19

mcrypt_decrypt(): Key of size 15 not supported by this algorithm. Only keys of sizes 16, 24 or 32 supported

How Can I fix this issue? my key is set - can not change it. It has to be a local change, I think my local PHP version is too advanced for the project I loaded. How can I fix this?

Hanky Panky
  • 46,730
  • 8
  • 72
  • 95
Asaf Maoz
  • 675
  • 3
  • 6
  • 23
  • You have not given us enough information. Are you using the correct cipher to decrypt the string (the cipher it was encrypted with)? Different ciphers support different key sizes. http://php.net/manual/en/function.mcrypt-decrypt.php – Michael Berkowski Dec 02 '14 at 16:40
  • the project files work on other machines, so the ciphers are good- further more - before re installing my xampp everything worked – Asaf Maoz Dec 02 '14 at 16:42
  • note to others: if you are creating a sufficient int via `$key = 0x12345679ABCDEF`, the value being passed in is the 12-19 digit (decimal) string as an array of characters `-1234567`, not the 32-bit binary value. (it converts int to strings via the standard methods). The key must be defined as a string (aka: array/buffer) via "\xab\xcd\xef\x01\x02". But you don't realize this is broken until you update to version 5.6. You have actually been passing a short digit string which gets null padded – ppostma1 Nov 07 '16 at 18:38
  • It is best not to use PHP mcrypt, it is abandonware, has not been updated in years and does not support standard PKCS#7 (née PKCS#5) padding, only non-standard null padding that can't even be used with binary data. mcrypt has many outstanding [bugs](https://sourceforge.net/p/mcrypt/bugs/) dating back to 2003. The mcrypt-extension is deprecated was removed in PHP 7.2. Instead consider using [defuse](https://github.com/defuse/php-encryption) or [RNCryptor](https://github.com/RNCryptor), they provide a complete solution and are being maintained and is correct. – zaph Sep 26 '18 at 02:45

8 Answers8

46

Did you update to 5.6? It says

Invalid key and iv sizes are no longer accepted. mcrypt_decrypt() will now throw a warning and return FALSE if the inputs are invalid. Previously keys and IVs were padded with '\0' bytes to the next valid size.

Reference

Read the last line of that quote, and there you will find your solution :)

mcrypt_decrypt(): Key of size 15 not supported by this algorithm. Only keys of sizes 16, 24 or 32 supported

That means you need to pad your key with \0 (that's what previous versions were doing for you)

$key=$key."\0";
Hanky Panky
  • 46,730
  • 8
  • 72
  • 95
14

I went ahead and created a function based on Hanky 웃 Panky's answer.

This can be used with any key length to make sure it's the correct size.

function pad_key($key){
    // key is too large
    if(strlen($key) > 32) return false;

    // set sizes
    $sizes = array(16,24,32);

    // loop through sizes and pad key
    foreach($sizes as $s){
        while(strlen($key) < $s) $key = $key."\0";
        if(strlen($key) == $s) break; // finish if the key matches a size
    }

    // return
    return $key;
}
Community
  • 1
  • 1
troskater
  • 351
  • 1
  • 5
  • 9
  • This worked great for me. I had a website running on an old version of php that I had to move over to our new server. This got it working again. – AllisonC Apr 05 '18 at 12:28
  • A loop within a loop is inefficient. Just use `str_pad()` instead of the `while` and change the `<` to `<=` and return the key – zgr024 Jan 04 '19 at 19:32
3

For Laravel 5

Just run php artisan key:generate:

Application key [EaaJgaD0uFDEg7tpvMOqKfAQ46Bqi8Va] set successfully.

If you don't see your key updated, just paste it in your .env file.

APP_KEY=EaaJgaD0uFDEg7tpvMOqKfAQ46Bqi8Va

Refresh your page

Scott Weldon
  • 9,673
  • 6
  • 48
  • 67
code-8
  • 54,650
  • 106
  • 352
  • 604
1

I had this issue with OSTicket 1.6 ST (yes old version I know). Hosting company just went to PHP 5.6 and it broke the Mail Fetch for cron.php. I'm posting this hoping it helps others fix this issue faster.

You have to edit the file "include/class.misc.php".

Add the function "pad_key" provided in the answer authored by @troskater to the "include/class.misc.php" file and then on line 51 in the function "decrypt" change

return trim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $salt,...

to instead use

return trim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256, pad_key($salt),...

dan-iel
  • 801
  • 8
  • 4
1

I had the same problem, but fixed it with this

public function setKey($key) {
    $len = strlen($key);
    if($len < 24 && $len != 16){
        $key = str_pad($key, 24, "\0", STR_PAD_RIGHT); 
    } elseif ($len > 24 && $len < 32) {
        $key = str_pad($key, 32, "\0", STR_PAD_RIGHT);       
    }elseif ($len > 32){
        $key = substr($key, 0, 32);
    }
    $this->key = $key;
 }
Dimitar Kalenderov
  • 11
  • 3
1

You can just use str_pad() for this. In its simplest form, this will suffice.

function padKey($key) 
{
    // Get the current key size
    $keySize = strlen($key);

    // Set an array containing the valid sizes
    $validSizes = [16,24,32];

    // Loop through sizes and return correct padded $key
    foreach($validSizes as $validSize) {
        if ($keySize <= $validSize) return str_pad($key, $validSize, "\0");
    }

    // Throw an exception if the key is greater than the max size
    throw new Exception("Key size is too large"); 

}

The other answers will do just fine. I'm just taking advantage of the built in PHP function str_pad here instead of appending "\0" in a loop.

zgr024
  • 1,175
  • 1
  • 12
  • 26
0

You don't need to pad the key with "\0".

I had the same issue when migrating to a new PHP 7 server and I got the message :

mcrypt_decrypt(): Key of size 19 not supported by this algorithm. Only keys of sizes 16, 24 or 32 supported.

The key I had in the code was a string of 19 characters, I simply changed it to a string of 32 characters and everything was fine again.

So as the error message suggests, use a valid size key.

Brac
  • 458
  • 4
  • 8
0

If your encryption code looks like this:

<?php
  function encryptCookie($value){
    if(!$value){return false;}
    $key = 'aNdRgUkXp2s5v8y/B?E(H+MbQeShVmYq';
    $text = $value;
    $iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB);
    $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
    $crypttext = mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, $text, MCRYPT_MODE_ECB, $iv);
    return trim(base64_encode($crypttext)); //encode for cookie
   }
 function decryptCookie($value){
    if(!$value){return false;}
    $key = 'aNdRgUkXp2s5v8y/B?E(H+MbQeShVmYq';
    $crypttext = base64_decode($value); //decode cookie
    $iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB);
    $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
    $decrypttext = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, $crypttext, MCRYPT_MODE_ECB, $iv);
    return trim($decrypttext);
   }
?>

You will want to change the $key to a 128 or 256 bit encrypted code. I simply copied a code that I generated from here: Generate Code

I created a 256 bit code for mine which consists of 32 characters and thus fixes the issue of the invalid key size of 15 or whatever number is causing the error. So whatever is set for $key you need to change that to a valid code and then it should work fine.

JCBrown
  • 1,062
  • 10
  • 11