Current Location: Home> Latest Articles> Using OpenSSL to Replace mcrypt in PHP 7.1: A Detailed Guide with Sample Code

Using OpenSSL to Replace mcrypt in PHP 7.1: A Detailed Guide with Sample Code

gitbox 2025-06-18

1. Introduction

In PHP 7.1, the mcrypt library has been deprecated, and it is recommended to use the OpenSSL extension for encryption and decryption operations instead. This article provides a detailed step-by-step guide to help you transition from mcrypt to OpenSSL, including example code to demonstrate how encryption and decryption can be performed securely and efficiently.

2. Why Replace mcrypt?

While mcrypt was widely used for encryption, it has some notable drawbacks. First, it has not been updated for a long time, which means it lacks support for newer algorithms and protocols. Second, mcrypt performs poorly when handling large amounts of data, which can lead to excessive PHP execution times. More importantly, in PHP 7.1, mcrypt has been marked as deprecated, and it may be removed in future versions. Therefore, transitioning to OpenSSL is a safer and more efficient option.

3. Replacing mcrypt with OpenSSL

3.1. Installing the OpenSSL Extension

Before using the OpenSSL extension, ensure that it is properly installed and enabled. Here are the installation steps:


sudo apt-get install openssl
sudo apt-get install libssl-dev
sudo pecl install openssl

After installation, edit your php.ini file and add the following line to enable the OpenSSL extension:


extension=openssl.so

3.2. Using OpenSSL for Encryption and Decryption

Once the OpenSSL extension is installed and enabled, you can use its functions to perform encryption and decryption. Below is a simple example demonstrating how to encrypt and decrypt a string using OpenSSL:


<?php
function encrypt($data, $key) {
    // Generate a 128-bit random initialization vector
    $iv = openssl_random_pseudo_bytes(16);
    // Encrypt the data using the AES-256-CBC algorithm
    $encrypted = openssl_encrypt($data, 'AES-256-CBC', $key, OPENSSL_RAW_DATA, $iv);
    // Return the encrypted data and the vector
    return base64_encode($encrypted) . ':' . base64_encode($iv);
}
<p>function decrypt($data, $key) {<br>
// Parse the encrypted data and vector<br>
list($encrypted, $iv) = explode(':', $data);<br>
// Decrypt the data<br>
return openssl_decrypt(base64_decode($encrypted), 'AES-256-CBC', $key, OPENSSL_RAW_DATA, base64_decode($iv));<br>
}</p>
<p>// Example usage<br>
$data = "Hello, World!";<br>
$key = "SecretKey123";<br>
$encryptedData = encrypt($data, $key);<br>
echo "Encrypted data: " . $encryptedData . "\n";<br>
$decryptedData = decrypt($encryptedData, $key);<br>
echo "Decrypted data: " . $decryptedData . "\n";<br>
?><br>

In this example, we use the AES-256-CBC algorithm for encryption. A 128-bit random initialization vector is generated and used during both encryption and decryption to ensure data security.

3.3. Important Notes

When using the OpenSSL extension, make sure to keep the following points in mind:

  • Ensure you are using a secure encryption algorithm, such as AES-256-CBC.
  • Always generate and use a random initialization vector during encryption and decryption.
  • When storing encrypted data, use the appropriate encoding method.
  • Ensure correct parsing of the encrypted data and vector before decrypting.

4. Conclusion

Replacing mcrypt with the OpenSSL extension is a wise choice to improve the security and performance of encryption operations. The OpenSSL extension supports a wider range of algorithms and offers better performance. With the example code provided in this article, you can easily implement encryption and decryption in PHP, ensuring that your data transmission and storage are secure.

Make sure to adjust and optimize the code according to your project’s specific requirements to ensure it meets your needs.

Related