PHP 5.4.37 Released


(PHP 4 >= 4.0.2, PHP 5)

mcrypt_decryptDecrypts crypttext with given parameters


string mcrypt_decrypt ( string $cipher , string $key , string $data , string $mode [, string $iv ] )

Decrypts the data and returns the unencrypted data.



Una din constantele MCRYPT_ciphername sau denumirea algoritmului ca șir de caractere.


The key with which the data was encrypted. If the provided key size is not supported by the cipher, the function will emit a warning and return FALSE


The data that will be decrypted with the given cipher and mode. If the size of the data is not n * blocksize, the data will be padded with '\0'.


Una din constantele MCRYPT_MODE_modename sau unul din șirurile de caractere: "ecb", "cbc", "cfb", "ofb", "nofb" sau "stream".


Utilizat pentru inițializare în modurile CBC, CFB, OFB și în unii algoritmi în modul STREAM. Dacă dimensiunea IV furnizat nu este susținută de modul înlănțuirii, sau dacă nu a fost furnizat un IV, însă modul de înlănțuire îl necesită, funcția va emite o avertizare și va întoarce FALSE.

Valorile întoarse

Returns the decrypted data as a string sau FALSE în cazul eșecului.

Istoricul schimbărilor

Versiune Descriere
5.6.0 Invalid key and iv sizes are no longer accepted. mcrypt_decrypt() will now throw a warning and return FALSE if the inputs are invalid. Previously keys and IVs were padded with '\0' bytes to the next valid size.

A se vedea și

add a note add a note

User Contributed Notes 6 notes

eddiec at stararcher dot com
9 years ago
It appears that mcrypt_decrypt pads the *RETURN STRING* with nulls ('\0') to fill out to n * blocksize.  For old C-programmers, like myself, it is easy to believe the string ends at the first null.  In PHP it does not:

    strlen("abc\0\0") returns 5 and *NOT* 3
    strcmp("abc", "abc\0\0") returns -2 and *NOT* 0

I learned this lesson painfully when I passed a string returned from mycrypt_decrypt into a NuSoap message, which happily passed the nulls along to the receiver, who couldn't figure out what I was talking about.

My solution was:
= mcrypt_decrypt( ...etc ...);
$retval = rtrim($retval, "\0");     // trim ONLY the nulls at the END
david at sickmiller dot com
6 years ago
If you happen to be decrypting something encrypted in ColdFusion, you'll discover that its encrypt function apparently pads the plaintext with ASCII 4, the "end of transmission" character.

Building on eddiec's code, you can remove both nulls and EOTs with this:

= mcrypt_decrypt( ...etc ...);
$retval = rtrim($retval, "\0\4");     // trim ONLY the nulls and EOTs at the END
evangelion207 at hotmail dot com
3 years ago
Be careful, sometimes mcrypt_decrypt return additional white spaces to the uncrypted string; use trim() for deleting them. I was like 2 hours searching the error and it was that..
3 years ago
Caution, MCRYPT_RIJNDAEL_256 is not equivalent to AES_256.

The way to make RIJNDAEL be decrypted from AES with openssl is to use MCRYPT_RIJNDAEL_128 and padd the string to encrypt before encrypting with the follwing function:

function pkcs5_pad ($text, $blocksize) {
$pad = $blocksize - (strlen($text) % $blocksize);
$text . str_repeat(chr($pad), $pad);

On the decryption, the choosing of AES_256 or AES_128, etc. is based on the keysize used in the crypting. In my case it was a 128bit key so I used AES_128.
4 years ago
To remove PKCS7 padding:

= mdecrypt_generic($td, base64_decode($enc_auth_token));
$dec_s = strlen($decrypted);
$padding = ord($decrypted[$dec_s-1]);
$decrypted = substr($decrypted, 0, -$padding);
artaxerxes2 at iname dot com
1 year ago
To decrypt data coming from MySQL's AES_ENCRYPT function:


function mysql_aes_key($key)
$new_key = str_repeat(chr(0), 16);
$new_key[$i%16] = $new_key[$i%16] ^ $key[$i];

// if $encrypted is HEXed, then return it to binary
$encrypted = pack('H*',$encrypted);

$key = mysql_aes_key($key);


adapted from the article "Replicating MySQL AES Encryption Methods With PHP" (dated 2012-05-20) found somewhere online.
To Top