How to decrypt a string with OpenSSL which was pre

2020-03-24 02:25发布

Since mcrypt was deprecated in PHP 7.1 and I have a lot of data encrypted/decrypted with mcrypt in existing project, how to migrate my PHP code from mcrypt to OpenSSL? I have the following code to encrypt:

$encoded = base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, 'salt', 'source string', MCRYPT_MODE_ECB));

And decryption code is:

$source = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, 'salt', base64_decode('encoded string'), MCRYPT_MODE_ECB);

What openssl_ functions should I use in the above examples to get the same results without encoded data conversion?

Or the only way is to run a script which will decrypt all my stored encrypted data with mcrypt and encode with openssl?

Thanks

1条回答
欢心
2楼-- · 2020-03-24 03:27

OpenSSL doesn't have the Rijndael-256 cipher; there's no equivalent - you'll have to decrypt and re-encrypt everything.

But also:

  • You're missing padding and authentication.
  • Don't use ECB mode.
  • "salt" is not a proper encryption key, nor is any regular string. Use random_bytes() to generate your keys, with the proper key length for the chosen algorithm.

All of the above can be summed up like this: don't do it on your own, use a well-vetted library like defuse/php-encryption.

Cryptography is no simple thing and you can't do it properly with just 5 lines of code.

查看更多
登录 后发表回答