The mcrypt module is deprecated in PHP 7.1, so I have to refactor my old encrypt / decrypt functions with the openssl functions. Actually I found no way doing this.
My major problem is: The script still must be able to decrypt existing crypted data. I have no chance to decrypt with my function und re-crypt the data with a new function again!
Here's my existing code:
function _encrypt($cleartext, $key = "th1s1sav3rys3cr3tk3y") {
if ($cleartext) {
$td = mcrypt_module_open(MCRYPT_TripleDES, "", MCRYPT_MODE_ECB, "");
$iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($td), MCRYPT_RAND);
mcrypt_generic_init($td, $key, $iv);
$encrypted_data_raw = mcrypt_generic($td, $cleartext);
$encrypted_data = bin2hex($encrypted_data_raw);
mcrypt_generic_deinit($td);
return $encrypted_data;
} else {
return false;
}
}
function _decrypt($crypttext, $key = "th1s1sav3rys3cr3tk3y") {
if ($crypttext) {
$td = mcrypt_module_open(MCRYPT_TripleDES, "", MCRYPT_MODE_ECB, "");
$iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($td), MCRYPT_RAND);
mcrypt_generic_init($td, $key, $iv);
$decrypted_data = trim(mcrypt_decrypt(MCRYPT_TripleDES, $key, hex2bin($crypttext), MCRYPT_MODE_ECB, $iv));
mcrypt_generic_deinit($td);
return $decrypted_data;
} else {
return false;
}
}
UPDATE: This is the way I tried so solve it - to get the same $iv i took simply the same code as in the old function and try to implement it in the way described here: php: mcrypt_encrypt to openssl_encrypt, and OPENSSL_ZERO_PADDING problems
function _encrypt2($cleartext, $key = "th1s1sav3rys3cr3tk3y") {
$td = mcrypt_module_open(MCRYPT_TripleDES, "", MCRYPT_MODE_ECB, "");
$iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($td), MCRYPT_RAND);
$message_padded = $cleartext;
if (strlen($message_padded) % 8) {
$message_padded = str_pad($message_padded,
strlen($message_padded) + 8 - strlen($message_padded) % 8, "\0");
}
$encrypted_openssl = openssl_encrypt($message_padded, "DES-EDE3-CBC", $key, OPENSSL_RAW_DATA | OPENSSL_NO_PADDING, $iv);
return bin2hex($encrypted_openssl);
}
I hope you can give me good hints.
Finally I got the solution - thank you all for your help and support by pushing me into the right direction and asking the right questions. The main thing I missed was ECB-Mode (I took CBC...). So all the stuff with the $iv wasn't really needed.
To complete the answer here my new functions:
function _encrypt_openssl($cleartext, $key = "th1s1sav3rys3cr3tk3y") {
if ($m = strlen($cleartext) %8) {
$cleartext .= str_repeat("\0", 8-$m);
}
$encrypted_openssl = openssl_encrypt($cleartext , "DES-EDE3-ECB", $key, OPENSSL_RAW_DATA | OPENSSL_NO_PADDING, null);
return bin2hex($encrypted_openssl);
}
function _decrypt_openssl($crypttext, $key = "th1s1sav3rys3cr3tk3y") {
return openssl_decrypt(hex2bin($crypttext), 'DES-EDE3-ECB', $key, OPENSSL_RAW_DATA | OPENSSL_NO_PADDING, null);
}