I just started working on a new Laravel project (it’s been a while), and this had me googling. For a second, I thought I had missing PHP extensions (like ‘mcrypt’) or other cryptographic configs I needed to tweak.
But sometimes a solution is so obvious, you miss it.
So I found myself hitting this error on a new Laravel project, without any configuration whatsoever. Just did the composer install and browsed to the app:
$ tail -f laravel.log
[2016-11-07 15:48:13] local.ERROR: exception 'RuntimeException' with message
'The only supported ciphers are AES-128-CBC and AES-256-CBC with the correct
key lengths.' in htdocs/bootstrap/cache/compiled.php:13261
Stack trace:
#0 htdocs/bootstrap/cache/compiled.php(7739): Illuminate\Encryption\Encrypter->__construct('xxxx...', 'AES-256-CBC')
#1 htdocs/bootstrap/cache/compiled.php(1374): Illuminate\Encryption\EncryptionServiceProvider->Illuminate\Encryption\{closure}(Object(Illuminate\Foundation\Application), Array)
#2 htdocs/bootstrap/cache/compiled.php(1330): Illuminate\Container\Container->build(Object(Closure), Array)
#3 htdocs/bootstrap/cache/compiled.php(1908): Illuminate\Container\Container->make('encrypter', Array)
#4 htdocs/bootstrap/cache/compiled.php(1431): Illuminate\Foundation\Application->make('Illuminate\\Cont...')
#5 htdocs/bootstrap/cache/compiled.php(1408): Illuminate\Container\Container->resolveClass(Object(ReflectionParameter))
#6 htdocs/bootstrap/cache/compiled.php(1394): Illuminate\Container\Container->getDependencies(Array, Array)
#7 htdocs/bootstrap/cache/compiled.php(1330): Illuminate\Container\Container->build('App\\Http\\Middle...', Array)
#8 htdocs/bootstrap/cache/compiled.php(1908): Illuminate\Container\Container->make('App\\Http\\Middle...', Array)
#9 htdocs/bootstrap/cache/compiled.php(2426): Illuminate\Foundation\Application->make('App\\Http\\Middle...')
#10 htdocs/public/index.php(58): Illuminate\Foundation\Http\Kernel->terminate(Object(Illuminate\Http\Request), Object(Illuminate\Http\Response))
#11 {main}
Every time, the cause has been that I hand-rolled the APP_KEY value in my .env file and got the length wrong. That’s what triggers the “The only supported ciphers are AES-128-CBC and AES-256-CBC with the correct key lengths” error: the default cipher is AES-256-CBC, which needs a key that’s exactly 32 bytes long (AES-128-CBC wants 16). If your APP_KEY is too short or too long, Laravel refuses to boot.
So as a reminder to my future self: don’t generate the key by hand at all. Let Laravel do it:
$ php artisan key:generate
That writes a correctly-sized, base64-encoded key into your .env, prefixed with base64:, like this:
$ cat .env
...
APP_KEY=base64:l58ZVK24IpxHd4ms82U46tOxvdVK24IpxHd4ms82U46tO=
If you’ve just cloned a project or changed the key, follow it up with php artisan config:clear so the cached config picks up the new value.
(I originally wrote this off as “dashes and special characters b0rk it,” because my hand-made random keys happened to include dashes. But the real culprit was always the byte count, not the characters.)