I am using openssl_encrypt in Laravel, i used this function before in PHP 5.6 which was working ok, but after i switched to Laravel, i took the encryption and decryption functions from my old web application but i am getting the following error:
openssl_encrypt(): IV passed is 24 bytes long which is longer than the 16 expected by selected cipher, truncating
private $iv = "########################";
private $keys = "###########";
protected function encryption($plainData)
{
$cipher = "aes-256-cbc";
$encryptedData = base64_encode(openssl_encrypt($plainData, $cipher, $this->keys, 1,$this->iv));
return $encryptedData;
}
//decryption
protected function decryption($encryptedData)
{
$decodeData = base64_decode($encryptedData);
$cipher = "aes-256-cbc";
$data = openssl_decrypt($decodeData, $cipher, $this->keys, 1,$this->iv);
return $data;
}
Anyone has any insight, in which way i can fix this issue?
It does not make sense to talk about a 24 bytes init Vector (IV) for AES. The IV is only applied to the first encryption block, and as AES works with encryption block of 16 bytes, the IV needs to be 16 bytes. Specifying more than 16 bytes for the IV will inherently involve some truncation if not outright giving you an error (you seem to have encountered both cases).
As for the use of the IV, you should not use a hard coded value, but rather use a unique IV for each message. As the IV is unique for a message you need to store it together with the message. It is a common practice to preprend the message with the IV, so it's handy when you need to decrypt the message.