ezimuel · April 26, 2018 13:07
diff --git a/decrypt.php b/decrypt.php
 <?php
 /**
 * Decrypt a file generated with the command line:
 * openssl enc -aes-256-cbc -in file-to-encrypt -out encrypted-file -k password
 *
 * To decrypt:
 * php decrypt.php encrypted-file password decrypted-file
 *
 * NOTE: this script has been tested with OpenSSL v.1.1, for old version
 * please check if you need to use MD5 instead of SHA256 in EVP_BytesToKey()
 *
 * @author Enrico Zimuel ([email protected])
 */
 if (count($argv) < 4) {
    printf("Usage: %s <file_to_decrypt> <key> <decrypted_file>\n", basename(__FILE__));
    exit(1);
 }

 $file = $argv[1];
 if (!file_exists($file)) {
    throw new \Exception(sprintf("The file %s does not exist!", $file));
 }
 $secretKey = $argv[2];
 $output = $argv[3];

 $data = file_get_contents($file);
 $salt = mb_substr($data, 8, 8, '8bit'); // Get the salt, skipping "Salted__" fixed header string

 $genKeyData = EVP_BytesToKey($salt, $secretKey);

 $key = mb_substr($genKeyData, 0, 32, '8bit');
 $iv = mb_substr($genKeyData, 32, 16, '8bit');
 $ciphertext = mb_substr($data, 16, null, '8bit');

 $result = openssl_decrypt($ciphertext, 'aes-256-cbc', $key, OPENSSL_RAW_DATA, $iv);
 if (empty($result)) {
    printf("ERROR: %s\n",  openssl_error_string());
    exit(1);
 }
 file_put_contents($output, $result);
 printf("Decryption ok! The output has been stored in %s\n", $output);

 function EVP_BytesToKey($salt, $password) {
    $bytes = "";
    $last = "";

    // 32 bytes key + 16 bytes IV = 48 bytes.
    while(strlen($bytes) < 48) {
        $last = hash('sha256', $last . $password . $salt, true);
        $bytes.= $last;
    }
    return $bytes;
 }
	<?php
	/**
	* Decrypt a file generated with the command line:
	* openssl enc -aes-256-cbc -in file-to-encrypt -out encrypted-file -k password
	*
	* To decrypt:
	* php decrypt.php encrypted-file password decrypted-file
	*
	* NOTE: this script has been tested with OpenSSL v.1.1, for old version
	* please check if you need to use MD5 instead of SHA256 in EVP_BytesToKey()
	*
	* @author Enrico Zimuel ([email protected])
	*/
	if (count($argv) < 4) {
	printf("Usage: %s <file_to_decrypt> <key> <decrypted_file>\n", basename(__FILE__));
	exit(1);
	}

	$file = $argv[1];
	if (!file_exists($file)) {
	throw new \Exception(sprintf("The file %s does not exist!", $file));
	}
	$secretKey = $argv[2];
	$output = $argv[3];

	$data = file_get_contents($file);
	$salt = mb_substr($data, 8, 8, '8bit'); // Get the salt, skipping "Salted__" fixed header string

	$genKeyData = EVP_BytesToKey($salt, $secretKey);

	$key = mb_substr($genKeyData, 0, 32, '8bit');
	$iv = mb_substr($genKeyData, 32, 16, '8bit');
	$ciphertext = mb_substr($data, 16, null, '8bit');

	$result = openssl_decrypt($ciphertext, 'aes-256-cbc', $key, OPENSSL_RAW_DATA, $iv);
	if (empty($result)) {
	printf("ERROR: %s\n", openssl_error_string());
	exit(1);
	}
	file_put_contents($output, $result);
	printf("Decryption ok! The output has been stored in %s\n", $output);

	function EVP_BytesToKey($salt, $password) {
	$bytes = "";
	$last = "";

	// 32 bytes key + 16 bytes IV = 48 bytes.
	while(strlen($bytes) < 48) {
	$last = hash('sha256', $last . $password . $salt, true);
	$bytes.= $last;
	}
	return $bytes;
	}