Converting mcrypt_encrypt to openssl_encrypt in PHP

Question

As mcrypt_encrypt is removed from PHP 8, I need to convert the following code to using openssl_encrypt

function encryptValue($input,$sKey)
{   
    $key = hex2bin($sKey);
    
    $block = mcrypt_get_block_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_ECB);
    $pad = $block - (strlen($input) % $block);
    $input .= str_repeat(chr($pad), $pad);
    
    $encrypted_text = bin2hex(mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $key, $input, MCRYPT_MODE_ECB));  

    return $encrypted_text;
}

I have it replaced by the following:

function encryptData($input, $sKey)
    {
        $key= hex2bin($sKey);

        $encrypted_text = bin2hex(openssl_encrypt($input, 'AES-256-ECB', $key, OPENSSL_RAW_DATA));
        return $encrypted_text;
    }

As openssl does default padding, I did not pad the plaintext like in the original code. I believe the secret key is being converted to binary. If I leave out the key conversion from both code, then I get the same encrypted text. But if I use the key conversion, then the encrypted texts are different.

If I remove the below code from both, then both returns the same encrypted text.

$key= hex2bin($sKey);

But without this, it will not work with the external API.

Your code "$key .= chr(hexdec($sKey[$i].$sKey[$i+1]))" is a "hexstring to string" converter, e.g. the input "31323334353637386162636465666768" gets converted to "12345678abcdefgh". Now everything depends on the **key length** - when using my sample string you have a 16 characters/bytes long AES key that is good for **AES-128** and not **AES-256** as you used in your function. Using a doubled input key will need **AES-256** in your openssl-code. It could be helpful if you could give a sample key with resulting ciphertext if my answer didn't solve your problem. — Michael Fehr, Jul 13 '21 at 08:33
`$inputVal` isn't defined in both snippets. This must be changed to `$input`. Probably a copy/paste issue. When this is fixed, both codes return the same ciphertext (as long as both codes use the key conversion consistently). Btw, the key conversion is functionally identical to `hex2bin()`. — Topaco, Jul 13 '21 at 09:10
@MichaelFehr example key: **2ca8a887d4cc71dd68785c2ebe11a6aa** This is a real key. This goes through the **hex2bin** function, and it returns some unicode characters. Then this is passed to the encryption function. Also, am using **AES-256-ECB** with openssl since that is the key size. — WebNovice, Jul 13 '21 at 09:47
@user9014097 Edited the question. When not using the key conversion **hex2bin** both return the same ciphertext. But when both use the key conversion, the ciphertexts are different. Don't know what's happening. And it needs the key conversion since the receiving API probably uses that in decryption as well. — WebNovice, Jul 13 '21 at 09:49
Also in the 1st snippet, change `$inputVal` to `$input`. Currently you do not use the padded plaintext. — Topaco, Jul 13 '21 at 09:51
@MichaelFehr finally found the answer after your help. That hex2bin converts my 256 bit key into a 128 bit key requiring me to use AES-128-ECB instead of AES-256-ECB. When not using hex2bin, it was giving the same ciphertext with AES-256 but not with AES-128. Anyway, don't know if you can turn your comment into an answer, if you can, I can mark it as the answer. Thanks. — WebNovice, Jul 13 '21 at 09:57
I can't reproduce the problem with the posted codes, both give the same result, s. online [here, change to v5.6.29](http://sandbox.onlinephpfunctions.com/code/9f85bb4f19b01290875d4db93b3d35051e70b896) and [here](https://paiza.io/projects/XthVyl49Sc2BHJcUp18bIA). Anyway, you seemed to have solved the problem with Michael Fehr's comment. — Topaco, Jul 13 '21 at 10:05

score 0 · Accepted Answer · answered Jul 13 '21 at 10:43

Your code "$key .= chr(hexdec($sKey[$i].$sKey[$i+1]))" is a "hexstring to string" converter, e.g. the input "31323334353637386162636465666768" gets converted to "12345678abcdefgh".

Now everything depends on the key length - when using my sample string you have a 16 characters/bytes long AES key that is good for AES-128 and not AES-256 as you used in your function.

Using a doubled input key will need AES-256 in your openssl-code.

It could be helpful if you could give a sample key with resulting ciphertext if my answer didn't solve your problem.

Converting mcrypt_encrypt to openssl_encrypt in PHP

1 Answers1