openssl_decrypt

(PHP 5 >= 5.3.0, PHP 7, PHP 8)

openssl_decryptDesencripta datos

Descripción

openssl_decrypt(
    string $data,
    string $method,
    string $password,
    int $options = 0,
    string $iv = ""
): string

Toma una cadena codificada en bruto o mediante base64 y la desencripta usando un método y una clave.

Advertencia

Esta función no está documentada actualmente, solamente se encuentra disponible la lista de parámetros.

Parámetros

data

Los datos.

method

El método de cifrado.

password

La contraseña.

options

options puede ser una de las constantes OPENSSL_RAW_DATA, OPENSSL_ZERO_PADDING.

iv

Un Vector de Inicialización no NULL.

Valores devueltos

La cadena desencriptada si se tuvo éxito o false en caso de error.

Errores/Excepciones

Emite un error de nivel E_WARNING si se pasa un algoritmo de cifrado desconocido mediante el parámetro method.

Emite un error de nivel E_WARNING si se le pasa un valor vacío mediante en parámetro iv.

Historial de cambios

Versión Descripción
5.3.3 Se añadió el parámetro iv.
5.4.0 raw_output se cambió a options.

Ver también

add a note add a note

User Contributed Notes 4 notes

up
13
Hernanibus
8 years ago
Parameters may seem obvius to some but not for everyone so:

- $data can be as the description says raw or base64. If no $option is set (this is, if value of 0 is passed in this parameter), data will be assumed to be base64 encoded. If parameter OPENSSL_RAW_DATA is set, it will be understood as row data.

- $password (key) is a String of [pseudo] bytes as those generated by the function openssl_random_pseudo_bytes().

- $options as (as for 2016) two possible values OPENSSL_RAW_DATA and OPENSSL_ZERO_PADDING. Setting both can be done by OPENSSL_RAW_DATA|OPENSSL_ZERO_PADDING. If no OPENSSL_ZERO_PADDING is specify, default pading of PKCS#7 will be done as it's been observe by [openssl at mailismagic dot com]'s coment in openssl_encrypt()

- $iv is as in the case of $password, a String of bytes. Its length depends on the algorithm used. May be the best way to generate an $iv is by:

<?php
    $iv
= openssl_random_pseudo_bytes(openssl_cipher_iv_length('your algorithm'));// for example you algorithm = 'AES-256-CTR'
?>
up
4
ittasks at gmail dot com
11 years ago
in case that hosting do not provide openssl_encrypt decrypt functions - it could be mimiced via commad prompt executions 
this functions will check is if openssl is installed and try to use it by default

function sslPrm()
{
return array("your_password","IV (optional)","aes-128-cbc");
}
function sslEnc($msg)
{
  list ($pass, $iv, $method)=sslPrm();
  if(function_exists('openssl_encrypt'))
     return urlencode(openssl_encrypt(urlencode($msg), $method, $pass, false, $iv));
  else
     return urlencode(exec("echo \"".urlencode($msg)."\" | openssl enc -".urlencode($method)." -base64 -nosalt -K ".bin2hex($pass)." -iv ".bin2hex($iv)));
}
function sslDec($msg)
{
  list ($pass, $iv, $method)=sslPrm();
  if(function_exists('openssl_decrypt'))
     return trim(urldecode(openssl_decrypt(urldecode($msg), $method, $pass, false, $iv)));
  else
     return trim(urldecode(exec("echo \"".urldecode($msg)."\" | openssl enc -".$method." -d -base64 -nosalt -K ".bin2hex($pass)." -iv ".bin2hex($iv))));
}

//example of usage:
$r= sslEnc("This is encryption/decryption test!");
echo "<br>\n".$r.":".sslDec($r);
up
2
lucianonapoli at yahoo dot it
7 years ago
The parameter string $password must be in binary form and is derived from the exadecimal key value.

Example:

encrypting in command line console with openssl
openssl AES-256-CBC -K 5ae1b8a17bad4da4fdac796f64c16ecd -iv 34857d973953e44afb49ea9d61104d8c -in doc.txt -out doc.enc.txt

decripting in php
$key = hex2bin('5ae1b8a17bad4da4fdac796f64c16ecd');
$iv = hex2bin('34857d973953e44afb49ea9d61104d8c');

$output = openssl_decrypt($encstr, 'AES-256-CBC', $key, OPENSSL_RAW_DATA, $iv);
up
0
markagius dot co dot uk
7 years ago
openssl_decrypt(..) works with most but not all method types.
This list can vary, depending on the data (Message) and key (Password) used.

See the following code and edit the $text and $password values.
Code checks if text is the same after encrypting then decrypting it.

Note:
  You can still use openssl_encrypt(..) with;
  User enters 'Log-in password'
  (Encrypted and stored using openssl_encrypt)
  Next time.
  User logs-in with 'Log-in password'
  (Check that encrypted 'Log-in password' = stored data)

<CODE>
  // Please edit $password=... and $text=...

  $password = "This is a journey into sound";

  $text = "";
  for($charNo=0; $charNo<=255; $charNo=$charNo+1){
    // if($charNo==127) {$charNo=$charNo+1;}
    if(!$charNo<127){
      // $text = $text."&#x".strtoupper(dechex($charNo)).";";
      $text = $text.chr($charNo);
    } else {
      $text = $text.chr($charNo);
    }
  }

$text = "This is a test message.";

  print "<TABLE BORDER=\"1\">\n";
  print "<TR><TD><B>Encryption type:</B></TD><TD><B>String after converting back:</B></TD></TR>\n";
  $ciphers = openssl_get_cipher_methods();
  for($pointer=0; $pointer<count($ciphers); $pointer=$pointer+1){
    $edit  = EncryptDecrypt($text, true,  $password, $ciphers[$pointer]);
    $check = EncryptDecrypt($edit, false, $password, $ciphers[$pointer]);
    if($text!=$check){
      $info  = $check;
      print "<TR><TD>".$ciphers[$pointer]."</TD><TD>".$info."</TD></TR>\n";
    }
  }
  print "</TABLE>\n";

function EncryptDecrypt($oldText, $encryptIt=true, $password="PASSWORD", $encryptType=""){
  $ciphers = openssl_get_cipher_methods();
  $foundEncType = false;
  for($pointer=0; $pointer<count($ciphers); $pointer=$pointer+1){
    if($ciphers[$pointer]==$encryptType){$foundEncType=true;}
  }
  if(!$foundEncType){
    $encryptType = "RC2-64-CBC"; // Default value used if not set or listed.
  }
  if($encryptIt){
    $newText = openssl_encrypt($oldText,$encryptType,$password);
  } else {
    $newText = openssl_decrypt($oldText,$encryptType,$password);
  }
  return $newText;
}
</CODE>
The following (sometimes) don't work:
    DES-EDE3-CFB1    (sometimes)
    aes-128-gcm
    aes-192-gcm
    aes-256-gcm
    des-ede3-cfb1        (sometimes)
    id-aes128-GCM
    id-aes192-GCM
    id-aes256-GCM
To Top