2

Please read this question before knee-jerking it as a duplicate (although if it actually is, not sure why I couldn't find it, but GREAT!!)

We have been using mcrypt with the rijndael-192 module in cfb mode for years now. We have a LOT of stuff encrypted with it.

PHP 7.2 which we HAVE to move to, no longer includes mcrypt.

Openssl AES does not support 192 block sizes(or anything other than 128). So moving forward I will be changing the symmetric encryption.

The problem I have is with the legacy data, I cannot see how to decrypt it going forward without mcrypt. There is no option of modifying the legacy data as that would be unfeasible for us.

So my question is, how do I decrypt my data that has been encrypted using rijndael with 192 block size, without mcrypt?

Thanks

jww
  • 97,681
  • 90
  • 411
  • 885
superphonic
  • 7,954
  • 6
  • 30
  • 63
  • AES-192-CFB - the 192 is the KEY length, not the block size. AES only supports 128 block size – superphonic Jan 24 '18 at 14:07
  • @LawrenceCherone `Rijndael-192 (not to be confused with AES-192)` for more info: https://wiki.php.net/rfc/mcrypt-viking-funeral – Edwin Jan 24 '18 at 14:18
  • 1
    Can't you decrypt it / re-encrypt it with PHP 7.1? – President James K. Polk Jan 24 '18 at 14:54
  • Off-topic, but ... A 192-bit block size is unusual. Why was it selected? – jww Jan 25 '18 at 01:59
  • @jww Unfortunately the choice was made by the encryption library we chose to use back in the day. – superphonic Jan 25 '18 at 09:57
  • 1
    @superphonic - Here are several similar questions, but I don't believe they will help in your case. [Can't decrypt using pgcrypto from AES-256-CBC but AES-128-CBC is OK](http://stackoverflow.com/q/43550818/608639), [MCrypt rijndael-128 to OpenSSL aes-128-ecb conversion](http://stackoverflow.com/q/45218465/608639), etc. Also see [Upgrading my encryption library from Mcrypt to OpenSSL](http://stackoverflow.com/q/43329513), [Replace Mcrypt with OpenSSL](http://stackoverflow.com/q/9993909/608639) and [Preparing for removal of Mcrypt in PHP 7.2](http://stackoverflow.com/q/42696657) – jww Jan 25 '18 at 14:36

1 Answers1

1

Thought I should report back as I hate it when questions are left hanging.

I have found no other way to decrypt a Rijndael(AES) cipher using a 192 block size within PHP, other than using the mcrypt library. I had two options:

  1. Install mcrypt in PHP 7.2 from the PHP PECL extension repository and continue using it.
  2. Decrypt my data in PHP 7.1 using the mcrypt library, and re-encrypt using openssl AES cipher with 128 block sizes.

We opted for option 2. Although it was slow and painful, moving away from mcrypt was clearly the better long term solution.

superphonic
  • 7,954
  • 6
  • 30
  • 63