60262

php mcrypt equivalent for sagepay on a windows server

Question:

Our company primarily used vbscript until fairly recently, when we started changing to PHP. Upon trying to integrate a SagePay form kit into one of our projects I came across this obstacle.

We are on a windows 2008 server, and this cannot be changed. The server does not contain the mcrypt library and our server host will not install it due to it being a shared platform.

The problematic line comes from a SagePay form kit that you use to pay for things with SagePay. Hopefully some of you will be familiar with these.

The line in question is:

//** perform encryption with PHP's MCRYPT module $strCrypt = mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $strEncryptionPassword, $strIn, MCRYPT_MODE_CBC, $strIV);

This is part of a larger encrytion function as follows:

//** Wrapper function do encrypt an encode based on strEncryptionType setting ** function encryptAndEncode($strIn) { global $strEncryptionType ,$strEncryptionPassword; if ($strEncryptionType=="XOR") { //** XOR encryption with Base64 encoding ** return base64Encode(simpleXor($strIn,$strEncryptionPassword)); } else { //** AES encryption, CBC blocking with PKCS5 padding then HEX encoding - DEFAULT ** //** use initialization vector (IV) set from $strEncryptionPassword $strIV = $strEncryptionPassword; //** add PKCS5 padding to the text to be encypted $strIn = addPKCS5Padding($strIn); //** perform encryption with PHP's MCRYPT module $strCrypt = mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $strEncryptionPassword, $strIn, MCRYPT_MODE_CBC, $strIV); //** perform hex encoding and return return "@" . bin2hex($strCrypt); } }

Does anyone know how I may possibly be able to bypass this problem, or an equivalent library that I may be able to implement in its place? Any pointers, tips or points in the correct direction would be most appreciated.

<strong>EDIT</strong> Ok so after researching it more, as I understand it, I just need a 128 bit AES Encryption function, without the use of mcrypt.

Answer1:

There are plenty of alternatives, the lack of support/willingness from your hosing provider would be the sticky point.

If you were on your own VPS/In a position to go down a new route. I'd recommend OpenSSL; <a href="http://www.openssl.org/" rel="nofollow">http://www.openssl.org/</a> - Since you're on windows maybe check out <a href="http://slproweb.com/products/Win32OpenSSL.html" rel="nofollow">http://slproweb.com/products/Win32OpenSSL.html</a>

Have you checked through phpinfo()to see what is available to you?

There is also PCrypt; <a href="http://www.phpclasses.org/package/1610-PHP-Symetric-encryption-of-data-using-only-PHP-code.html" rel="nofollow">http://www.phpclasses.org/package/1610-PHP-Symetric-encryption-of-data-using-only-PHP-code.html</a>

Answer2:

An alternative to the native extension is phpseclib

<a href="http://phpseclib.sourceforge.net/" rel="nofollow">http://phpseclib.sourceforge.net/</a>

Recommend

  • RSA encryption library or Classes
  • C# RSA Encrypting text using a given PKCS#1 public key
  • Securely storing (encrypting) data in an ASP.Net application
  • Iterating over a container bidirectionally
  • Maven use Encrypted passwords in POM
  • Special chars in Amazon S3 keys?
  • reduce/reduce conflicts using ocamlyacc
  • Encode Byte array to JPEG image in Objective-C
  • Spring Security bcrypt encoding login is not working
  • Table striping rows in CSS Grid
  • Neo4j: Legacy Indexes and auto index vs new label bases schema indexes
  • Using SWIG with a build system [closed]
  • Using HTML/CSS for UI in XNA?
  • Serve file to user over http via php
  • what is the purpose of “export as namespace foo”?
  • Is there a way to set up a fallback for the formAction attribute in HTML5?
  • ZipList with Scalaz
  • Is it possible to get the word under the mouse cursor in a ``?
  • c++ regex_replace not doing intended substitution
  • Spring integration inbound-gateway Fire an event when queue is empty
  • Updating Dojo provide
  • abstracting over a collection
  • Hash Code in SQL Server?
  • How to programatically 'login' a user based on 'remember me' cookie when using j
  • Java color detection
  • I18n locale disregarding fallbacks
  • Silverlight DependencyProperty.SetCurrentValue Equivalent
  • Sequential (transactional) API calls in angular 4 with state management
  • Use of this Javascript
  • C++ Partial template specialization - design simplification
  • 'TypeError' while using NSGA2 to solve Multi-objective prob. from pyopt-sparse in OpenMDAO
  • How to get next/previous record number?
  • Python: how to group similar lists together in a list of lists?
  • How get height of the a view with gone visibility and height defined as wrap_content in xml?
  • Linking SubReports Without LinkChild/LinkMaster
  • Binding checkboxes to object values in AngularJs
  • Net Present Value in Excel for Grouped Recurring CF
  • jQuery Masonry / Isotope and fluid images: Momentary overlap on window resize
  • How to load view controller without button in storyboard?
  • How do I use LINQ to get all the Items that have a particular SubItem?