PHP’s mcrypt extension is an binding of libmcrypt – a cryptography library which enable support for a wide variety of algorithms, including DES, TripleDES, Blowfish (default), 3-WAY, SAFER-SK64, SAFER-SK128, TWOFISH, TEA, RC2 and GOST in CBC, OFB, CFB and ECB cipher modes.
This article is going to show you why it was deprecated and how to install mcrypt on newer PHP releases.
mcrypt is now deprecated from PHP 7.2
According to PHP manual, mcrypt extension was deprecated in PHP 7.1.0, and completely removed from PHP 7.2.0.
The mcrypt extension has been moved to the PECL repository and is no longer bundled with PHP since PHP 7.2.0. This means PHP 7.2, 7.3, 7.4 and so on won’t have mcrypt out of the box, too.
Why was mcrypt deprecated
The mcrypt extension has been abandonware for nearly a decade now, and was also fairly complex to use. The last update to libmcrypt was in 2007, despite unmerged patches piled up. That fact led security advisors to discourage the use of it in new releases.
mcrypt has therefore been deprecated in favour of OpenSSL, and it will be removed from the core and into PECL in PHP 7.2.
Security experts also advise against doing crypto work in PHP in the first place (which is what mcrypt did). PHP is neither the right tool nor the right environment for cryptography.
Install mcrypt from PECL
PECL is a repository for PHP Extensions, which includes community-maintained and old packages.
You can download and install any PHP extension available from their repository, include mcrypt.
Suppose you’re using Linux, you can easily get mcrypt from PECL following the steps below.
The instructions below also works for AWS users running on Linux.
Step 1 : Install php-pecl with apt-get or yum.
sudo apt-get install php-pecl
# OR
sudo yum install php-pearStep 2 : Ensure libmcrypt is installed.
sudo apt-get install libmcrypt-dev libreadline-dev -yStep 3 : Install the correct mcrypt version using PECL.
The mcrypt library on PECL have several builds for each PHP version.
If you’re running PHP 7.2.x, the correct mcrypt release version is 1.0.1
pecl install mcrypt-1.0.1If you’re running PHP 7.4.x, you have to install mcrypt 1.0.2
pecl install mcrypt-1.0.2Similarly, PHP 8.0 is compatible with mcrypt 1.0.3 and PHP 8.1 is 1.0.4
Step 4 : Enable mcrypt by adding extension=mcrypt.so to php.ini file.
echo "extension=mcrypt.so" > /etc/php/7.2/apache2/php.ini
echo "extension=mcrypt.so" > /etc/php/7.2/cli/php.iniThe exact location of php.ini depends on your specific set up, which can be found by running the following command.
php -i | grep 'php.ini'Step 5 : Verify that mcrypt is installed and enabled properly.
php -m | grep mcryptStep 6 : Restart Nginx or Apache for changes to take effect.
sudo systemctl restart apache2
sudo systemctl restart nginxInstall and enable mcrypt for PHP5
You can still install mcrypt if you’re using PHP version 5.x on Ubuntu/Debian(which is unsecure though), following the instructions below.
Step 1 : Install php5-mcrypt with apt-get
sudo apt-get install php5-mcryptStep 2 : Symlink mcrypt to php5/mods-available
ln -s /etc/php5/conf.d/mcrypt.ini /etc/php5/mods-available/mcrypt.iniStep 3 : Symlink mcrypt to php5/fpm/mods-available if you use FastCGI Process Manager (FPM).
ln -s /etc/php5/fpm/conf.d/mcrypt.ini /etc/php5/mods-available/mcrypt.iniStep 4 : Enable mcrypt by running php5enmod
php5enmod mcryptStep 5: Restart PHP and nginx/apache for changes to take effect.
sudo systemctl php5-fpm restart
sudo systemctl nginx restart
sudo systemctl restart apache2Please note that if mcrypt is already installed, creating a symlink will cause the error below.
ln: failed to create symbolic link ‘/etc/php5/mods-available/mcrypt.ini’: File existsIn this case, skip step 2 and step 3 and proceed to enable the extension.
mcrypt alternatives
While you can install and use mcrypt on newer PHP releases doesn’t mean that you should do that. Instead, consider moving to one of its alternatives below.
- Sodium (available as of PHP 7.2.0)
- OpenSSL
- mcrypt_compat – PHP 5.x/7.x polyfill for mcrypt extension.
