-3

please help to solve the problem.

how to make it work for on php 7 ? 

function decr($string) {
    $key="";
    $iv = mcrypt_create_iv(mcrypt_get_block_size (MCRYPT_CAST_32, MCRYPT_MODE_CFB), MCRYPT_DEV_RANDOM);
    $string = base64_decode(trim($string));
    $dec =  mcrypt_cbc (MCRYPT_TripleDES, $key, $string, MCRYPT_DECRYPT, $iv);
    return $dec;
}
Bistiara
  • 3
  • I try mcrypt_decrypt(MCRYPT_3DES , $key, $string, MCRYPT_MODE_CBC, $iv); but it does not dycrypt full string :( – Bistiara Dec 06 '17 at 12:57
  • Please include the exact error message or "not working" behavior you're encountering. – ceejayoz Dec 06 '17 at 13:14
  • It is best not to use PHP mcrypt, it is abandonware, has not been updated in years and does not support standard PKCS#7 (née PKCS#5) padding, only non-standard null padding that can't even be used with binary data. mcrypt has many outstanding [bugs](https://sourceforge.net/p/mcrypt/bugs/) dating back to 2003. The mcrypt-extension is deprecated will be removed in PHP 7.2. Instead consider using [defuse](https://github.com/defuse/php-encryption) or [RNCryptor](https://github.com/RNCryptor), they provide a complete solution and are being maintained and is correct. – zaph Dec 06 '17 at 13:24
  • **Do not use 3DES for new work**, it is not as secure as AES and only has 112-bit security with a triple key, instead use AES (Advanced Encryption Standard) which supports key sizes of 128,192 and 256 bits. Also using Cast is not a good choice. – zaph Dec 06 '17 at 13:26
  • I need to decode old data :( – Bistiara Dec 06 '17 at 13:28
  • @Bistiara You should transition the data. Use a PHP 5 server to decode it, then re-encode it with a more modern algorithm so PHP 7 can use it. – ceejayoz Dec 06 '17 at 18:31

1 Answers1

2

I had recently this problem in an app, i did not use mcrypt_encrypt() as suggested because of :

Warning This function has been DEPRECATED as of PHP 7.1.0. Relying on this function is highly discouraged.

I did it using openssl (php-openssl) this way :

function _encrypt($data){
    $initialVector = openssl_random_pseudo_bytes(16, $secure);
    $secretKey = '<SECRET_KEY>'; // string : 16 length
    return  openssl_encrypt($data, "aes-128-cbc", $secretKey, OPENSSL_RAW_DATA, $initialVector);
}


function _decrypt($data){
    $initialVector = openssl_random_pseudo_bytes(16, $secure);
    $secretKey = '<SECRET_KEY>'; // string : 16 length
    return  openssl_decrypt($data, "aes-128-cbc", $secretKey, OPENSSL_RAW_DATA, $initialVector);
}

Note : initial vector/secret key generated this way is just for example

Oulalahakabu
  • 504
  • 3
  • 6