PHP 7.1.3 Released

openssl_decrypt

(PHP 5 >= 5.3.0, PHP 7)

openssl_decryptDecrypts data

Description

string openssl_decrypt ( string $data , string $method , string $key [, int $options = 0 [, string $iv = "" [, string $tag = "" [, string $aad = "" ]]]] )

Takes a raw or base64 encoded string and decrypts it using a given method and key.

Warning

This function is currently not documented; only its argument list is available.

Parameters

data

The data.

method

The cipher method.

key

The key.

options

options can be one of OPENSSL_RAW_DATA, OPENSSL_ZERO_PADDING.

iv

A non-NULL Initialization Vector.

tag

The authentication tag in AEAD cipher mode. If it is incorrect, the authentication fails and the function returns FALSE.

aad

Additional authentication data.

Return Values

The decrypted string on success or FALSE on failure.

Errors/Exceptions

Emits an E_WARNING level error if an unknown cipher algorithm is passed via the method parameter.

Emits an E_WARNING level error if an empty value is passed in via the iv parameter.

Changelog

Version Description
5.3.3 The iv parameter was added.
5.4.0 The raw_output was changed to options.
7.1.0 The tag and aad parameters were added.

See Also

add a note add a note

User Contributed Notes 4 notes

up
10
Hernanibus
8 months ago
Parameters may seem obvius to some but not for everyone so:

- $data can be as the description says raw or base64. If no $option is set (this is, if value of 0 is passed in this parameter), data will be assumed to be base64 encoded. If parameter OPENSSL_RAW_DATA is set, it will be understood as row data.

- $password (key) is a String of [pseudo] bytes as those generated by the function openssl_random_pseudo_bytes().

- $options as (as for 2016) two possible values OPENSSL_RAW_DATA and OPENSSL_ZERO_PADDING. Setting both can be done by OPENSSL_RAW_DATA||OPENSSL_ZERO_PADDING. If no OPENSSL_ZERO_PADDING is specify, default pading of PKCS#7 will be done as it's been observe by [openssl at mailismagic dot com]'s coment in openssl_encrypt()

- $iv is as in the case of $password, a String of bytes. Its length depends on the algorithm used. May be the best way to generate an $iv is by:

<?php
    $iv
= openssl_random_pseudo_bytes(openssl_cipher_iv_length('your algorithm'));// for example you algorithm = 'AES-256-CTR'
?>
up
0
lucianonapoli at yahoo dot it
22 days ago
The parameter string $password must be in binary form and is derived from the exadecimal key value.

Example:

encrypting in command line console with openssl
openssl AES-256-CBC -K 5ae1b8a17bad4da4fdac796f64c16ecd -iv 34857d973953e44afb49ea9d61104d8c -in doc.txt -out doc.enc.txt

decripting in php
$key = hex2bin('5ae1b8a17bad4da4fdac796f64c16ecd');
$iv = hex2bin('34857d973953e44afb49ea9d61104d8c');

$output = openssl_decrypt($encstr, 'AES-256-CBC', $key, OPENSSL_RAW_DATA, $iv);
up
0
ittasks at gmail dot com
3 years ago
in case that hosting do not provide openssl_encrypt decrypt functions - it could be mimiced via commad prompt executions 
this functions will check is if openssl is installed and try to use it by default

function sslPrm()
{
return array("your_password","IV (optional)","aes-128-cbc");
}
function sslEnc($msg)
{
  list ($pass, $iv, $method)=sslPrm();
  if(function_exists('openssl_encrypt'))
     return urlencode(openssl_encrypt(urlencode($msg), $method, $pass, false, $iv));
  else
     return urlencode(exec("echo \"".urlencode($msg)."\" | openssl enc -".urlencode($method)." -base64 -nosalt -K ".bin2hex($pass)." -iv ".bin2hex($iv)));
}
function sslDec($msg)
{
  list ($pass, $iv, $method)=sslPrm();
  if(function_exists('openssl_decrypt'))
     return trim(urldecode(openssl_decrypt(urldecode($msg), $method, $pass, false, $iv)));
  else
     return trim(urldecode(exec("echo \"".urldecode($msg)."\" | openssl enc -".$method." -d -base64 -nosalt -K ".bin2hex($pass)." -iv ".bin2hex($iv))));
}

//example of usage:
$r= sslEnc("This is encryption/decryption test!");
echo "<br>\n".$r.":".sslDec($r);
up
-39
Anonymous
2 years ago
If your using windows os, do not use the text inside the "file previewer" pane, as this is a truncated version of the actual encrypted string.

Instead, you need to open the file directly and use the contents there.

The error message I had been getting was:
"error:0606506D:digital envelope routines:EVP_DecryptFinal_ex:wrong final block length"
To Top