Security
in package
Security Library contains utility methods related to security
Table of Contents
Properties
- $hashType : string
- Default hash method. If `$type` param for `Security::hash()` is not specified this value is used. Defaults to 'sha1'.
- $_instance : object|null
- The crypto implementation to use.
- $_salt : string|null
- The HMAC salt to use for encryption and decryption routines
Methods
- constantEquals() : bool
- A timing attack resistant comparison that prefers native PHP implementations.
- decrypt() : string|null
- Decrypt a value using AES-256.
- encrypt() : string
- Encrypt a value using AES-256.
- engine() : OpenSsl
- Get the crypto implementation based on the loaded extensions.
- getSalt() : string
- Gets the HMAC salt to be used for encryption/decryption routines.
- hash() : string
- Create a hash from string using given method.
- insecureRandomBytes() : string
- Like randomBytes() above, but not cryptographically secure.
- randomBytes() : string
- Get random bytes from a secure source.
- randomString() : string
- Creates a secure random string.
- setHash() : void
- Sets the default hash method for the Security object. This affects all objects using Security::hash().
- setSalt() : void
- Sets the HMAC salt to be used for encryption/decryption routines.
- _checkKey() : void
- Check the encryption key for proper length.
Properties
$hashType
Default hash method. If `$type` param for `Security::hash()` is not specified this value is used. Defaults to 'sha1'.
public
static string
$hashType
= 'sha1'
$_instance
The crypto implementation to use.
protected
static object|null
$_instance
$_salt
The HMAC salt to use for encryption and decryption routines
protected
static string|null
$_salt
Methods
constantEquals()
A timing attack resistant comparison that prefers native PHP implementations.
public
static constantEquals(mixed $original, mixed $compare) : bool
Parameters
- $original : mixed
-
The original value.
- $compare : mixed
-
The comparison value.
Tags
Return values
booldecrypt()
Decrypt a value using AES-256.
public
static decrypt(string $cipher, string $key[, string|null $hmacSalt = null ]) : string|null
Parameters
- $cipher : string
-
The ciphertext to decrypt.
- $key : string
-
The 256 bit/32 byte key to use as a cipher key.
- $hmacSalt : string|null = null
-
The salt to use for the HMAC process. Leave null to use value of Security::getSalt().
Tags
Return values
string|null —Decrypted data. Any trailing null bytes will be removed.
encrypt()
Encrypt a value using AES-256.
public
static encrypt(string $plain, string $key[, string|null $hmacSalt = null ]) : string
Caveat You cannot properly encrypt/decrypt data with trailing null bytes. Any trailing null bytes will be removed on decryption due to how PHP pads messages with nulls prior to encryption.
Parameters
- $plain : string
-
The value to encrypt.
- $key : string
-
The 256 bit/32 byte key to use as a cipher key.
- $hmacSalt : string|null = null
-
The salt to use for the HMAC process. Leave null to use value of Security::getSalt().
Tags
Return values
string —Encrypted data.
engine()
Get the crypto implementation based on the loaded extensions.
public
static engine([OpenSsl|null $instance = null ]) : OpenSsl
You can use this method to forcibly decide between openssl/custom implementations.
Parameters
- $instance : OpenSsl|null = null
-
The crypto instance to use.
Tags
Return values
OpenSsl —Crypto instance.
getSalt()
Gets the HMAC salt to be used for encryption/decryption routines.
public
static getSalt() : string
Return values
string —The currently configured salt
hash()
Create a hash from string using given method.
public
static hash(string $string[, string|null $algorithm = null ][, mixed $salt = false ]) : string
Parameters
- $string : string
-
String to hash
- $algorithm : string|null = null
-
Hashing algo to use (i.e. sha1, sha256 etc.). Can be any valid algo included in list returned by hash_algos(). If no value is passed the type specified by
Security::$hashTypeis used. - $salt : mixed = false
-
If true, automatically prepends the value returned by Security::getSalt() to $string.
Tags
Return values
string —Hash
insecureRandomBytes()
Like randomBytes() above, but not cryptographically secure.
public
static insecureRandomBytes(int $length) : string
Parameters
- $length : int
-
The number of bytes you want.
Tags
Return values
string —Random bytes in binary.
randomBytes()
Get random bytes from a secure source.
public
static randomBytes(int $length) : string
This method will fall back to an insecure source an trigger a warning if it cannot find a secure source of random data.
Parameters
- $length : int
-
The number of bytes you want.
Return values
string —Random bytes in binary.
randomString()
Creates a secure random string.
public
static randomString([int $length = 64 ]) : string
Parameters
- $length : int = 64
-
String length. Default 64.
Return values
stringsetHash()
Sets the default hash method for the Security object. This affects all objects using Security::hash().
public
static setHash(string $hash) : void
Parameters
- $hash : string
-
Method to use (sha1/sha256/md5 etc.)
Tags
setSalt()
Sets the HMAC salt to be used for encryption/decryption routines.
public
static setSalt(string $salt) : void
Parameters
- $salt : string
-
The salt to use for encryption routines.
_checkKey()
Check the encryption key for proper length.
protected
static _checkKey(string $key, string $method) : void
Parameters
- $key : string
-
Key to check.
- $method : string
-
The method the key is being checked for.