Search code examples
phpopensslmcrypt

substitute mcrypt with openssl_encrypt

I'm trying to update a function to work with php 7.1 which deprecated mcrypt.

the original function is:

function encryptNET3DES($key, $vector, $text) {        
    $td = mcrypt_module_open(MCRYPT_3DES, '', MCRYPT_MODE_CBC, '');
    $key_add = 24 - strlen($key);
    $key .= substr($key, 0, $key_add);
    $text_add = strlen($text) % 8;
    for ($i = $text_add; $i < 8; $i++) {
        $text .= chr(8 - $text_add);
    }
    mcrypt_generic_init($td, $key, $vector);
    $encrypt64 = mcrypt_generic($td, $text);
    mcrypt_generic_deinit($td);
    mcrypt_module_close($td);
    return base64_encode($encrypt64);
}

what I tried is: 

function encryptNET3DESssl($key, $vector, $text) {        
    $key_add = 24 - strlen($key);
    $key .= substr($key, 0, $key_add);
    $text_add = strlen($text) % 8;
    for ($i = $text_add; $i < 8; $i++) {
        $text .= chr(8 - $text_add);
    }
    $encrypt64 = openssl_encrypt($text, 'des-ede3-cbc', $key, OPENSSL_RAW_DATA, $vector);
    return base64_encode($encrypt64);
}

when I run:

$security_token = 'Z6AlpD35lEphQCaljt+MwKHjk9K0/KKd';
$key = base64_decode($security_token);
$iv = base64_decode(substr(date('ymdhis'), 1) . '=');
$string = '31ArmandoQuitoEstebanBlanco1234567-9unmail@dominio.com123456789Av.Sin Nombre 00001234.50685835353.3048hs'.date("Y-m-dh:i:s");

$normal = encryptNET3DES($key, $iv, $string);
$ssl = encryptNET3DESssl($key, $iv, $string);

var_dump($normal);
var_dump($ssl);

the result is:

index.php:12:string 'kaOlYwfRa8jCYYxYVqGJClf27ok2zzemeYTdTmvnDULKX8QvE6XL2DpNKgMMWKzz8+WYawXpQzhZ0UYlijIHjpM6tofE/65VaivNZd+P2w3Od+3iCGCwqKAsJAiezZesuMk+13OmaGVFG7cmt67AV1AgNTZVZCpPcGn3rx4J5LQ=' (length=172)
index.php:13:string 'kaOlYwfRa8jCYYxYVqGJClf27ok2zzemeYTdTmvnDULKX8QvE6XL2DpNKgMMWKzz8+WYawXpQzhZ0UYlijIHjpM6tofE/65VaivNZd+P2w3Od+3iCGCwqKAsJAiezZesuMk+13OmaGVFG7cmt67AV1AgNTZVZCpPcGn3rx4J5LToK7ummSyDXw==' (length=184)

I can see they're identical until the last 10 characters, so my guess is that im missing some argument somewhere for my open ssl encryption be the same as the mcrypt one.

Solution

  • You don't need to pad your text when using openssl, this will be handled automatically.

    Change your code to the following and both methods will produce the same result:

    function encryptNET3DESssl($key, $vector, $text) {        
  $key_add = 24 - strlen($key);
  $key .= substr($key, 0, $key_add);

  $encrypt64 = openssl_encrypt($text, 'des-ede3-cbc', $key, OPENSSL_RAW_DATA, $vector);
  return base64_encode($encrypt64);
}