As of PHP 7.2, the mcrypt library that iTop was using to encrypt AttributeEncryptedString, was removed from PHP core.
iTop versions before 2.6.0 are only able to encrypt through mcrypt, thus
AttributeEncryptedStringfor these versions, is not compatible with PHP >= 7.2.
iTop user accounts passwords use a one-way encryption and are not affected by the presence or absence of mcrypt.
Choose & configure new encryption library
In order to pick an encryption library you'll need to define
encryption_library in the configuration file, this
parameter can take for value : Sodium, OpenSSL, Mcrypt (or
OpenSSLMcryptCompatibility for PHP > 7.2) or Simple. The picked
library needs to be installed and enabled in the current PHP
installation (see setup/phpinfo.php).
You will also be required to define the key
encryption_key that is used for iTop symetrical
encryption (make sure you never loose it!).
encryption_key are not defined, iTop will
choose a library depending on your PHP installation and generate a
key if Sodium or OpenSSL library were chosen
LibSodium is a cryptography library shipped with PHP core as of PHP 7.2.
The current usage of Sodium in iTop encrypt data with Salsa20 stream
cipher using the PHP (> 7.0) built in function
random_bytes to generate a salt and saves data as
Example to generate a valid Sodium key :
php -r "echo bin2hex(sodium_crypto_secretbox_keygen());" > itop_secret_key.txt
OpenSSL is a cryptography library frequently shipped with PHP.
The current usage of OpenSSL in iTop encrypt data with AES-256-CBC block cipher using openssl pseudo random bytes function to generate an initialisation vector.
This implementation of OpenSSL automaticaly pads the encryption key with zeros and saves data as base64 values.
Example to generate a valid AES-256 key :
php -r "echo bin2hex(openssl_random_pseudo_bytes(32));" > itop_secret_key.txt
Mcrypt (and OpenSSLMcryptCompatibility)
OpenSSLMcryptCompatibility library option which allows
you to still work on these data.
Mcrypt is a (deprecated) cryptography library that used to be shipped with PHP core up to PHP 7.1.
The current usage of Mcrypt in iTop encrypt data with BLOWFISH-CBC block cipher using mcrypt (or openssl) pseudo random bytes function to generate an initialisation vector.
If Mcrypt is specified but the library not installed (eg. in PHP 7.2+), iTop will try to use its backup OpenSSLMcryptCompatibility using OpenSSL library.
Simple is a weaker algortihm that encrypt with no salt. It's
used by iTop if the library specified in
encryption_library isn't installed or enabled in