mcrypt_encrypt zero-pads input data if it’s not a multiple of the blocksize. This leads to ambiguous results if the data itself has trailing zeroes. Apparently OpenSSL doesn’t allow you to use zero padding in this case, which explains the false return value. You can circumvent this by adding the padding manually. $message = “Lorem ipsum”; … Read more
The problem is that in the CryptoJS code a password is used to derive the key and the IV to be used for AES encryption, but mcrypt only uses the key to encrypt/decrypt. This information needs to be passed to php. Since you don’t want to transmit the password, you have to derive the key … Read more
Blowfish is the block cipher. It requires the data to be padded before encryption. OpenSSL uses PKCS#7 and mcrypt uses PKCS#5. Different padding algorythms for data. Minimal PKCS#5 padding length is 0, for PKCS#7 it’s 1 (wikipedia). Take a look at this example (i’ve manually padded input data for mcrypt_encrypt() in PKCS#7 style): <?php $key … Read more
Since mcrypt is abandonware and no longer recommended to be used, here’s an example using openssl. class AES256Encryption { public const BLOCK_SIZE = 8; public const IV_LENGTH = 16; public const CIPHER = ‘AES256’; public static function generateIv(bool $allowLessSecure = false): string { $success = false; $random = openssl_random_pseudo_bytes(openssl_cipher_iv_length(static::CIPHER)); if (!$success) { if (function_exists(‘sodium_randombytes_random16’)) { … Read more
You can’t convert it, because Rijndael-256 is not AES-256, and the OpenSSL extension doesn’t ship with Rijndael-256 support. AES-256 is Rijndael-128 with a 256-bit (32-byte) key. Unfortunately, you’ll have to re-encrypt all of your data. Edit: Also, the scheme you’re currently using has some problems: It lacks authentication (HMACs are the easiest way to do … Read more
This code for your decryption routine works for me: public function decrypt($data, $key) { $salt = substr($data, 0, 128); $enc = substr($data, 128, -64); $mac = substr($data, -64); list ($cipherKey, $macKey, $iv) = $this->getKeys($salt, $key); if ($mac !== hash_hmac(‘sha512’, $enc, $macKey, true)) { return false; } $dec = openssl_decrypt($enc, $this->cipher, $cipherKey, OPENSSL_RAW_DATA, $iv); return $dec; … Read more
Let’s see. PKCS #7 is described in RFC 5652 (Cryptographic Message Syntax). The padding scheme itself is given in section 6.3. Content-encryption Process. It essentially says: append that many bytes as needed to fill the given block size (but at least one), and each of them should have the padding length as value. Thus, looking … Read more
Do you have MAMP installed? Use which php in the terminal to see which version of PHP you are using. If it’s not the PHP version from MAMP, you should edit or add .bash_profile in the user’s home directory, that is : cd ~ In .bash_profile, add following line: export PATH=/Applications/MAMP/bin/php/php5.4.10/bin:$PATH Edited: First you should … Read more
It’s best practice to hash passwords so they are not decryptable. This makes things slightly more difficult for attackers that may have gained access to your database or files. If you must encrypt your data and have it decryptable, a guide to secure encryption/decryption is available at https://paragonie.com/white-paper/2015-secure-php-data-encryption. To summarize that link: Use Libsodium – … Read more
You should not encrypt passwords, instead you should hash them using an algorithm like bcrypt. This answer explains how to properly implement password hashing in PHP. Still, here is how you would encrypt/decrypt: $key = ‘password to (en/de)crypt’; $string = ‘ string to be encrypted ‘; // note the spaces To Encrypt: $iv = mcrypt_create_iv( … Read more