Detailed explanation of how to use OpenSSL instead of Mcrypt encryption and decryption in PHP 7.1

Home

Backend Development

PHP Tutorial

Detailed explanation of how to use OpenSSL instead of Mcrypt encryption and decryption in PHP 7.1_php tips

韦小宝

Dec 04, 2017 pm 01:29 PM

mcrypt openssl php

Recently when I was using PHP to develop the WeChat public account function, I found that Mcrypt has been deprecated in PHP 7.1. I had no choice but to find a corresponding solution to replace it, so This article mainly introduces you to the relevant information about using OpenSSL instead of Mcrypt encryption and decryption in PHP 7.1. Friends in need can refer to it.

Summary:

After the release of php7.1, the new features attracted many PHPers, and everyone is discussing what the new features will bring benefits and conveniences. However, upgrading from php7.0 to php7.1 obsolete (obsolete) an extension that was commonly used in the past (mcrypt extension). The official provides corresponding solution tips, but does not provide more detailed solutions. So here comes the trap:

Today when I used the WeChat open platform to connect to a content management system, it kept failing when binding the official account

Reason:

During debugging, we found that the direct cause is the authorization event filled in the open platform (the authorization event will send an event every ten minutes to update the ticket), that is:

The url filled in here, debugging found that this URL is correct, WeChat also pushes it every 10 minutes, but in the end the ticket cannot be received. Looking at the code, it is found that it is due to decryption When the data came over from WeChat, an error was reported:

<?php 
  
function aes_decode($message, $encodingaeskey = &#39;&#39;, $appid = &#39;&#39;) { 
 $key = base64_decode($encodingaeskey . &#39;=&#39;); 
  
 $ciphertext_dec = base64_decode($message); 
 $iv = substr($key, 0, 16); 
  
 $module = mcrypt_module_open(MCRYPT_RIJNDAEL_128, &#39;&#39;, MCRYPT_MODE_CBC, &#39;&#39;); 
 mcrypt_generic_init($module, $key, $iv); 
 $decrypted = mdecrypt_generic($module, $ciphertext_dec); 
 mcrypt_generic_deinit($module); 
 mcrypt_module_close($module); 
  
 $pad = ord(substr($decrypted, -1)); 
 if ($pad < 1 || $pad > 32) { 
 $pad = 0; 
 }

Copy after login

This is the place. Since my environment is PHP 7.1, I searched for information and found PHP Mcrypt has been abandoned in 7.1, so mcrypt_* in this code cannot be run.

Solution:

# Searching for information found that Mcrypt can be replaced by OpenSSL (provided that the OpenSSL extension has been installed, but generally They are all installed by default)

openssl is a powerful toolkit that integrates many cryptographic algorithms and practical tools. We can use the command console tool it provides to generate keys and certificates to encrypt and decrypt files, or we can use the API interface it provides to encrypt the transmitted information in the code.

So the above code can be changed to:

<?php 
  
function aes_decode($message, $encodingaeskey = &#39;&#39;, $appid = &#39;&#39;) { 
 $key = base64_decode($encodingaeskey . &#39;=&#39;); 
  
 $ciphertext_dec = base64_decode($message); 
 $iv = substr($key, 0, 16); 
  
 /* mcrypt对称解密代码在PHP7.1已经被抛弃了，所以使用下面的openssl来代替 
 $module = mcrypt_module_open(MCRYPT_RIJNDAEL_128, &#39;&#39;, MCRYPT_MODE_CBC, &#39;&#39;); 
 mcrypt_generic_init($module, $key, $iv); 
 $decrypted = mdecrypt_generic($module, $ciphertext_dec); 
 mcrypt_generic_deinit($module); 
 mcrypt_module_close($module); 
 */
 $decrypted = openssl_decrypt($ciphertext_dec, &#39;AES-256-CBC&#39;, $key, OPENSSL_RAW_DATA|OPENSSL_ZERO_PADDING, $iv); 
  
 $pad = ord(substr($decrypted, -1)); 
 if ($pad < 1 || $pad > 32) { 
 $pad = 0; 
 }

Copy after login

Supplement:

The above decryption has been modified, so the corresponding Mcrypt encryption also needs to be modified. If it is not changed, it will lead to events such as the inability to publish to the entire network and the inability to push messages.
The encrypted source code is as follows:

