Class Security
Security Library contains utility methods related to security
Properties summary
- The crypto implementation to use.
object
- The HMAC salt to use for encryption and decryption routines
string
-
string
Default hash method. If
$type
param forSecurity::hash()
is not specified this value is used. Defaults to 'sha1'.
Method Summary
- Check the encryption key for proper length.
- A timing attack resistant comparison that prefers native PHP implementations.
- Decrypt a value using AES-256.
- Encrypt a value using AES-256.
- Get the crypto implementation based on the loaded extensions.
- Create a hash from string using given method.
- Like randomBytes() above, but not cryptographically secure.
- Get random bytes from a secure source.
- Encrypts/Decrypts a text using the given key using rijndael method.
-
Gets or sets the HMAC salt to be used for encryption/decryption routines.
-
Sets the default hash method for the Security object. This affects all objects using Security::hash().
Method Detail
_checkKey()source protected static
_checkKey( string $key , string $method )
Check the encryption key for proper length.
Parameters
- string
$key
- Key to check.
- string
$method
- The method the key is being checked for.
Throws
InvalidArgumentExceptionWhen key length is not 256 bit/32 bytes
_constantEquals()source protected static
_constantEquals( string $hmac , string $compare )
A timing attack resistant comparison that prefers native PHP implementations.
Parameters
- string
$hmac
- The hmac from the ciphertext being decrypted.
- string
$compare
- The comparison hmac.
Returns
booleanSee
https://github.com/resonantcore/php-future/decrypt()source public static
decrypt( string $cipher , string $key , string|null $hmacSalt null )
Decrypt a value using AES-256.
Parameters
- string
$cipher
- The ciphertext to decrypt.
- string
$key
- The 256 bit/32 byte key to use as a cipher key.
- string|null
$hmacSalt
optional null - The salt to use for the HMAC process. Leave null to use Security.salt.
Returns
stringDecrypted data. Any trailing null bytes will be removed.
Throws
InvalidArgumentExceptionOn invalid data or key.
encrypt()source public static
encrypt( string $plain , string $key , string|null $hmacSalt null )
Encrypt a value using AES-256.
Caveat You cannot properly encrypt/decrypt data with trailing null bytes. Any trailing null bytes will be removed on decryption due to how PHP pads messages with nulls prior to encryption.
Parameters
- string
$plain
- The value to encrypt.
- string
$key
- The 256 bit/32 byte key to use as a cipher key.
- string|null
$hmacSalt
optional null - The salt to use for the HMAC process. Leave null to use Security.salt.
Returns
stringEncrypted data.
Throws
InvalidArgumentExceptionOn invalid data or key.
engine()source public static
engine( object|null $instance null )
Get the crypto implementation based on the loaded extensions.
You can use this method to forcibly decide between mcrypt/openssl/custom implementations.
Parameters
- object|null
$instance
optional null - The crypto instance to use.
Returns
objectCrypto instance.
Throws
InvalidArgumentExceptionWhen no compatible crypto extension is available.
hash()source public static
hash( string $string , string|null $type null , mixed $salt false )
Create a hash from string using given method.
Parameters
- string
$string
- String to hash
- string|null
$type
optional null Hashing algo to use (i.e. sha1, sha256 etc.). Can be any valid algo included in list returned by hash_algos(). If no value is passed the type specified by
Security::$hashType
is used.- mixed
$salt
optional false If true, automatically prepends the application's salt value to $string (Security.salt).
Returns
stringHash
Link
http://book.cakephp.org/3.0/en/core-libraries/security.html#hashing-datainsecureRandomBytes()source public static
insecureRandomBytes( integer $length )
Like randomBytes() above, but not cryptographically secure.
Parameters
- integer
$length
- The number of bytes you want.
Returns
stringRandom bytes in binary.
See
\Cake\Utility\Security::randomBytes()randomBytes()source public static
randomBytes( integer $length )
Get random bytes from a secure source.
This method will fall back to an insecure source an trigger a warning if it cannot find a secure source of random data.
Parameters
- integer
$length
- The number of bytes you want.
Returns
stringRandom bytes in binary.
rijndael()source public static
rijndael( string $text , string $key , string $operation )
Encrypts/Decrypts a text using the given key using rijndael method.
Parameters
- string
$text
- Encrypted string to decrypt, normal string to encrypt
- string
$key
- Key to use as the encryption key for encrypted data.
- string
$operation
- Operation to perform, encrypt or decrypt
Returns
stringEncrypted/Decrypted string
Throws
InvalidArgumentExceptionWhen there are errors.
salt()source public static
salt( string|null $salt null )
Gets or sets the HMAC salt to be used for encryption/decryption routines.
Parameters
- string|null
$salt
optional null - The salt to use for encryption routines. If null returns current salt.
Returns
stringThe currently configured salt
setHash()source public static
setHash( string $hash )
Sets the default hash method for the Security object. This affects all objects using Security::hash().
Parameters
- string
$hash
- Method to use (sha1/sha256/md5 etc.)
See
\Cake\Utility\Security::hash()Properties detail
$hashTypesource
public static string
Default hash method. If $type
param for Security::hash()
is not specified this value is used. Defaults to 'sha1'.
'sha1'
© 2005–2016 The Cake Software Foundation, Inc.
Licensed under the MIT License.
CakePHP is a registered trademark of Cake Software Foundation, Inc.
We are not endorsed by or affiliated with CakePHP.
http://api.cakephp.org/3.2/class-Cake.Utility.Security.html