0

I've updated my existing system to PHP 7.4 and mcrypt has been removed and I'm looking for an alternative.
It's recommended to change the code using openssl, but I didn't see any articles posted in my case.
It is recommended to rewrite mcrypt_create_iv for random_bytes and mcrypt_ecb for mcrypt_encrypt, but there is no alternative to E and I can't think of that rewrite.
Do you have an idea?

Service.php

    /**
     * 3DES encryption
     *
     * @param string $plain Plaintext
     * @return string cipher Ciphertext
     */
    public function encrypt3DES($plain) {
        $iv  = mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_3DES, MCRYPT_MODE_ECB), MCRYPT_RAND);
        $cipher = bin2hex(mcrypt_ecb (MCRYPT_3DES, self::AUTH_KEY, $plain, MCRYPT_ENCRYPT, $iv));
        return $cipher;
    }

    /**
     * 3DES decryption
     *
     * @param string $cipher Ciphertext
     * @return string Plaintext
     */
    public function decrypt3DES($cipher) {
        if (!ctype_xdigit($cipher)) {
            return '';
        }

        $iv = mcrypt_create_iv (mcrypt_get_iv_size (MCRYPT_3DES, MCRYPT_MODE_ECB), MCRYPT_RAND);
        $plain = mcrypt_ecb(MCRYPT_3DES, self::AUTH_KEY, pack("H*", $cipher), MCRYPT_DECRYPT, $iv);

        return trim($plain);
    }
scottie320
  • 153
  • 1
  • 26
  • refer https://www.php.net/manual/en/function.openssl-encrypt.php – Devsi Odedra Feb 08 '21 at 09:58
  • As the **ECB-mode is UNSECURE** and **TripleDES is UNSECURE** my recommendation is to use your old system for decryption using MCRYPT and re-encrypt using OpenSSL's encryption using AES in CBC-mode or even better **GCM-mode**. Don't stay on old, deprecated and unsecure algorithm methods. – Michael Fehr Feb 08 '21 at 10:59
  • There are many posts on SO and on the web on this topic, e.g. [mcrypt is deprecated, what is the alternative?](https://stackoverflow.com/questions/41272257/mcrypt-is-deprecated-what-is-the-alternative) – Topaco Feb 08 '21 at 11:00

0 Answers0