<?php 
function aes_encode($message, $encodingaeskey = &#39;&#39;, $appid = &#39;&#39;) { 
 $key = base64_decode($encodingaeskey . &#39;=&#39;); 
 $text = random(16) . pack("N", strlen($message)) . $message . $appid; 
 $iv = substr($key, 0, 16); 
  
 $block_size = 32; 
 $text_length = strlen($text); 
 $amount_to_pad = $block_size - ($text_length % $block_size); 
 if ($amount_to_pad == 0) { 
 $amount_to_pad = $block_size; 
 } 
 $pad_chr = chr($amount_to_pad); 
 $tmp = &#39;&#39;; 
 for ($index = 0; $index < $amount_to_pad; $index++) { 
 $tmp .= $pad_chr; 
 } 
 $text = $text . $tmp; 
 $size = mcrypt_get_block_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC); 
 $module = mcrypt_module_open(MCRYPT_RIJNDAEL_128, &#39;&#39;, MCRYPT_MODE_CBC, &#39;&#39;); 
 mcrypt_generic_init($module, $key, $iv); 
 $encrypted = mcrypt_generic($module, $text); 
 mcrypt_generic_deinit($module); 
 mcrypt_module_close($module); 
  
 $encrypt_msg = base64_encode($encrypted); 
 return $encrypt_msg; 
}

Copy after login

##The modified code is:

<?php 
function aes_encode($message, $encodingaeskey = &#39;&#39;, $appid = &#39;&#39;) { 
 $key = base64_decode($encodingaeskey . &#39;=&#39;); 
 $text = random(16) . pack("N", strlen($message)) . $message . $appid; 
 $iv = substr($key, 0, 16); 
  
 $block_size = 32; 
 $text_length = strlen($text); 
 $amount_to_pad = $block_size - ($text_length % $block_size); 
 if ($amount_to_pad == 0) { 
 $amount_to_pad = $block_size; 
 } 
 $pad_chr = chr($amount_to_pad); 
 $tmp = &#39;&#39;; 
 for ($index = 0; $index < $amount_to_pad; $index++) { 
 $tmp .= $pad_chr; 
 } 
 $text = $text . $tmp; 
 /* mcrypt对称加密代码在PHP7.1已经被抛弃了，所以使用下面的openssl来代替 
 $size = mcrypt_get_block_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC); 
 $module = mcrypt_module_open(MCRYPT_RIJNDAEL_128, &#39;&#39;, MCRYPT_MODE_CBC, &#39;&#39;); 
 mcrypt_generic_init($module, $key, $iv); 
 $encrypted = mcrypt_generic($module, $text); 
 mcrypt_generic_deinit($module); 
 mcrypt_module_close($module); 
 */
  
 $encrypted = openssl_encrypt($text, &#39;AES-256-CBC&#39;, $key, OPENSSL_RAW_DATA|OPENSSL_ZERO_PADDING, $iv); 
 $encrypt_msg = base64_encode($encrypted); 
 return $encrypt_msg; 
}

Copy after login

Special note: Any process involving WeChat development, if you have upgraded to PHP 7.1 If so, then it is necessary to check whether Mcrypt is used for symmetric encryption and decryption. The demo used in the WeChat development documentation also uses Mcrypt for encryption and decryption. This needs to be noted.

Summary

The above is all the content of this article. I hope it will be helpful to everyone in WeChat development. If you have any questions, please contact us. Ask questions in the community Q&A on this site!

Related recommendations:

Replacement scheme for AES encryption and decryption mcrypt_module_open() method in php7.1

php mcrypt encryption and decryption example code

php encryption and decryption method based on openssl

The above is the detailed content of Detailed explanation of how to use OpenSSL instead of Mcrypt encryption and decryption in PHP 7.1_php tips. For more information, please follow other related articles on the PHP Chinese website!

Statement of this Website

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

Hot AI Tools

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress images for free

Clothoff.io

AI clothes remover

Video Face Swap

Swap faces in any video effortlessly with our completely free AI face swap tool!

