Snipe-it: Snipe-IT depends on the deprecated mcrypt module

Created on 27 Sep 2016  路  6Comments  路  Source: snipe/snipe-it

Mcrypt will be deprecated in PHP 7.1 (due to be released in November) and completely removed in PHP 7.2.

https://wiki.php.net/rfc/mcrypt-viking-funeral
https://paragonie.com/blog/2015/05/if-you-re-typing-word-mcrypt-into-your-code-you-re-doing-it-wrong

Perhaps it's a good time to drop mcrypt as a dependency? We don't install mcrypt any more on our servers and are looking for a way to run Snipe-IT without it. Right now we see an error in the logs:

no supported encrypter found. the cipher and / or key length are invalid

picture pako-pl

Most helpful comment

We're planning on deprecating mcrypt, but we need to write a migrator for the people who have existing app keys from older versions, otherwise anything they've encrypted will be un-decryptable if we switch the encryption. (This is why we haven't deprecated it already.)

You can try changing your cipher in your config/app.php to AES-256-CBC and running the key generator again.

picture snipe on 27 Sep 2016
👍3

All 6 comments

If you add base64: to the beginning of your app key in your .env, do you still see the error?

snipe picture snipe on 27 Sep 2016

(Also, telling us what version of Snipe-IT you're running would be really helpful. That's why we ask in the GH template.)

snipe picture snipe on 27 Sep 2016

I'm trying to install Snipe-IT 3.4. I will check if adding base64: prefix will help.

pako-pl picture pako-pl on 27 Sep 2016

In the .env file, I tried setting the key like this:

APP_KEY=12345678901234567890123456789012

or

APP_KEY=base64:12345678901234567890123456789012

I even tried:

php artisan key:generate
Application key [base64:SiI1x+y4K8guAw47J6hPeeeU75gwLlOWwc7iLd0mfQk=] set successfully.

Unfortunately, I always get the same error:

no supported encrypter found. the cipher and / or key length are invalid

pako-pl picture pako-pl on 27 Sep 2016

We're planning on deprecating mcrypt, but we need to write a migrator for the people who have existing app keys from older versions, otherwise anything they've encrypted will be un-decryptable if we switch the encryption. (This is why we haven't deprecated it already.)

You can try changing your cipher in your config/app.php to AES-256-CBC and running the key generator again.

snipe picture snipe on 27 Sep 2016
👍3

Thank you. I can confirm that changing cipher in config/app.php to AES-256-CBC and running:

php artisan key:generate

resolved the problem. Now Snipe-IT runs without mcrypt.

pako-pl picture pako-pl on 28 Sep 2016
Was this page helpful?
0 / 5 - 0 ratings

Related issues

Supsuop picture Supsuop  路  4Comments
memtech3 picture memtech3  路  4Comments
Rungea96 picture Rungea96  路  4Comments
Neor5804 picture Neor5804  路  3Comments
ericdude101 picture ericdude101  路  5Comments