Switching from Mcrypt to OpenSSL engine in Kohana application

Switching from Mcrypt to OpenSSL engine in Kohana application

Created:18 Mar 2021 20:02:19 , in  Web development

Is there anyone who still develops with Kohana these days? I do not thinks so ... Hold on a second! I'm one of those dinosaurs! Actually, to be more strict on this, I'm maintaining a few web applications, that have been written using this, once having very good prospects, PHP framework.

Kohana is dead in 2021, as pretty much is its minor update called Koseven (see GitHub). However the code itself is still alive and can cause some problems as newer and newer PHP versions arrive.

Deprecated mcrypt PHP extension

One recent example of a trouble I have encountered with one of these Kohana riding applications stemmed from somewhat forced switch from PHP 7.0 to PHP 7.3.

It all began from me needing a Composer package, which happened to depend on PHP 7.2 or newer. So I switched to 7.3. Surprisingly, Kohana did not like that. The reason was, its encrypt module relies on mcrypt PHP extension for encryption. As some of you certainly know by now, mcrypt PHP extension was deprecated in PHP 7.1, removed and moved to PECL.

Switching to OpenSSL based engine

Initially, while errors kept on popping out, I though it was game over for the framework, but took a dinner break and decided to look at the issue again after. Initially my idea was to rewrite Kohana's Crypt engine found in crypt module, possibly with Sodium.

Well, it was some option, but the last resort really due to the amount of time required to make it work.

So, I looked again into /modules/encrypt/classes/Kohana/Encrypt/Engine to check what's in there.

And surprise, surprise, apart from an engine based on mcrypt there was another, one using PHP openssl extension and sitting in file Openssl.php!

Huh, in times when everyone was building against PHP 5.3 and Kohana development was in full swing, Shadowhand and the rest of jolly Kohana Team were building for the future, I thought.

I looked at the library, it seemed kind of oldish, but no changes were needed to make it work with PHP 7.3, at least at the first glance.

Happy with the finding, I moved on to figuring out how to make this alternative engine work. And surprise, surprise again, this time a negative one. The jolly team built the engine, but forgot to add documentation on how to switch to it.

Anyhow, it was back to scrutinizing the code for me, but just for a short while. It turned out, that switching to a new encryption engine would only need a bit of tinkering with configuration in MY_APP/encrypt/config.php in the end. Here is what I needed:

For Crypt engine the config looks like this:


   #( example key, replace with your own)
   'key' => 'GhUpe9uphijweifiedaihaegh6Mu6Kie',
   'cipher' => MCRYPT_RIJNDAEL_128,
   'mode'   => MCRYPT_MODE_CBC,

For OpenSSL engine I needed this:


   # switches encryption engine from mcrypt to OpenSSL
   'type' => 'openssl',
   # 32 byte long encryption key ( example key, replace with your own)  
   'key' => 'GhUpe9uphijweifiedaihaegh6Mu6Kie',
   'cipher' => 'AES-256-CBC' # default cipher

The bit that makes Kohana switch to OpenSSL is 'type' => 'openssl'.

The same should be done in modules/encrypt/config/encrypt.php.

Once the engine was switched and configured, I was ready to encrypt and decrypt on as before. Happy days, I was thinking ...

Switch Fallout

As a result of the switch my old sessions were no longer usable. So, I needed to clear sessions database table.

Then, not my case it was, but if you have user passwords or some other data encrypted with the cipher crypt engine relied on, it might be hard to recover them. I'm pretty sure, there is a way to decode with OpenSSL PHP extension what was encoded with crypt, but have not investigated (I'd be happy to find out though, if someone knows the way). I'm pretty sure, this bit will come in handy many times over in the near future.

A remark on passwords. You might want to ask each user, who is trying to log in to reset their password after encryption engine has been change. Not convenient, but distributed way, so not everything is going to be on your shoulders ;)).

A few words for the end

As new versions of PHP get rolled out, there is more and more to do with older-and-no-longer-supported frameworks like Kohana.

I was lucky with the framework while switching to PHP 7.3, firstly because there was the engine based on OpenSSL PHP extension in it. Secondly, because Kohana is a very modular and well written piece of code.

Even if OpenSSL engine does not work in the future, it should not be a big trouble to customize it, the main bits are all in place already.

If openssl PHP extension is moved to PECL as mcrypt got, adding an entirely new engine is going to be as simple as building a new class and dropping it in /modules/encrypt/classes/Kohana/Encrypt/Engine folder. Well done Kohana Team.

As you can see, in the world of programming, stuff becomes dead not when they tell you it has, but after you have stopped investing your time in it. So, ong life COBOL, long life Kohana!

This post was updated on 06 May 2021 13:18:27

Tags:  encryption ,  php 


Author, Copyright and citation

Author

Sylwester Wojnowski

Author of the this article - Sylwester Wojnowski - is a sWWW web developer. He has been writing computer code for the websites and web applications since 1998.

Copyrights

©Copyright, 2021 Sylwester Wojnowski. This article may not be reproduced or published as a whole or in parts without permission from the author. If you share it, please give author credit and do not remove embedded links.

Computer code, if present in the article, is excluded from the above and licensed under GPLv3.

Citation

Cite this article as:

Wojnowski, Sylwester. "Switching from Mcrypt to OpenSSL engine in Kohana application." From sWWW - Code For The Web . https://wojnowski.net.pl//main/index/switching-from-mcrypt-to-openssl-engine-in-kohana-application

Add Comment

Allowed BB Code - style tags: [b][/b], [i][/i], [code=text][/code],[code=javascript][/code],[code=php][/code],[code=bash][/code],[code=css][/code],[code=html][/code]


I constent to processing my data given through this form for purposes of a reply by the administrator of this website.

Recent Comments

Nobody has commented on this post yet. Be first!