The new versions of PHP 5.6+ are now enforcing proper key sizes. If your Laravel APP_KEY is not using one of the supported character lengths, you will get the following error:
mcrypt_decrypt(): Key of size 5 not supported by this algorithm. Only keys of sizes 16, 24 or 32 supported.
There are 2 ways to fix this:
A) “Pad” the key to a valid size. This will preserve your existing encrypted data such as: any data that was saved with
Crypt::encrypt()in the database, passwords saved with
Hash::make() [note – there is conflicting information on if the key is used during password hashing and storage], and current sessions.
B) Or generate a new key and lose your previously encrypted data:
php artisan key:generate
Pad Laravel APP_KEY to Next Supported Length
To preserve your existing encrypted data, manually “pad” your existing key to the next valid size (16, 24, 32 characters). This is how invalid size keys were handled internally by the PHP mcrypt_decrypt() function before the change in PHP 5.6+…
Previously keys and IVs were padded with ‘′ bytes to the next valid size.
If it is 10 characters, pad it to 16.
If it is 20 characters, pad it to 24.
If it is 25 characters, pad it to 32.
1. Open your Laravel configuration file:
2. Find line:
'key' => env('APP_KEY', 'SomeRandomString'),
The above line attempts to read the value of Laravel’s environmental variable
APP_KEY (as defined in Laravel’s .env file), and if unable to do so, uses the quoted value.
3. Count the number of characters the key value is (without the quotes), and make it valid-sized by adding null bytes to the end. You will need to replace the quotes that surround the key value from single quotes to double quotes – so PHP interprets the null bytes correctly.
For example, if your key is “12345”, than it is 5 characters long, and it needs to be made 16 characters long like so:
With the above app.php line like so:
'key' => env('APP_KEY', "12345"),
The above key value is also stored in Laravel’s .env file (which itself usually acts as the primary source for
1. Open your Laravel .env file:
2. Find line:
3. Update it to the padded value, surrounded by double quotes like so:
For Key Sizes Larger Than 32
mcrypt_encrypt(): Size of key is too large for this algorithm.
If your key size is larger than 32 characters, truncate (from the end) the key length down to 32 characters (or 16 if that does not work).
As an alternative, you can use the PHP function
str_pad to automatically do the above manual padding. For example, to pad a 17-23 character length key to 24:
str_pad($str, 24, "", STR_PAD_RIGHT);
Also the PHP function
chr can be used to return the null byte instead of specifying it with special escape sequences:
Laravel uses PHPDotEnv (3rd-party library) to read the .env file and load the environmental variables. PHPDotEnv uses its own basic text/string format – and you cannot embed PHP code into the .env file. If you are unable to place the null-byte padded value into the .env file, you can comment out (#) the APP_KEY line so Laravel uses the default/fallback value from the app.php file.
The issue is referenced here: mcrypt_decrypt() throws error when PHP 5.6 is used if key is not 32 characters #6722