How do I switch from mcrypt to the legacy-encrypter in Laravel?

Update your `config/app.php` to set the encryption driver to `'legacy-encrypter'` instead of `'mcrypt'`, then run `composer require laravel/legacy-encrypter`. No other changes are needed—it’s a direct drop-in replacement for Laravel’s `Crypt` facade.

Will this work with Laravel 9 or 10?

Yes, the package supports Laravel 8+ and PHP 7.4+. However, Laravel may eventually deprecate it, so plan to migrate to OpenSSL or `defuse/php-encryption` as soon as possible. Always check the latest Laravel and package release notes for compatibility.

Can I use this for new encryption in a Laravel app?

No, this package is **not recommended** for new encryption. It’s a temporary bridge for decrypting legacy data. Use Laravel’s built-in `openssl` driver or `defuse/php-encryption` for secure new encryption. mcrypt is obsolete and insecure.

How do I test if legacy-encrypted data decrypts correctly?

Compare decrypted outputs with known-good mcrypt-encrypted payloads. Use Laravel’s `Crypt::decrypt()` and verify against original plaintext. Test edge cases like empty strings, corrupted data, or malformed IVs to ensure robustness.

Is this package secure for production use?

Only as a **short-term migration tool**. mcrypt uses outdated algorithms (e.g., rijndael) vulnerable to attacks like Sweet32. Avoid encrypting new data with it. Migrate to OpenSSL or `defuse/php-encryption` immediately after decrypting legacy data.

What if my legacy data was encrypted with custom mcrypt parameters?

The package assumes standard mcrypt defaults (e.g., MCRYPT_RIJNDAEL_256, MCRYPT_MODE_CBC). If your data used non-standard IVs, key derivation, or modes, decryption may fail. Test thoroughly with sample payloads before full migration.

How does this affect performance in high-traffic apps?

mcrypt is significantly slower than OpenSSL. If decrypting large volumes of legacy data (e.g., database records), expect bottlenecks. Consider batch processing or parallelizing decryption tasks to mitigate delays.

Are there alternatives to this package for legacy mcrypt decryption?

Yes, you could manually implement mcrypt decryption using PHP’s `mcrypt` extension (if available) or use third-party libraries like `paragonie/halite` for custom decryption logic. However, the `legacy-encrypter` package is the **official Laravel-supported** solution.

Does this package support key rotation for legacy data?

No, this package doesn’t include key rotation. Legacy mcrypt keys are typically static. If you need to rotate keys, you’ll need to re-encrypt data using a modern system (e.g., OpenSSL) after decrypting with this package.

What’s the long-term plan for this package?

Laravel expects this to be a **temporary** solution. Once most legacy systems migrate, the package may be deprecated. Start planning to replace it with `openssl` or `defuse/php-encryption`—especially for compliance-sensitive data (e.g., GDPR, HIPAA).

Weave Code

Code Weaver

Helps Laravel developers discover, compare, and choose open-source packages. See popularity, security, maintainers, and scores at a glance to make better decisions.

Legacy Encrypter Laravel Package

laravel/legacy-encrypter

Drop-in Laravel encrypter compatible with legacy apps. Encrypt/decrypt data using older key formats and cipher settings so you can read existing payloads and migrate safely. Useful for upgrades where stored encrypted values must remain accessible.

View on GitHub

Deep Wiki

Context7

At a glance

Frequently asked questions about Legacy Encrypter

How do I switch from mcrypt to the legacy-encrypter in Laravel?: Update your `config/app.php` to set the encryption driver to `'legacy-encrypter'` instead of `'mcrypt'`, then run `composer require laravel/legacy-encrypter`. No other changes are needed—it’s a direct drop-in replacement for Laravel’s `Crypt` facade.
Will this work with Laravel 9 or 10?: Yes, the package supports Laravel 8+ and PHP 7.4+. However, Laravel may eventually deprecate it, so plan to migrate to OpenSSL or `defuse/php-encryption` as soon as possible. Always check the latest Laravel and package release notes for compatibility.
Can I use this for new encryption in a Laravel app?: No, this package is **not recommended** for new encryption. It’s a temporary bridge for decrypting legacy data. Use Laravel’s built-in `openssl` driver or `defuse/php-encryption` for secure new encryption. mcrypt is obsolete and insecure.
How do I test if legacy-encrypted data decrypts correctly?: Compare decrypted outputs with known-good mcrypt-encrypted payloads. Use Laravel’s `Crypt::decrypt()` and verify against original plaintext. Test edge cases like empty strings, corrupted data, or malformed IVs to ensure robustness.
Is this package secure for production use?: Only as a **short-term migration tool**. mcrypt uses outdated algorithms (e.g., rijndael) vulnerable to attacks like Sweet32. Avoid encrypting new data with it. Migrate to OpenSSL or `defuse/php-encryption` immediately after decrypting legacy data.
What if my legacy data was encrypted with custom mcrypt parameters?: The package assumes standard mcrypt defaults (e.g., MCRYPT_RIJNDAEL_256, MCRYPT_MODE_CBC). If your data used non-standard IVs, key derivation, or modes, decryption may fail. Test thoroughly with sample payloads before full migration.
How does this affect performance in high-traffic apps?: mcrypt is significantly slower than OpenSSL. If decrypting large volumes of legacy data (e.g., database records), expect bottlenecks. Consider batch processing or parallelizing decryption tasks to mitigate delays.
Are there alternatives to this package for legacy mcrypt decryption?: Yes, you could manually implement mcrypt decryption using PHP’s `mcrypt` extension (if available) or use third-party libraries like `paragonie/halite` for custom decryption logic. However, the `legacy-encrypter` package is the **official Laravel-supported** solution.
Does this package support key rotation for legacy data?: No, this package doesn’t include key rotation. Legacy mcrypt keys are typically static. If you need to rotate keys, you’ll need to re-encrypt data using a modern system (e.g., OpenSSL) after decrypting with this package.
What’s the long-term plan for this package?: Laravel expects this to be a **temporary** solution. Once most legacy systems migrate, the package may be deprecated. Start planning to replace it with `openssl` or `defuse/php-encryption`—especially for compliance-sensitive data (e.g., GDPR, HIPAA).

View on GitHub

Stars

Favorites

Forks

Score

1.3

License

MIT

Watchers

Downloads

60/mo

Dependents

Open issues

Weaver

How can I help you explore Laravel packages today?

Conversation history is not saved when not logged in.

Add packages to context

No packages found.

davejamesmiller/laravel-breadcrumbs

artisanry/parsedown

christhompsontldr/phpsdk

enqueue/dsn

bunny/bunny

enqueue/test

enqueue/null

enqueue/amqp-tools

milesj/emojibase

bower-asset/punycode

bower-asset/inputmask

bower-asset/jquery

bower-asset/yii2-pjax

laravel/nova

spatie/laravel-mailcoach

spatie/laravel-superseeder

laravel/liferaft

nst/json-test-suite

danielmiessler/sec-lists

jackalope/jackalope-transport