0

I have an encrypted value, which I know has been encrypted via the following obsolete php function:

$encrypt = mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $key, trim($encryptedValue), MCRYPT_MODE_CBC, $iv);

I'm trying to decrypt this value using openssl_decrypt with this function :

$decryptedValue = openssl_decrypt("QTu07uBvWSJHmN7gqGIaJg==", 'aes-256-cbc', $key, $options = 0, $iv);

I know that the encryptedValue should return the value '1000' but the function don't work (return false)

What I did wrong ? Is the AES mode incorrect or something like that ?

I also tried this :

$encryptedValue = "QTu07uBvWSJHmN7gqGIaJg=="; // = "1000"

if (strlen($encryptedValue) % 8) { 
   $encryptedValue = str_pad($encryptedValue, strlen($encryptedValue) + 8 - strlen($encryptedValue) % 8, "\0"); 
}

$decryptedValue = openssl_decrypt($encryptedValue, 'aes-256-cbc', $key, $options = 0, $iv);

dd($decryptedValue);

But this function still return false with the dump.

yivi
  • 42,438
  • 18
  • 116
  • 138
JamesStandbridge
  • 41
  • 5
  • i tried, still returning false after dump, im posting the code – JamesStandbridge Nov 23 '20 at 13:59
  • I tried $options = OPENSSL_RAW_DATA | OPENSSL_NO_PADDING and only OPENSSL_RAW_DATA | OPENSSL_NO_PADDING. This is still returning false. For information, there is no code highlight for OPENSSL_RAW_DATA | OPENSSL_NO_PADDING, like there is for MCRYPT_RIJNDAEL_128, so i guess symfony don't recognise this ? – JamesStandbridge Nov 23 '20 at 14:06
  • On this topic you can find countless posts on SO, e.g. [mcrypt is deprecated, what is the alternative?](https://stackoverflow.com/questions/41272257/mcrypt-is-deprecated-what-is-the-alternative). Both methods use different paddings. – Topaco Nov 23 '20 at 14:45
  • Thanks, i check this – JamesStandbridge Nov 23 '20 at 17:47

1 Answers1

0

I hope you've found a better solution in the months past, as this seems outdated, but for the sake of answering the question:

The correct cipher to use with OpenSSL depends on the keysize from your original code using mcrypt. Both AES-128 and AES-256 are variants of Rijndael-128, they just differ in key size. If you have a 128-bit (16-byte) key, then you have AES-128; if it's larger than that (and ideally exactly 256 bits), then you have AES-256.

Then, seeing that your cipherText is Base64-encoded, you need to either base64_decode() it before passing to openssl_decrypt() OR don't use OPENSSL_RAW_DATA - the only thing this flag does is to tell the function to not perform Base64 decoding itself.

And finally, yes, mcrypt will apply zero-padding, but that extra step you tried is just unnecessarily adding it again, just use OPENSSL_ZERO_PADDING while decrypting. So, you end up with something like this:

$cipher    = (mb_strlen($key, '8bit') <= 8) ? 'aes-128-cbc' : 'aes-256-cbc';
$plainText = openssl_decrypt($encryptedValue, $cipher, $key, OPENSSL_ZERO_PADDING, $iv);

There are other possible variables, like the key also being encoded or not, the IV being prepended or appended to the cipherText already, etc, but with the information that you provided, this should be all you need to recover the data.

Narf
  • 14,600
  • 3
  • 37
  • 66
  • Thank you for the answer. I am currently using the following line:. The project is not yet in production or tested, I'll see if I need to use your method instead. openssl_decrypt($encryptedValue, 'aes-256-cbc', $key, $options = 0, $iv) – JamesStandbridge Aug 18 '21 at 13:02