protected function decrypt($data, $key)
{
$hmac = mb_substr($data, 0, 32, '8bit');
$iv = mb_substr($data, 32, 16, '8bit');
$ciphertext = mb_substr($data, 48, null, '8bit');
// Authentication
$hmacNew = hash_hmac('SHA256', $iv . $ciphertext, mb_substr($key, 32, null, '8bit'), true);
if (!$this->hash_equals($hmac, $hmacNew)) {
throw new \RuntimeException('Authentication failed');
}
// Decrypt
return openssl_decrypt($ciphertext, 'AES-256-CBC', mb_substr($key, 0, 32, '8bit'), OPENSSL_RAW_DATA, $iv);
}