Class Security
Security Library contains utility methods related to security
Properties summary
- $_instance protected static
objectThe crypto implementation to use.
- $_salt protected static
string|nullThe HMAC salt to use for encryption and decryption routines
- $hashType public static
stringDefault hash method. If
$typeparam forSecurity::hash()is not specified this value is used. Defaults to 'sha1'.
Method Summary
- constantEquals() public static
A timing attack resistant comparison that prefers native PHP implementations.
- setHash() public static
Sets the default hash method for the Security object. This affects all objects using Security::hash().
Method Detail
_checkKey() protected static
_checkKey(string $key, string $method)
Check the encryption key for proper length.
Parameters
-
string$key Key to check.
-
string$method The method the key is being checked for.
Throws
InvalidArgumentExceptionWhen key length is not 256 bit/32 bytes
constantEquals() public static
constantEquals(mixed $original, mixed $compare)
A timing attack resistant comparison that prefers native PHP implementations.
Parameters
-
mixed$original The original value.
-
mixed$compare The comparison value.
Returns
booldecrypt() public static
decrypt(string $cipher, string $key, ?string $hmacSalt)
Decrypt a value using AES-256.
Parameters
-
string$cipher The ciphertext to decrypt.
-
string$key The 256 bit/32 byte key to use as a cipher key.
-
string|null$hmacSalt optional The salt to use for the HMAC process. Leave null to use value of Security::getSalt().
Returns
string|nullDecrypted data. Any trailing null bytes will be removed.
Throws
InvalidArgumentExceptionOn invalid data or key.
encrypt() public static
encrypt(string $plain, string $key, ?string $hmacSalt)
Encrypt a value using AES-256.
Caveat You cannot properly encrypt/decrypt data with trailing null bytes. Any trailing null bytes will be removed on decryption due to how PHP pads messages with nulls prior to encryption.
Parameters
-
string$plain The value to encrypt.
-
string$key The 256 bit/32 byte key to use as a cipher key.
-
string|null$hmacSalt optional The salt to use for the HMAC process. Leave null to use value of Security::getSalt().
Returns
stringEncrypted data.
Throws
InvalidArgumentExceptionOn invalid data or key.
engine() public static
engine(mixed $instance)
Get the crypto implementation based on the loaded extensions.
You can use this method to forcibly decide between openssl/custom implementations.
Parameters
-
\Cake\Utility\Crypto\OpenSsl|null$instance optional The crypto instance to use.
Returns
\Cake\Utility\Crypto\OpenSslCrypto instance.
Throws
InvalidArgumentExceptionWhen no compatible crypto extension is available.
getSalt() public static
getSalt()
Gets the HMAC salt to be used for encryption/decryption routines.
Returns
stringThe currently configured salt
hash() public static
hash(string $string, ?string $algorithm, mixed $salt)
Create a hash from string using given method.
Parameters
-
string$string String to hash
-
string|null$algorithm optional Hashing algo to use (i.e. sha1, sha256 etc.). Can be any valid algo included in list returned by hash_algos(). If no value is passed the type specified by
Security::$hashTypeis used.-
mixed$salt optional If true, automatically prepends the value returned by Security::getSalt() to $string.
Returns
stringHash
Throws
RuntimeExceptionLinks
insecureRandomBytes() public static
insecureRandomBytes(int $length)
Like randomBytes() above, but not cryptographically secure.
Parameters
-
int$length The number of bytes you want.
Returns
stringRandom bytes in binary.
See Also
randomBytes() public static
randomBytes(int $length)
Get random bytes from a secure source.
This method will fall back to an insecure source an trigger a warning if it cannot find a secure source of random data.
Parameters
-
int$length The number of bytes you want.
Returns
stringRandom bytes in binary.
randomString() public static
randomString(int $length)
Creates a secure random string.
Parameters
-
int$length optional String length. Default 64.
Returns
stringsetHash() public static
setHash(string $hash)
Sets the default hash method for the Security object. This affects all objects using Security::hash().
Parameters
-
string$hash Method to use (sha1/sha256/md5 etc.)
See Also
setSalt() public static
setSalt(string $salt)
Sets the HMAC salt to be used for encryption/decryption routines.
Parameters
-
string$salt The salt to use for encryption routines.
Property Detail
$_instance protected static
The crypto implementation to use.
Type
object$_salt protected static
The HMAC salt to use for encryption and decryption routines
Type
string|null$hashType public static
Default hash method. If $type param for Security::hash() is not specified this value is used. Defaults to 'sha1'.
Type
string
© 2005–present The Cake Software Foundation, Inc.
Licensed under the MIT License.
CakePHP is a registered trademark of Cake Software Foundation, Inc.
We are not endorsed by or affiliated with CakePHP.
https://api.cakephp.org/4.1/class-Cake.Utility.Security.html