Laravel - DecryptException: 'The MAC is invalid'

The problem is you generated a new APP_KEY, then if you try to decrypt the old encrypted data it will show the DecryptException: The MAC is invalid.

If you want to decrypt the old data you need to restore your old APP_KEY.

After realizing that, now, adding a new problem there, if you stored new data with another APP_KEY or another encryption method you have a problem on the data because they are mixed on the table.

In case you don't know when do you started with the new encrypt method or differentiate the new encrypted entries, the fastest solution would be reset all the passwords with the new encrypt method.

You can learn more about how Laravel encryption works on the official Laravel docs.


I copied the APP_KEY from the environment it was working dev to the production and the issue was solved. you may want to try it.


In case none of the above helped you, as it was in my case, well, some people mention clearing the cookies, sadly that is ambiguous to say the least.

I tried everything from the above, clear cache in laravel and the browser, hard reload and all..With no success!

SOLUTION: just CLOSE the browser entirely, and reopen it. In my case, I was using both Chrome and Opera, and they were both messing up. I had to close them BOTH, then reopen them for the MAC problem to disappear.


To avoid this, use a custom key instead. The default key is APP_KEY, but you can provide one so your decrypt is not linked with new or old APP_KEY. I use the following code to resolve it, and it worked in different APP_KEYs.

function customCrypt($vWord){
    $customKey = "blabla_key_with_correct_length"; 
    $newEncrypter = new \Illuminate\Encryption\Encrypter( $customKey, Config::get( 'app.cipher' ) );
    return $newEncrypter->encrypt( $vWord );
}

function customDecrypt($vWord){
    $customKey = "blabla_key_with_correct_length";
    $newEncrypter = new \Illuminate\Encryption\Encrypter( $customKey, Config::get( 'app.cipher' ) );
    return $newEncrypter->decrypt( $vWord );
}

Important for key length : if $cipher == 'AES-128-CBC' use $length === 16, if $cipher == 'AES-256-CBC' use $length === 32). Check in config/app.cipher which cipher your app uses.