Hot Article

Roblox: Grow A Garden - Complete Mutation Guide

4 weeks ago By DDD

Roblox: Bubble Gum Simulator Infinity - How To Get And Use Royal Keys

4 weeks ago By 尊渡假赌尊渡假赌尊渡假赌

Nordhold: Fusion System, Explained

1 months ago By 尊渡假赌尊渡假赌尊渡假赌

Mandragora: Whispers Of The Witch Tree - How To Unlock The Grappling Hook

4 weeks ago By 尊渡假赌尊渡假赌尊渡假赌

Clair Obscur: Expedition 33 - How To Get Perfect Chroma Catalysts

2 weeks ago By 尊渡假赌尊渡假赌尊渡假赌

Hot Tools

Notepad++7.3.1

Easy-to-use and free code editor

SublimeText3 Chinese version

Chinese version, very easy to use

Zend Studio 13.0.1

Powerful PHP integrated development environment

Dreamweaver CS6

Visual web development tools

SublimeText3 Mac version

God-level code editing software (SublimeText3)

Hot Topics

Java Tutorial

1677

CakePHP Tutorial

1430

Laravel Tutorial

1333

PHP Tutorial

1278

C# Tutorial

1257

Related knowledge

PHP and Python: Different Paradigms Explained Apr 18, 2025 am 12:26 AM

PHP is mainly procedural programming, but also supports object-oriented programming (OOP); Python supports a variety of paradigms, including OOP, functional and procedural programming. PHP is suitable for web development, and Python is suitable for a variety of applications such as data analysis and machine learning.

PHP: Handling Databases and Server-Side Logic Apr 15, 2025 am 12:15 AM

PHP uses MySQLi and PDO extensions to interact in database operations and server-side logic processing, and processes server-side logic through functions such as session management. 1) Use MySQLi or PDO to connect to the database and execute SQL queries. 2) Handle HTTP requests and user status through session management and other functions. 3) Use transactions to ensure the atomicity of database operations. 4) Prevent SQL injection, use exception handling and closing connections for debugging. 5) Optimize performance through indexing and cache, write highly readable code and perform error handling.

PHP's Purpose: Building Dynamic Websites Apr 15, 2025 am 12:18 AM

PHP is used to build dynamic websites, and its core functions include: 1. Generate dynamic content and generate web pages in real time by connecting with the database; 2. Process user interaction and form submissions, verify inputs and respond to operations; 3. Manage sessions and user authentication to provide a personalized experience; 4. Optimize performance and follow best practices to improve website efficiency and security.

Choosing Between PHP and Python: A Guide Apr 18, 2025 am 12:24 AM

PHP is suitable for web development and rapid prototyping, and Python is suitable for data science and machine learning. 1.PHP is used for dynamic web development, with simple syntax and suitable for rapid development. 2. Python has concise syntax, is suitable for multiple fields, and has a strong library ecosystem.

PHP and Python: A Deep Dive into Their History Apr 18, 2025 am 12:25 AM

PHP originated in 1994 and was developed by RasmusLerdorf. It was originally used to track website visitors and gradually evolved into a server-side scripting language and was widely used in web development. Python was developed by Guidovan Rossum in the late 1980s and was first released in 1991. It emphasizes code readability and simplicity, and is suitable for scientific computing, data analysis and other fields.

Why Use PHP? Advantages and Benefits Explained Apr 16, 2025 am 12:16 AM

The core benefits of PHP include ease of learning, strong web development support, rich libraries and frameworks, high performance and scalability, cross-platform compatibility, and cost-effectiveness. 1) Easy to learn and use, suitable for beginners; 2) Good integration with web servers and supports multiple databases; 3) Have powerful frameworks such as Laravel; 4) High performance can be achieved through optimization; 5) Support multiple operating systems; 6) Open source to reduce development costs.

PHP's Impact: Web Development and Beyond Apr 18, 2025 am 12:10 AM

PHPhassignificantlyimpactedwebdevelopmentandextendsbeyondit.1)ItpowersmajorplatformslikeWordPressandexcelsindatabaseinteractions.2)PHP'sadaptabilityallowsittoscaleforlargeapplicationsusingframeworkslikeLaravel.3)Beyondweb,PHPisusedincommand-linescrip

PHP vs. Python: Use Cases and Applications Apr 17, 2025 am 12:23 AM

PHP is suitable for web development and content management systems, and Python is suitable for data science, machine learning and automation scripts. 1.PHP performs well in building fast and scalable websites and applications and is commonly used in CMS such as WordPress. 2. Python has performed outstandingly in the fields of data science and machine learning, with rich libraries such as NumPy and TensorFlow.

See all articles