An interesting concept I may have found on this site:

https://bhoover.com/using-php-openssl_e ... rypt-data/ since Opencart also uses the openssl random pseudo bytes as an encryption method.

See if by replacing your entire system/library/encryption.php file will solve the issue with these modifications:

Code: Select all

```
<?php
/**
* @package OpenCart
* @author Daniel Kerr
* @copyright Copyright (c) 2005 - 2017, OpenCart, Ltd. (https://www.opencart.com/)
* @license https://opensource.org/licenses/GPL-3.0
* @link https://www.opencart.com
*/
/**
* Encryption class
*/
final class Encryption {
/**
*
*
* @param string $key
* @param string $value
*
* @return string
*/
public function encrypt($key, $value) {
// Remove the base64 encoding from our key
$encryption_key = base64_decode($value);
// Generate an initialization vector
$iv = openssl_random_pseudo_bytes(openssl_cipher_iv_length('aes-256-gcm'));
// Encrypt the data using AES 256 encryption in GCM mode using our encryption key and initialization vector.
$encrypted = openssl_encrypt($key, 'aes-256-gcm', $encryption_key, 0, $iv);
// The $iv is just as important as the key for decrypting, so save it with our encrypted data using a unique separator (::)
return base64_encode($encrypted . '::' . $iv);
}
/**
*
*
* @param string $key
* @param string $value
*
* @return string
*/
public function decrypt($key, $value) {
// Remove the base64 encoding from our key
$encryption_key = base64_decode($value);
// To decrypt, split the encrypted data from our IV - our unique separator used was "::"
list($encrypted_data, $iv) = explode('::', base64_decode($key), 2);
return openssl_decrypt($encrypted_data, 'aes-256-gcm', $encryption_key, 0, $iv);
}
}
```

Update:

**According to this site: https://security.stackexchange.com/ques ... ion-vector , it would seem using the CBC algorithm may not be as secured either. Using the GCM algorithm may be more secured. Codes above have been modified accordingly.**
Then, ensure to follow these steps before testing your store:

viewtopic.php?f=176&p=721388#p718325 . Since this procedure is also about modifying encryption and decryption methods, better to make a backup of your entire store as well.