Installing mcrypt extension for PHP

PHP’s mcrypt extension is an binding of libmcrypt – a cryptography library which enable support for a wide variety of algorithms, including DES, TripleDES, Blowfish (default), 3-WAY, SAFER-SK64, SAFER-SK128, TWOFISH, TEA, RC2 and GOST in CBC, OFB, CFB and ECB cipher modes.

This article is going to show you why it was deprecated and how to install mcrypt on newer PHP releases.

mcrypt is now deprecated from PHP 7.2

According to PHP manual, mcrypt extension was deprecated in PHP 7.1.0, and completely removed from PHP 7.2.0.

The mcrypt extension has been moved to the PECL repository and is no longer bundled with PHP since PHP 7.2.0. This means PHP 7.2, 7.3, 7.4 and so on won’t have mcrypt out of the box, too.

Why was mcrypt deprecated

The mcrypt extension has been abandonware for nearly a decade now, and was also fairly complex to use. The last update to libmcrypt was in 2007, despite unmerged patches piled up. That fact led security advisors to discourage the use of it in new releases.

mcrypt has therefore been deprecated in favour of OpenSSL, and it will be removed from the core and into PECL in PHP 7.2.

Security experts also advise against doing crypto work in PHP in the first place (which is what mcrypt did). PHP is neither the right tool nor the right environment for cryptography.

Install mcrypt from PECL

PECL is a repository for PHP Extensions, which includes community-maintained and old packages.

You can download and install any PHP extension available from their repository, include mcrypt.

Suppose you’re using Linux, you can easily get mcrypt from PECL following the steps below.

The instructions below also works for AWS users running on Linux.

Step 1 : Install php-pecl with apt-get or yum.

sudo apt-get install php-pecl
# OR
sudo yum install php-pear

Step 2 : Ensure libmcrypt is installed.

sudo apt-get install libmcrypt-dev libreadline-dev -y

Step 3 : Install the correct mcrypt version using PECL.

The mcrypt library on PECL have several builds for each PHP version.

If you’re running PHP 7.2.x, the correct mcrypt release version is 1.0.1

pecl install mcrypt-1.0.1

If you’re running PHP 7.4.x, you have to install mcrypt 1.0.2

pecl install mcrypt-1.0.2

Similarly, PHP 8.0 is compatible with mcrypt 1.0.3 and PHP 8.1 is 1.0.4

Step 4 : Enable mcrypt by adding to php.ini file.

echo "" > /etc/php/7.2/apache2/php.ini
echo "" > /etc/php/7.2/cli/php.ini

The exact location of php.ini depends on your specific set up, which can be found by running the following command.

php -i | grep 'php.ini'

Step 5 : Verify that mcrypt is installed and enabled properly.

php -m | grep mcrypt

Step 6 : Restart Nginx or Apache for changes to take effect.

sudo systemctl restart apache2
sudo systemctl restart nginx

Install and enable mcrypt for PHP5

You can still install mcrypt if you’re using PHP version 5.x on Ubuntu/Debian(which is unsecure though), following the instructions below.

Step 1 : Install php5-mcrypt with apt-get

sudo apt-get install php5-mcrypt

Step 2 : Symlink mcrypt to php5/mods-available

ln -s /etc/php5/conf.d/mcrypt.ini /etc/php5/mods-available/mcrypt.ini

Step 3 : Symlink mcrypt to php5/fpm/mods-available if you use FastCGI Process Manager (FPM).

ln -s /etc/php5/fpm/conf.d/mcrypt.ini /etc/php5/mods-available/mcrypt.ini

Step 4 : Enable mcrypt by running php5enmod

php5enmod mcrypt

Step 5: Restart PHP and nginx/apache for changes to take effect.

sudo systemctl php5-fpm restart
sudo systemctl nginx restart
sudo systemctl restart apache2

Please note that if mcrypt is already installed, creating a symlink will cause the error below.

ln: failed to create symbolic link ‘/etc/php5/mods-available/mcrypt.ini’: File exists

In this case, skip step 2 and step 3 and proceed to enable the extension.

mcrypt alternatives

While you can install and use mcrypt on newer PHP releases doesn’t mean that you should do that. Instead, consider moving to one of its alternatives below.

Leave a Comment