How to decrypt in PHP without mcrypt

Question

I have implemented next function to decrypt string using mcrypt:

function decrypt($encrypted){

    $key = "I5G9VjmnDQ483iDwE9278ST01Rp12Mr7";
    $iv = "W3gtod2XaqHRgdo57968xys2738tl2S6";

    $iv_utf = mb_convert_encoding($iv, 'UTF-8');

    $decrypted = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, base64_decode($encrypted), MCRYPT_MODE_CBC, $iv_utf);

    return $decrypted;

}

Is there any alternative to this without using mcrypt. I don't want to depends on this extension anymore.

I found good library on Github here but it requires PHP v5.3 or later. I need something what works with PHP v5.2.4 or later.

Answer 1

MCRYPT_RIJNDAEL_256

Sorry, no sane library supports Rijndael256. They support standard AES, however. (If anyone is reading this and you want secure and reliably cryptography in 2015, stop using mcrypt!)

Is there any alternative to this without using mcrypt. I don't want to depends on this extension anymore.

Not with Rijndael256. I highly recommend this secure PHP encryption library, which implements authenticated encryption using industry standard AES, supplied by PHP's OpenSSL extension.

I found good library on Github here.

For a given definition of "good".

• This library comes with a pure-PHP implementation of Rijndael. It's never a good idea to write your own implementations of a cipher, especially in a language like PHP.
• The code also makes liberal use of substr() and strlen(), without any sanity checks for mbstring.func_overload.
• It fails to offer authenticated encryption, which is what you want in 99.9% of cases.

but it requires PHP v5.3 or later. I need something what works with PHP v5.2.4 or later

Read this and PLEASE upgrade to 5.6. The 5.2, 5.3, and 5.4 branches are no longer receiving security updates, so you'll have bigger problems than merely insecure cryptography.