PHP 7 uses openssl to decrypt user data in the EasyClass API

1、 Mcrypt extension decryption

Since the PHP version has been updated to 7.1 or higher, the mcrypt extension has been abandoned. Using the mcrypt extension, an error will appear as shown in the following figure. You can only use openssl instead.

However, Yiban Light Application still provides the old version of the mcrypt extension, which will lead to the prompt that this function is not available when the PHP version is upgraded to a version above 7.1. The following is the decryption code provided by the Yiban Document Center. The encryption method used is AES-128-CBC 。

 <? php $postObject = addslashes($_GET["verify_request"]);// Get the verify_request parameter value $postStr = pack("H*", $postObject); $appID = "";// App appID $appSecret = "";// Apply appSecret $postInfo = mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $appSecret, $postStr, MCRYPT_MODE_CBC, $appID); $postInfo = rtrim($postInfo); ?>

2、 Change to openssl for decryption

Use openssl to write the above code during the test AES-128-CBC Decryption failed, then change it to AES-256-CBC After, select option OPENSSL_RAW_DATA|OPENSSL_NO_PADDING perhaps 1|3 All can be decrypted successfully (two options must be used in the test here, or the decryption fails).

 <? php $data =  "5638b78a47bab5db7ec413d2b1dff605fe0782d51683a7cf20b5341c021eb11abb1f057260bf45c6a942a5410c4ee16c17828cc64c7f0cecce722af1ba50921a6b2a1b1b670f690809f20cca10abe17ea87c2d63fb7448f1fbd23173239c2f0017988b06e282436f12315d0524639e9332b9fde760a30e9eecb4a73f8f19890c56923727d02318a0738a9d1f85466d3c0e8d63e3a244fe90dbfa95d0854e2e46ed4bbb800accb6c99af1bc2c0ae5 111f0defc78cd76088a0dfe17eec3befa18c91bb5fc4b5c3fe10e659e7e646b9a5ea31c5e1630debddc24c9fa79e60d1c3520781bcb77840692d0c399dc2a7309c545a6fc0786b5aba101377e92bf484efb6"; $postStr = pack("H*", $data); //16 bit key key $appID = '5a78142f61c73774'; //32-bit iv vector $appSecret ='d2eb797fd023d049a53a033c1d359971'; $pinfo = openssl_decrypt($postStr,"AES-256-CBC",$appSecret,OPENSSL_RAW_DATA|OPENSSL_NO_PADDING,$appID); print_r($pinfo); ?>

The decrypted results are as follows:

 { "visit_time": 1566317331, "visit_user": { "userid": "12543770", "Username": "The rain falls and withers", "Usernick": "rain falls and withers", "usersex": "M" }, "visit_oauth": { "access_token": "ca2441e60276fab919c12150dd15d9fade201e48", "token_expires": "1566922131" } }

3、 Summary

Through the above mcrypt decryption method AES-128-CBC Must be used after converting to openssl AES-256-CBC To decrypt successfully. The blogger didn't find out the specific reason. If you have any questions in this article, please comment!