Rijndael 192-bit block size mcrypt alternative

2
votes

Please read this question before knee-jerking it as a duplicate (although if it actually is, not sure why I couldn't find it, but GREAT!!)

We have been using mcrypt with the rijndael-192 module in cfb mode for years now. We have a LOT of stuff encrypted with it.

PHP 7.2 which we HAVE to move to, no longer includes mcrypt.

Openssl AES does not support 192 block sizes(or anything other than 128). So moving forward I will be changing the symmetric encryption.

The problem I have is with the legacy data, I cannot see how to decrypt it going forward without mcrypt. There is no option of modifying the legacy data as that would be unfeasible for us.

So my question is, how do I decrypt my data that has been encrypted using rijndael with 192 block size, without mcrypt?

Thanks

1
phpencryptionmcryptphp-openssl
AES-192-CFB - the 192 is the KEY length, not the block size. AES only supports 128 block size - superphonic
@LawrenceCherone Rijndael-192 (not to be confused with AES-192) for more info: wiki.php.net/rfc/mcrypt-viking-funeral - Edwin
Can't you decrypt it / re-encrypt it with PHP 7.1? - President James K. Polk
Off-topic, but ... A 192-bit block size is unusual. Why was it selected? - jww
@superphonic - Here are several similar questions, but I don't believe they will help in your case. Can't decrypt using pgcrypto from AES-256-CBC but AES-128-CBC is OK, MCrypt rijndael-128 to OpenSSL aes-128-ecb conversion, etc. Also see Upgrading my encryption library from Mcrypt to OpenSSL, Replace Mcrypt with OpenSSL and Preparing for removal of Mcrypt in PHP 7.2 - jww

1 Answers

1
votes

Thought I should report back as I hate it when questions are left hanging.

I have found no other way to decrypt a Rijndael(AES) cipher using a 192 block size within PHP, other than using the mcrypt library. I had two options:

  1. Install mcrypt in PHP 7.2 from the PHP PECL extension repository and continue using it.
  2. Decrypt my data in PHP 7.1 using the mcrypt library, and re-encrypt using openssl AES cipher with 128 block sizes.

We opted for option 2. Although it was slow and painful, moving away from mcrypt was clearly the better long term solution.