0

I have an application that was build on CakePHP 1.2, and stored some encrypted data. I am rebuilding the application and need to decrypt the data in the new app to update the encryption on it. The ciphers and methods used to encrypt the data in CakePHP 1.2 are not available in PHP 7.1+. Does anyone know of a way that I can decrypt the data in a PHP 7.1+ environment so that it can be encrypted with newer technologies?

Current method that encrypts/decrypts data

function _cryptData(&$data, $direction) {
    $ivSize = mcrypt_get_iv_size(MCRYPT_TRIPLEDES, MCRYPT_MODE_CBC);
    switch ($direction) {
        case 'encrypt':
            $iv = mcrypt_create_iv($ivSize, MCRYPT_RAND);
            $data = base64_encode($iv) . '|' . base64_encode(mcrypt_encrypt(MCRYPT_TRIPLEDES, Configure::read('CakeMix.cryptKey'), $data, MCRYPT_MODE_CBC, $iv));
            break;
        case 'decrypt':
            list($iv, $encoded) = explode('|', $data);
            $data = mcrypt_decrypt(MCRYPT_TRIPLEDES, Configure::read('CakeMix.cryptKey'), base64_decode($encoded), MCRYPT_MODE_CBC, base64_decode($iv));
            break;
    }

}
Brady Charron
  • 33
  • 7
  • Local webserver, set PHP to the version that you need, decrypt the data..? Are you rebuilding it in Cake 3? Use decrypted data and encrypt through new build of application..? Probably not the neatest solutions someone will offer though – Dammeul Oct 17 '18 at 15:16
  • 1
    You may want to be a little more specific as to what encryption method exactly you are referring to. IIRC CakePHP 1.2 didn't ship with any encryption functionality that was native to PHP, I think it only came with some very basic XOR cipher implementation. – ndm Oct 17 '18 at 15:21
  • To be honest, I inherited the application in its current CakePHP 1.2 form, and am rebuilding it in Laravel (5.7). I am not sure what encryption method it used, I will add the method that is used to process the data in an edit to the question. I thought about changing my local PHP version and doing it that way, but Laravel 5.7 requires PHP > 7.1.3 so I would have to downgrade the application. – Brady Charron Oct 17 '18 at 15:33

1 Answers1

1

The shown code in your question seems to be custom, ie non-CakePHP core code, so this seem more just PHP related.

Mcrypt is deprecated, but still available in PHP 7.1, it has only been removed as of PHP 7.2. Mcrypt can also still be used with PHP 7.2+, you'd just have to install it manually, as it's been moved to PECL, see for example Issue in installing php7.2-mcrypt. You could also use a polyfill like phpseclib/mcrypt_compat. So you should be able to continue using Mcrypt for decryption, and port the data to whatever encryption you like.

Furthermore it should generally also be possible to decrypt the data using OpenSSL, though there seem to be pitfalls around null padding, see for example Decrypt mcrypt with openssl. Here's a basic example:

$data = openssl_decrypt(
    base64_decode($encoded),
    'des-ede3-cbc',
    Configure::read('CakeMix.cryptKey'),
    OPENSSL_RAW_DATA | OPENSSL_NO_PADDING,
    base64_decode($iv)
);

There's quite a lot of topics on replacing Mcrypt with OpenSSL, which you may want to have a look at for further options.

ndm
  • 54,969
  • 9
  • 66
  • 105
  • Thank you for this response. I did not realize that Mcrypt was still available, and also available in PECL. In any case, your `openssl_decrypt` code worked. I had actually tried something similar to this, but did not know what to use for the 'method' or 'options'. Your answer was a big help. – Brady Charron Oct 17 '18 at 18:02