0

How can I decrypt content encrypted by MCRYPT_RIJNDAEL_128 ECB. Since mcrypt is deprecated and we have still encrypted date in our system we need to decrypt it in php7.4.9.

My "test-code" looks like:

<?php

$content = 'myCleanContent';
$key = 'myKey';
$encryptedContent = @mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $key, $content, MCRYPT_MODE_ECB);

try{
    $result = openssl_decrypt($encryptedContent,'aes-128-ecb',$key);
} catch(Exception $e){
    console.error($e->getMessage());
}

if($result == $content){
    echo "works 4 me";
} else {
    echo "nope";
    echo $result;
}

I also tried the option OPENSSL_RAW_DATA or aes-256-ecb but I'm not able to decrypt this data. What I'm doing wrong?

I also had a look at MCrypt rijndael-128 to OpenSSL aes-128-ecb conversion but I don't get it.

Melchior
  • 105
  • 2
  • 9
  • this "test-code" is btw runing in an older version of php where mcrypt is still runing ;-) – Melchior Oct 19 '20 at 16:06
  • 1
    _mcrypt_ and _openssl_ use different paddings: _mcrypt_ applies Zero padding, _openssl_ uses PKCS7 padding. Furthermore _openssl_ expects the data Base64 encoded. With the options `OPENSSL_RAW_DATA | OPENSSL_ZERO_PADDING` as 4th parameter in `openssl_decrypt()` the raw data is processed and PKCS7 padding is disabled. Now decryption works. However, the Zero padding must still be removed e.g. with `rtrim($result, "\0")`. Attention: ECB is insecure, Zero padding is unreliable and a 16 bytes key must be used (instead of `myKey`, which is probably just a dummy). – Topaco Oct 19 '20 at 16:29
  • 2
    This is actually a duplicate of e.g. [mcrypt\_encrypt to openssl\_encrypt, and OPENSSL\_ZERO\_PADDING problems](https://stackoverflow.com/questions/41181905/mcrypt-encrypt-to-openssl-encrypt-and-openssl-zero-padding-problems) – Topaco Oct 19 '20 at 16:58

0 Answers0