Decrypts data

Description

openssl_decrypt(
    string $data,
    string $cipher_algo,
    string $passphrase,
    int $options = 0,
    string $iv = "",
    ?string $tag = null,
    string $aad = ""
): string|false

Takes a raw or base64 encoded string and decrypts it using a given method and key.

Parameters

data: The encrypted message to be decrypted.
cipher_algo: The cipher method. For a list of available cipher methods, use openssl_get_cipher_methods().
passphrase: The key.
options: options can be one of OPENSSL_RAW_DATA, OPENSSL_ZERO_PADDING.
iv: A non-NULL Initialization Vector.
tag: The authentication tag in AEAD cipher mode. If it is incorrect, the authentication fails and the function returns false.

Caution
The length of the tag is not checked by the function. It is the caller's responsibility to ensure that the length of the tag matches the length of the tag retrieved when openssl_encrypt() has been called. Otherwise the decryption may succeed if the given tag only matches the start of the proper tag.
aad: Additional authentication data.

Return Values

The decrypted string on success or false on failure.

Errors/Exceptions

Emits an E_WARNING level error if an unknown cipher algorithm is passed via the cipher_algo parameter.

Emits an E_WARNING level error if an empty value is passed in via the iv parameter.

Changelog

Version	Description
8.1.0	`tag` is now nullable.
7.1.0	The `tag` and `aad` parameters were added.

openssl_decrypt

Description

Parameters

Return Values

Errors/Exceptions

Changelog

See Also