Class Security

Security Library contains utility methods related to security

Package: Cake\Utility
Copyright: Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org)
License: MIT License
Located at Cake/Utility/Security.php

Method Detail

_checkKeysource protected static 

_checkKey( string $key , string $method )

Check the encryption key for proper length.

Parameters

string $key
Key to check.
string $method
The method the key is being checked for.

Throws

CakeException
When key length is not 256 bit/32 bytes

_cryptsource protected static 

_crypt( string $password , mixed $salt false )

One way encryption using php's crypt() function. To use blowfish hashing see `Security::hash()`

Parameters

string $password
The string to be encrypted.
mixed $salt optional false
false to generate a new salt or an existing salt.

Returns

string
The hashed string or an empty string on error.

_saltsource protected static 

_salt( integer $length 22 )

Generates a pseudo random salt suitable for use with php's crypt() function. The salt length should not exceed 27. The salt will be composed of [./0-9A-Za-z]{$length}.

Parameters

integer $length optional 22
The length of the returned salt

Returns

string
The generated salt

ciphersource public static 

cipher( string $text , string $key )

Runs $text through a XOR cipher.

Note This is not a cryptographically strong method and should not be used for sensitive data. Additionally this method does not work in environments where suhosin is enabled.

Instead you should use Security::rijndael() when you need strong encryption.

Deprecated

3.0.0 Will be removed in 3.0.

Parameters

string $text
Encrypted string to decrypt, normal string to encrypt
string $key
Key to use

Returns

string
Encrypted/Decrypted string

decryptsource public static 

decrypt( string $cipher , string $key , string $hmacSalt null )

Decrypt a value using AES-256.

Parameters

string $cipher
The ciphertext to decrypt.
string $key
The 256 bit/32 byte key to use as a cipher key.
string $hmacSalt optional null
The salt to use for the HMAC process. Leave null to use Security.salt.

Returns

string
Decrypted data. Any trailing null bytes will be removed.

Throws

CakeException
On invalid data or key.

encryptsource public static 

encrypt( string $plain , string $key , string $hmacSalt null )

Encrypt a value using AES-256.

Caveat You cannot properly encrypt/decrypt data with trailing null bytes. Any trailing null bytes will be removed on decryption due to how PHP pads messages with nulls prior to encryption.

Parameters

string $plain
The value to encrypt.
string $key
The 256 bit/32 byte key to use as a cipher key.
string $hmacSalt optional null
The salt to use for the HMAC process. Leave null to use Security.salt.

Returns

string
Encrypted data.

Throws

CakeException
On invalid data or key.

generateAuthKeysource public static 

generateAuthKey( )

Generate authorization hash.

Returns

string
Hash

hashsource public static 

hash( string $string , string $type null , mixed $salt false )

Create a hash from string using given method or fallback on next available method.

Using Blowfish

  • Creating Hashes: Do not supply a salt. Cake handles salt creation for

you ensuring that each hashed password will have a unique salt.

  • Comparing Hashes: Simply pass the originally hashed password as the salt.

The salt is prepended to the hash and php handles the parsing automagically. For convenience the BlowfishPasswordHasher class is available for use with the AuthComponent.

  • Do NOT use a constant salt for blowfish!

Creating a blowfish/bcrypt hash:

$hash = Security::hash($password, 'blowfish');

Parameters

string $string
String to hash
string $type optional null
Method to use (sha1/sha256/md5/blowfish)
mixed $salt optional false
If true, automatically prepends the application's salt value to $string (Security.salt). If you are using blowfish the salt must be false or a previously generated salt.

Returns

string
Hash

Link

http://book.cakephp.org/2.0/en/core-utility-libraries/security.html#Security::hash

inactiveMinssource public static 

inactiveMins( )

Get allowed minutes of inactivity based on security level.

Deprecated

3.0.0 Exists for backwards compatibility only, not used by the core

Returns

integer
Allowed inactivity in minutes

rijndaelsource public static 

rijndael( string $text , string $key , string $operation )

Encrypts/Decrypts a text using the given key using rijndael method.

Prior to 2.3.1, a fixed initialization vector was used. This was not secure. This method now uses a random iv, and will silently upgrade values when they are re-encrypted.

Parameters

string $text
Encrypted string to decrypt, normal string to encrypt
string $key
Key to use as the encryption key for encrypted data.
string $operation
Operation to perform, encrypt or decrypt

Returns

string
Encrypted/Decrypted string

setCostsource public static 

setCost( integer $cost )

Sets the cost for they blowfish hash method.

Parameters

integer $cost
Valid values are 4-31

setHashsource public static 

setHash( string $hash )

Sets the default hash method for the Security object. This affects all objects using Security::hash().

Parameters

string $hash
Method to use (sha1/sha256/md5/blowfish)

See

Security::hash()

validateAuthKeysource public static 

validateAuthKey( string $authKey )

Validate authorization hash.

Parameters

string $authKey
Authorization hash

Returns

boolean
Success

Properties summary

$hashCostsource

public static string

Default cost

'10'

$hashTypesource

public static string

Default hash method

null

© 2005–2016 The Cake Software Foundation, Inc.
Licensed under the MIT License.
CakePHP is a registered trademark of Cake Software Foundation, Inc.
We are not endorsed by or affiliated with CakePHP.
http://api.cakephp.org/2.7/class-Security.html