Mcrypt

Introduction
Installing/Configuring
Predefined Constants
Mcrypt ciphers
Examples
Mcrypt Functions
- mcrypt_cbc — Encrypts/decrypts data in CBC mode
- mcrypt_cfb — Encrypts/decrypts data in CFB mode
- mcrypt_create_iv — Creates an initialization vector (IV) from a random source
- mcrypt_decrypt — Decrypts crypttext with given parameters
- mcrypt_ecb — Deprecated: Encrypts/decrypts data in ECB mode
- mcrypt_enc_get_algorithms_name — Returns the name of the opened algorithm
- mcrypt_enc_get_block_size — Returns the blocksize of the opened algorithm
- mcrypt_enc_get_iv_size — Returns the size of the IV of the opened algorithm
- mcrypt_enc_get_key_size — Returns the maximum supported keysize of the opened mode
- mcrypt_enc_get_modes_name — Returns the name of the opened mode
- mcrypt_enc_get_supported_key_sizes — Returns an array with the supported keysizes of the opened algorithm
- mcrypt_enc_is_block_algorithm_mode — Checks whether the encryption of the opened mode works on blocks
- mcrypt_enc_is_block_algorithm — Checks whether the algorithm of the opened mode is a block algorithm
- mcrypt_enc_is_block_mode — Checks whether the opened mode outputs blocks
- mcrypt_enc_self_test — Runs a self test on the opened module
- mcrypt_encrypt — Encrypts plaintext with given parameters
- mcrypt_generic_deinit — This function deinitializes an encryption module
- mcrypt_generic_end — This function terminates encryption
- mcrypt_generic_init — This function initializes all buffers needed for encryption
- mcrypt_generic — This function encrypts data
- mcrypt_get_block_size — Gets the block size of the specified cipher
- mcrypt_get_cipher_name — Gets the name of the specified cipher
- mcrypt_get_iv_size — Returns the size of the IV belonging to a specific cipher/mode combination
- mcrypt_get_key_size — Gets the key size of the specified cipher
- mcrypt_list_algorithms — Gets an array of all supported ciphers
- mcrypt_list_modes — Gets an array of all supported modes
- mcrypt_module_close — Closes the mcrypt module
- mcrypt_module_get_algo_block_size — Returns the blocksize of the specified algorithm
- mcrypt_module_get_algo_key_size — Returns the maximum supported keysize of the opened mode
- mcrypt_module_get_supported_key_sizes — Returns an array with the supported keysizes of the opened algorithm
- mcrypt_module_is_block_algorithm_mode — Returns if the specified module is a block algorithm or not
- mcrypt_module_is_block_algorithm — This function checks whether the specified algorithm is a block algorithm
- mcrypt_module_is_block_mode — Returns if the specified mode outputs blocks or not
- mcrypt_module_open — Opens the module of the algorithm and the mode to be used
- mcrypt_module_self_test — This function runs a self test on the specified module
- mcrypt_ofb — Encrypts/decrypts data in OFB mode
- mdecrypt_generic — Decrypts data

User Contributed Notes

4 years ago


These are two simple functions I built for 256-bit encryption/decryption with mcrypt.  I've decided to use MCRYPT_RIJNDAEL_128 because it's AES-compliant, and MCRYPT_MODE_CBC.  (ECB mode is inadequate for many purposes because it does not use an IV.)

This function stores a hash of the data to verify that the data was decrypted successfully, but this could be easily removed if necessary.

<?php
function encrypt($decrypted, $password, $salt='!kQm*fF3pXe1Kbm%9') { 
 // Build a 256-bit $key which is a SHA256 hash of $salt and $password.
 $key = hash('SHA256', $salt . $password, true);
 // Build $iv and $iv_base64.  We use a block size of 128 bits (AES compliant) and CBC mode.  (Note: ECB mode is inadequate as IV is not used.)
 srand(); $iv = mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC), MCRYPT_RAND);
 if (strlen($iv_base64 = rtrim(base64_encode($iv), '=')) != 22) return false;
 // Encrypt $decrypted and an MD5 of $decrypted using $key.  MD5 is fine to use here because it's just to verify successful decryption.
 $encrypted = base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $key, $decrypted . md5($decrypted), MCRYPT_MODE_CBC, $iv));
 // We're done!
 return $iv_base64 . $encrypted;
 } 

function decrypt($encrypted, $password, $salt='!kQm*fF3pXe1Kbm%9') {
 // Build a 256-bit $key which is a SHA256 hash of $salt and $password.
 $key = hash('SHA256', $salt . $password, true);
 // Retrieve $iv which is the first 22 characters plus ==, base64_decoded.
 $iv = base64_decode(substr($encrypted, 0, 22) . '==');
 // Remove $iv from $encrypted.
 $encrypted = substr($encrypted, 22);
 // Decrypt the data.  rtrim won't corrupt the data because the last 32 characters are the md5 hash; thus any \0 character has to be padding.
 $decrypted = rtrim(mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $key, base64_decode($encrypted), MCRYPT_MODE_CBC, $iv), "\0\4");
 // Retrieve $hash which is the last 32 characters of $decrypted.
 $hash = substr($decrypted, -32);
 // Remove the last 32 characters from $decrypted.
 $decrypted = substr($decrypted, 0, -32);
 // Integrity check.  If this fails, either the data is corrupted, or the password/salt was incorrect.
 if (md5($decrypted) != $hash) return false;
 // Yay!
 return $decrypted;
 }
?>

ghoffman at salientdigital dot com

5 years ago


If you want a quick way to see what ciphers, modes, key, block and iv sizes are supported on your server, try something like the following. 

