2

To replace mcrypt with openssl I have the following task:

The actual code for encryption and decryption is something like 

$iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC);
$iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
$ciphertext = mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $key,$plaintext, MCRYPT_MODE_CBC, $iv);

and 

$result_decrypt  = mcrypt_decrypt(
            'rijndael-128',
            $key,
            $ciphertext,
            'cbc',
            $iv
        );

Works fine, all things are good. Now I want to decrypt the $ciphertext with openssl, I look at MCrypt rijndael-128 to OpenSSL aes-128-ecb conversion and try

function decrypt_openssl_rijndael($value, $unserialize = true, $salt)
    {

        if (!extension_loaded('openssl')) {
            throw new \RuntimeException(
                'SSL extension is not available.'
            );
        }

        $decrypted = openssl_decrypt($value, 'aes-128-ecb', $salt, OPENSSL_RAW_DATA );

        if ($unserialize) {
            return unserialize($decrypted);
        } else {
            return $decrypted;
        }
    }

I test several options, but I got no properly decrypted string. I suppose I just missed one little thing, so if someone has an idea?

Regards Thomas

jerry
  • 59
  • 1
  • 7
Bueck0815
  • 193
  • 8
  • Here's something interesting. Use `aes-256-ecb` instead of the 128 one. Blocks sizes are a thing. – Andrei Nov 15 '18 at 10:39
  • 1
    NNNNNOOOOOO!!!!!!!!! Longer keys are harder to break by brute force, but AES128 already requires the energy and computing resources that not even SciFi can imagine to brute force. OTOH, there other ways to break cryptography. And in the case of AES, longer blocks / keys are *more* vulnerable than shorter ones to the attacks currently known: https://www.schneier.com/blog/archives/2009/07/another_new_aes.html – symcbean Nov 15 '18 at 13:05
  • Hi https://stackoverflow.com/users/4729332/andrei i have testet this option, but without success. – Bueck0815 Nov 15 '18 at 13:10

1 Answers1

1

This should be a comment - but its a bit long.

You are dealing with a very specific issue - in order to solve some greater problem. Normally questions which are as specific as this are welcomed on StackOverflow, however a consequence of this is that the approach often conceals better ways to address the greater problem. This looks like one of those.

Firstly, OpenSSL applies some transformations to the supplied key for encrypt and decrypt operations to make it harder to break the encryption. This is quite common with encryption tools. It is possible that mcrypt does (did) similar, although I suspect it probably doesn't. So you could be using the same key and the same algorithm but get different results. The post you linked to says it works with 256bit blocks. I am dubious, and you seem to have found the same.

You wouldn't want to decrypt data unless it had been encrypted. Where and how it is being encrypted was presumably compatible with mcrypt. A really important question you need to ask is whether your post-mcrypt implementation also needs to compatible with the encryptor / if the ciphertext can be migrated / if the encryptor can be changed.

symcbean
  • 47,736
  • 6
  • 59
  • 94