Convert framework from mcrypt to openssl

Question

I'm working on developing encrypted session handling. The examples I have been provided use mcrypt, and while I know enough to modify the examples to work for my code, I do not know enough to convert Mcrypt to Openssl.

private function encrypt($data, $key) {
    $salt = 'cH!swe!retReGu7W6bEDRup7usuDUh9THeD2CHeGE*ewr4n39=E@rAsp7c-Ph@pH';
    $key = substr(hash('sha256', $salt.$key.$salt), 0, 32);
    $iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB);
    $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
    $encrypted = base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, $data, MCRYPT_MODE_ECB, $iv));
    return $encrypted;
}
private function decrypt($data, $key) {
    $salt = 'cH!swe!retReGu7W6bEDRup7usuDUh9THeD2CHeGE*ewr4n39=E@rAsp7c-Ph@pH';
    $key = substr(hash('sha256', $salt.$key.$salt), 0, 32);
    $iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB);
    $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
    $decrypted = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, base64_decode($data), MCRYPT_MODE_ECB, $iv);
    $decrypted = rtrim($decrypted, "\0");
    return $decrypted;
}

I was wondering if someone could provide the OpenSSL equivalent for this? For the record, I am not looking to support Mcrypt so no backwards compatibility is required.

Also see [Upgrading my encryption library from Mcrypt to OpenSSL](http://stackoverflow.com/q/43329513/608639), [Replace Mcrypt with OpenSSL](http://stackoverflow.com/q/9993909/608639) and [Preparing for removal of Mcrypt in PHP 7.2](http://stackoverflow.com/q/42696657/608639) — jww, Jul 21 '17 at 20:51
@jww none of those really help as I already looked through them. They tell me the obvious which functions of each library do the actual encrypting and decrypting, but none really tell me what to change $iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB); $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND); to. I understand RIJNDAEL_256 is not in OpenSSL, but that's a non-issue. I'm creating a fresh new system so I don't need to re-encrypt anything. So any help to understand what to do here would be appreciated. — Cyberpower678, Jul 21 '17 at 21:57

score 4 · Accepted Answer · answered Jul 22 '17 at 02:10

So after doing some learning and research, I have come up with my own working openssl version which achieves similar results.

private function encrypt( $data, $key ) {
    $salt = 'cH!swe!retReGu7W6bEDRup7usuDUh9THeD2CHeGE*ewr4n39=E@rAsp7c-Ph@pH';
    $iv_size = openssl_cipher_iv_length( "AES-256-CBC-HMAC-SHA256" );
    $hash = hash( 'sha256', $salt . $key . $salt );
    $iv = substr( $hash, strlen( $hash ) - $iv_size );
    $key = substr( $hash, 0, 32 );
    $encrypted = base64_encode( openssl_encrypt( $data, "AES-256-CBC-HMAC-SHA256", $key, OPENSSL_RAW_DATA, $iv ) );

    return $encrypted;
}

private function decrypt( $data, $key ) {
    $salt = 'cH!swe!retReGu7W6bEDRup7usuDUh9THeD2CHeGE*ewr4n39=E@rAsp7c-Ph@pH';
    $iv_size = openssl_cipher_iv_length( "AES-256-CBC-HMAC-SHA256" );
    $hash = hash( 'sha256', $salt . $key . $salt );
    $iv = substr( $hash, strlen( $hash ) - $iv_size );
    $key = substr( $hash, 0, 32 );
    $decrypted = openssl_decrypt( base64_decode( $data ), "AES-256-CBC-HMAC-SHA256", $key, OPENSSL_RAW_DATA, $iv );
    $decrypted = rtrim( $decrypted, "\0" );

    return $decrypted;
}

Convert framework from mcrypt to openssl

1 Answers1