Laracon EU Online 2021

openssl_decrypt

(PHP 5 >= 5.3.0, PHP 7)

openssl_decryptデータを復号する

説明

openssl_decrypt ( string $data , string $method , string $key [, int $options = 0 [, string $iv = "" [, string $tag = "" [, string $aad = "" ]]]] ) : string|false

未加工の、または base64 エンコードされた文字列を受け取り、 与えられた暗号化方式とキーを使って文字列を復号します。

パラメータ

data

復号化する、暗号化されたメッセージ。

method

暗号化方式。利用可能な暗号化方式のリストについては、 openssl_get_cipher_methods() を使用してください。

key

キー

options

OPENSSL_RAW_DATA あるいは OPENSSL_ZERO_PADDING のいずれか。

iv

NULL ではない初期化ベクトル

tag

AEAD 暗号モードの認証タグ。 正しくない場合、認証は失敗し、関数は FALSE を返します。

警告

tag の長さをこの関数はチェックしません。 この値の長さは openssl_encrypt() を呼び出した時に取得できるものと一致させなければならず、それは呼び出し側の責任です。 一致しない場合でも、与えられた値が適切な tag の先頭部分と一致した場合に復号が成功するかもしれません。

aad

追加の認証データ。

返り値

成功した場合復号化された文字列、失敗した場合に FALSE を返します。

エラー / 例外

method パラメータに未知の暗号アルゴリズムが渡された場合、 E_WARNING レベルのエラーが発生します。

iv パラメータに空の値が渡された場合、 E_WARNING レベルのエラーが発生します。

変更履歴

バージョン 説明
7.1.0 tag および aad パラメータが追加されました。

参考

add a note add a note

User Contributed Notes 4 notes

up
13
Hernanibus
4 years ago
Parameters may seem obvius to some but not for everyone so:

- $data can be as the description says raw or base64. If no $option is set (this is, if value of 0 is passed in this parameter), data will be assumed to be base64 encoded. If parameter OPENSSL_RAW_DATA is set, it will be understood as row data.

- $password (key) is a String of [pseudo] bytes as those generated by the function openssl_random_pseudo_bytes().

- $options as (as for 2016) two possible values OPENSSL_RAW_DATA and OPENSSL_ZERO_PADDING. Setting both can be done by OPENSSL_RAW_DATA|OPENSSL_ZERO_PADDING. If no OPENSSL_ZERO_PADDING is specify, default pading of PKCS#7 will be done as it's been observe by [openssl at mailismagic dot com]'s coment in openssl_encrypt()

- $iv is as in the case of $password, a String of bytes. Its length depends on the algorithm used. May be the best way to generate an $iv is by:

<?php
    $iv
= openssl_random_pseudo_bytes(openssl_cipher_iv_length('your algorithm'));// for example you algorithm = 'AES-256-CTR'
?>
up
4
lucianonapoli at yahoo dot it
3 years ago
The parameter string $password must be in binary form and is derived from the exadecimal key value.

Example:

encrypting in command line console with openssl
openssl AES-256-CBC -K 5ae1b8a17bad4da4fdac796f64c16ecd -iv 34857d973953e44afb49ea9d61104d8c -in doc.txt -out doc.enc.txt

decripting in php
$key = hex2bin('5ae1b8a17bad4da4fdac796f64c16ecd');
$iv = hex2bin('34857d973953e44afb49ea9d61104d8c');

$output = openssl_decrypt($encstr, 'AES-256-CBC', $key, OPENSSL_RAW_DATA, $iv);
up
2
ittasks at gmail dot com
7 years ago
in case that hosting do not provide openssl_encrypt decrypt functions - it could be mimiced via commad prompt executions 
this functions will check is if openssl is installed and try to use it by default

function sslPrm()
{
return array("your_password","IV (optional)","aes-128-cbc");
}
function sslEnc($msg)
{
  list ($pass, $iv, $method)=sslPrm();
  if(function_exists('openssl_encrypt'))
     return urlencode(openssl_encrypt(urlencode($msg), $method, $pass, false, $iv));
  else
     return urlencode(exec("echo \"".urlencode($msg)."\" | openssl enc -".urlencode($method)." -base64 -nosalt -K ".bin2hex($pass)." -iv ".bin2hex($iv)));
}
function sslDec($msg)
{
  list ($pass, $iv, $method)=sslPrm();
  if(function_exists('openssl_decrypt'))
     return trim(urldecode(openssl_decrypt(urldecode($msg), $method, $pass, false, $iv)));
  else
     return trim(urldecode(exec("echo \"".urldecode($msg)."\" | openssl enc -".$method." -d -base64 -nosalt -K ".bin2hex($pass)." -iv ".bin2hex($iv))));
}

//example of usage:
$r= sslEnc("This is encryption/decryption test!");
echo "<br>\n".$r.":".sslDec($r);
up
1
markagius dot co dot uk
3 years ago
openssl_decrypt(..) works with most but not all method types.
This list can vary, depending on the data (Message) and key (Password) used.

See the following code and edit the $text and $password values.
Code checks if text is the same after encrypting then decrypting it.

Note:
  You can still use openssl_encrypt(..) with;
  User enters 'Log-in password'
  (Encrypted and stored using openssl_encrypt)
  Next time.
  User logs-in with 'Log-in password'
  (Check that encrypted 'Log-in password' = stored data)

<CODE>
  // Please edit $password=... and $text=...

  $password = "This is a journey into sound";

  $text = "";
  for($charNo=0; $charNo<=255; $charNo=$charNo+1){
    // if($charNo==127) {$charNo=$charNo+1;}
    if(!$charNo<127){
      // $text = $text."&#x".strtoupper(dechex($charNo)).";";
      $text = $text.chr($charNo);
    } else {
      $text = $text.chr($charNo);
    }
  }

$text = "This is a test message.";

  print "<TABLE BORDER=\"1\">\n";
  print "<TR><TD><B>Encryption type:</B></TD><TD><B>String after converting back:</B></TD></TR>\n";
  $ciphers = openssl_get_cipher_methods();
  for($pointer=0; $pointer<count($ciphers); $pointer=$pointer+1){
    $edit  = EncryptDecrypt($text, true,  $password, $ciphers[$pointer]);
    $check = EncryptDecrypt($edit, false, $password, $ciphers[$pointer]);
    if($text!=$check){
      $info  = $check;
      print "<TR><TD>".$ciphers[$pointer]."</TD><TD>".$info."</TD></TR>\n";
    }
  }
  print "</TABLE>\n";

function EncryptDecrypt($oldText, $encryptIt=true, $password="PASSWORD", $encryptType=""){
  $ciphers = openssl_get_cipher_methods();
  $foundEncType = false;
  for($pointer=0; $pointer<count($ciphers); $pointer=$pointer+1){
    if($ciphers[$pointer]==$encryptType){$foundEncType=true;}
  }
  if(!$foundEncType){
    $encryptType = "RC2-64-CBC"; // Default value used if not set or listed.
  }
  if($encryptIt){
    $newText = openssl_encrypt($oldText,$encryptType,$password);
  } else {
    $newText = openssl_decrypt($oldText,$encryptType,$password);
  }
  return $newText;
}
</CODE>
The following (sometimes) don't work:
    DES-EDE3-CFB1    (sometimes)
    aes-128-gcm
    aes-192-gcm
    aes-256-gcm
    des-ede3-cfb1        (sometimes)
    id-aes128-GCM
    id-aes192-GCM
    id-aes256-GCM
To Top