Note: I used this simple bash: `locate libmcrypt` from terminal on Mac OS X to determine the install paths to the algorithms and modes directories. Lots of function calls generate warnings for certain ciphers, hence the use of error suppression.

<?php

$modes = mcrypt_list_modes();
$algorithms = mcrypt_list_algorithms();
foreach($algorithms as $cipher)
{
    echo "<h1 style=\"border-top:1px solid black;\">".$cipher."</h1>\n";
    foreach($modes as $mode)
    {
        echo "<h3>".$mode."</h3>\n";
        @$td = mcrypt_module_open(
            $cipher,
            '/usr/local/libmcrypt-2.5.8/modules/algorithms/',
            $mode,
            '/usr/local/libmcrypt-2.5.8/modules/modes/');
        @$key_size = mcrypt_enc_get_key_size($td);
        @$block_size = mcrypt_get_block_size($cipher,$mode);
        @$iv_size = mcrypt_get_iv_size($cipher, $mode);
        @mcrypt_module_close($td);
        echo "
        <pre>  
            key_size: ". ($key_size?$key_size:'n/a') 
      ."    block_size: ". ($block_size?$block_size:'n/a') 
      ."    iv_size: ". ($iv_size?$iv_size:'n/a') 
      ."  </pre>\n";
        $td=NULL;
        $key_size=NULL;
        $block_size=NULL;
        $iv_size=NULL;
    }
}

?>

Maarten Malaise

6 years ago


people using phpmyadmin are redirected to this manual if they don't have mcrypt installed. If you want to install mcrypt on debian, first check your php version:

yourserver# php --version

Then install the appropriate version of mcrypt (php5-mcrypt if your php version is 5.x)

yourserver# apt-get install php4-mcrypt
...or...
yourserver# apt-get install php5-mcrypt

simonhf at gmail dot com

10 months ago


Note that there are severe performance problems with PHP mcrypt on many CentOS versions. Please see this CentOS bug:
http://bugs.centos.org/view.php?id=8954

ysfbauchi at yahoo dot com

5 years ago


//This is a des, 3des, aes and gost encryption program i wrote using php for my assignment

<?php
    if (isset($_REQUEST['select'])) {
    $choice = $_POST['select'];
      $mykey = $_POST['mykey'];
    $msg = $_POST['plain'];
    } else {
    die("algorithm not selected");
      }

    if ($msg == ''){
        die("Please enter a text to encrypt! ");
        }
    if ($mykey == ''){
        die("Please enter a key! ");
        }         
    
    function algorithmdetails($cipher)
    {
        $chiphername = mcrypt_enc_get_algorithms_name($cipher);
        $blocksize = mcrypt_enc_get_block_size($cipher);
        $mykeysize = mcrypt_enc_get_supported_key_sizes($cipher);
        echo "<p><b>Cipher Name :</b> $chiphername";    
        echo "<p><b>Block size :</b> $blocksize bytes";
        echo "<p><b>Key size :</b> ";    
        foreach ($mykeysize as $value)
        {
        echo "$value bytes ";
        }unset($value);
    }
    
    function encryptnow($thecipher, $thekey, $themsg)
    {
        $iv = mcrypt_create_iv (mcrypt_enc_get_iv_size($thecipher), MCRYPT_DEV_RANDOM);
        mcrypt_generic_init($thecipher, $thekey, $iv);
        $encrypted_text = mcrypt_generic($thecipher, $themsg);
        echo "<html><hr size='2' ></html>";
        echo "<P><P><b>Plain Text : </b>"; 
        echo($themsg); 
        echo "<p><b>Cipher Text : </b> "; 
        echo "$encrypted_text";
        mcrypt_generic_deinit($thecipher);
        mcrypt_module_close($thecipher);
        die();
    }
    
    if ($choice == '1'){
        $cipher = mcrypt_module_open (MCRYPT_DES, '', 'ecb', '');
        algorithmdetails($cipher);
        encryptnow($cipher, $mykey, $msg);
    
    }elseif ($choice == '2'){
        $cipher = mcrypt_module_open (MCRYPT_3DES, '', 'ecb', '');
        algorithmdetails($cipher);
        encryptnow($cipher, $mykey, $msg);
    
    }elseif ($choice == '3'){
        $cipher = mcrypt_module_open (MCRYPT_RIJNDAEL_128, '', 'ecb', '');
        algorithmdetails($cipher);
        encryptnow($cipher, $mykey, $msg);
    
    }elseif ($choice == '4'){
        $cipher = mcrypt_module_open (MCRYPT_GOST, '', 'ecb', '');
        algorithmdetails($cipher);
        encryptnow($cipher, $mykey, $msg);
        
    }else {
        die("Please choose an algorithm!");
    }    
    
?>