext, $key = "th1s1sav3rys3cr3tk3y") {
$td = mcrypt_module_open(MCRYPT_TripleDES, "", MCRYPT_MODE_ECB, "");
$iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($td), MCRYPT_RAND);
$message_padded = $cleartext;
if (strlen($message_padded) % 8) {
$message_padded = str_pad($message_padded,
strlen($message_padded) + 8 - strlen($message_padded) % 8, "\0");
}
$encrypted_openssl = openssl_encrypt($message_padded, "DES-EDE3-CBC", $key, OPENSSL_RAW_DATA | OPENSSL_NO_PADDING, $iv);
return bin2hex($encrypted_openssl);
}
I hope you can give me good hints.
Finally I got the solution - thank you all for your help and support by pushing me into the right direction and asking the right questions. The main thing I missed was ECB-Mode (I took CBC...). So all the stuff with the $iv wasn't really needed.
To complete the answer here my new functions:
function _encrypt_openssl($cleartext, $key = "th1s1sav3rys3cr3tk3y") {
if ($m = strlen($cleartext) %8) {
$cleartext .= str_repeat("\0", 8-$m);
}
$encrypted_openssl = openssl_encrypt($cleartext , "DES-EDE3-ECB", $key, OPENSSL_RAW_DATA | OPENSSL_NO_PADDING, null);
return bin2hex($encrypted_openssl);
}
function _decrypt_openssl($crypttext, $key = "th1s1sav3rys3cr3tk3y") {
return openssl_decrypt(hex2bin($crypttext), 'DES-EDE3-ECB', $key, OPENSSL_RAW_DATA | OPENSSL_NO_PADDING, null);
}
I found a tutorial online on how to encrypt strings in php but when I call the function and try echo the processed data I'm getting 500 internal error. Here is my code below.
<?php
$iv_to_pass_to_decryption = 'mysecretpass';
function encrypt($text, $key)
{
$iv = mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_CBC), MCRYPT_RAND);
$iv_to_pass_to_decryption = base64_encode($iv);
return base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, $text, MCRYPT_MODE_CBC, $iv);
}
function decrypt($text, $key, $iv)
{
$text = base64_decode($text);
$iv = base64_decode($iv);
return mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, $text, MCRYPT_MODE_CBC, $iv);
}
$txt = "hello";
$mykey = "mysecretkey";
$somedata = encrypt($txt, $mykey);
echo $somedata;
?>
The first problem is, you missed a ) in line 8.
The second problem is mcrypt_decrypt()function is deprecated.
The third problem is mcrypt_encrypt(): Key of size 11 not supported by this algorithm. Only keys of sizes 16, 24 or 32 supported. The 'mysecretkey' key is wrong.
I can recommend use the crypt() function: http://php.net/manual/en/function.crypt.php
When validating passwords, a string comparison function that isn't
vulnerable to timing attacks should be used to compare the output of
crypt() to the previously known hash. PHP 5.6 onwards provides
hash_equals() for this purpose.
use below code hope it will help you
$iv_to_pass_to_decryption = 'mysecretpass';
function encrypt($text, $key)
{
$iv = mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_CBC), MCRYPT_RAND);
$iv_to_pass_to_decryption = base64_encode($iv);
return base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, $text, MCRYPT_MODE_CBC, $iv));
}
function decrypt($text, $key, $iv)
{
$text = base64_decode($text);
$iv = base64_decode($iv);
return mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, $text, MCRYPT_MODE_CBC, $iv);
}
$txt = "hello";
$mykey = "mysecretkey12345";
$somedata = encrypt($txt, $mykey);
echo $somedata;
I am trying to mcrypt some data using a class I created (methods below). This is how you mcrypt data then using pack, then you can use unpack to get the data back.
$packed = $server->cache->pack("packed", array(123,123,123), "Password");
if(!$packed){
echo "Could not encrypt data\n";
}
$server->cache->unpack("packed", "Password");
when I pack it, I do a var_dump on the json_encode() data, and get this:
string(13) "[123,123,123]"
When I unpack it, I do a var_dump on the mcrypt_decode() string, and get this:
string(32) "[123,123,123]"
Why are the lengths different? When I do a json_decode() on the mcrypt_decode() string, I get null back, and this is the reason. If I trim the data it works, but I shouldn't have to trim it.
Here are the methods:
<?php
public function put($key, $value, $life = 0)
{
$this->cache[$key] = $value;
$life = (int)$life;
if($life > 0)
{
$life = strtotime("now + $life seconds");
}
$this->life[$key] = $life;
}
public function get($key)
{
return $this->cache[$key];
}
public function pack($key, $value, $secret, $life = 0)
{
if(!function_exists("mcrypt_encrypt"))
{
$this->put($key, $value, $life);
return false;
}
$iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB);
$iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
$value = json_encode($value);
var_dump($value);
$cryptdata = mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $secret, $value, MCRYPT_MODE_ECB, $iv);
$this->put($key, $cryptdata, $life);
return true;
}
public function unpack($key, $secret)
{
if(!function_exists("mcrypt_decrypt"))
{
return json_decode($this->get($key), true);
}
$cryptdata = $this->get($key);
$iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB);
$iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
$data = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $secret, $cryptdata, MCRYPT_MODE_ECB, $iv);
//$data = json_decode($data, true);
var_dump($data);
}
When using a block cipher mode like ECB (you shouldn't be using that one btw), MCrypt will NUL-pad the data, so that its length is dividable by the encryption algorithm's block size.
If you must know, for Rijndael-256 the block size is 256 bits or 32 bytes.
Considering that you're encrypting JSON data, you can just rtrim() the data and not worry about it. There's no way around that unless you switch to a counter mode like CTR.