A class for performing AES encryption with mcrypt or openssl. Includes benchmarks, full unit tests, and cross-engine validation.
Originally written as part of a blog entry called PHP: AES Mcrypt & OpenSSL
A class for performing AES encryption with mcrypt or openssl.
Home Page: http://jrm.cc/posts/php-aes-openssl/
A class for performing AES encryption with mcrypt or openssl. Includes benchmarks, full unit tests, and cross-engine validation.
Originally written as part of a blog entry called PHP: AES Mcrypt & OpenSSL
As title, this issue should be considered.
Since the php-5.x
versions are unsupported in PHP team, we should let this package require php-7.1+
versions at least.
The ext-mcrypt
extension is deprecated since the php-7.1
is released.
I think we can do following works to resolve issue:
php-5.x
versions.ext-mcrypt
support and let ext-sodium
and ext-openssl
extension supports.Once this issue is accepted, I'm happy to work on this :).
Any plan of adding a BSD?
In the code you are using strlen()
to get length size of a string in multiple places.
In most cases this function will work fine and return the byte size of the string (that's what we need when performing encryption)
but if in the php.ini file we setted mbstring.func_overload
then the method mb_strlen()
will be used instead of the classic strlen()
and this method by default count the number of characters.
Since an UTF-8 character can take up to 4 bytes the number of characters and the number of bytes can be different.
// A system where mbstring.func_overload is not set
$foo = "bär";
echo strlen($foo); //Will print 4 because the string take 4 bytes
echo mb_strlen($foo); //Will print 3, th number of characters
To avoid this kind of problem a custom method to determine the string length should be implemented.
Here's an example from another project:
private static function ourStrlen($str) {
static $exists = null;
if ($exists === null) {
$exists = \function_exists('mb_strlen');
}
if ($exists) {
$length = \mb_strlen($str, '8bit');
if ($length === FALSE) {
throw new Ex\CannotPerformOperation();
}
return $length;
} else {
return \strlen($str);
}
}
Hi Jeff,
I was wondering if you could maybe tag the current master as a new version. The latest tag (v1.0.1
) is ~ 1.5 years old, while some nice fixes (string length checks) were added a while back.
Diff since v1.0.1: v1.0.1...0a9ed81
Hey Jeff,
I found your lib while searching for informations about the pkcs#7 padding and AES encryption. I've checked your padding code, and think I have found multiple minor problems with it:
HTH
Oliver
Hi,
As of PHP 7.3, mcrypt is removed.
If I'm reading the code right, phpaes requires either mcrypt or openssl.
Seems like a simple update to composer.json would make composer happy with it when running PHP 7.3?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.