Skip to content
Advertisement

How to get complete decryption when using phpseclib (php 7) to replace deprecated MCRYPT_RIJNDAEL (php 5)?

I have to upgrade a script from php 5.6 to 7.4, but I need to decrypt data previosly encrypted with MCRYPT_RIJNDAEL_256 (deprecated). I try to use phpseclib – Github (based on this SO answer), but I’m getting an incomplete result (strange chars). How can I get the correct decrtypted data?

For example:

JavaScript

PHP 5.6 encryption:

JavaScript

PHP 5.6 decryption => OK:

JavaScript

PHP 7.4 decryption with phpseclib:

JavaScript

Basically, the first part of the data seems corrupted. But the rest of the data is ok. How can I decrypt the entire data correctly?

EDIT: As pointed out by @Michael Fehr , in the original mcrypt_encrypt version an IV was set (i.e. the last parameter: md5(md5($key)) ), that had to be added in the decryption. Thus, I added this line:

JavaScript

and now the entire data is decrypted correctly.

Advertisement

Answer

In your PHP 5.6 encryption you code:

JavaScript

where the last md5(md5($key)) is for the initialization vector.

I’m missing the setting of the IV in your (new) PHP 7.4 decryption method – as you are using AES in the mode CBC and that requires an IV.

As you found by yourself you should add the line

JavaScript

to get your decryption working.

User contributions licensed under: CC BY-SA
1 People found this is helpful
Advertisement