问题
Since mcrypt was deprecated in PHP 7.1 and I have a lot of data encrypted/decrypted with mcrypt in existing project, how to migrate my PHP code from mcrypt to OpenSSL? I have the following code to encrypt:
$encoded = base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, 'salt', 'source string', MCRYPT_MODE_ECB));
And decryption code is:
$source = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, 'salt', base64_decode('encoded string'), MCRYPT_MODE_ECB);
What openssl_ functions should I use in the above examples to get the same results without encoded data conversion?
Or the only way is to run a script which will decrypt all my stored encrypted data with mcrypt and encode with openssl?
Thanks
回答1:
OpenSSL doesn't have the Rijndael-256 cipher; there's no equivalent - you'll have to decrypt and re-encrypt everything.
But also:
- You're missing padding and authentication.
- Don't use ECB mode.
- "salt" is not a proper encryption key, nor is any regular string. Use random_bytes() to generate your keys, with the proper key length for the chosen algorithm.
All of the above can be summed up like this: don't do it on your own, use a well-vetted library like defuse/php-encryption.
Cryptography is no simple thing and you can't do it properly with just 5 lines of code.
来源:https://stackoverflow.com/questions/42265194/how-to-decrypt-a-string-with-openssl-which-was-previously-encrypted-with-mcrypt