CakePHP
  • Documentation
    • Book
    • API
    • Videos
    • Reporting Security Issues
    • Privacy Policy
    • Logos & Trademarks
  • Business Solutions
  • Swag
  • Road Trip
  • Team
  • Community
    • Community
    • Get Involved
    • Issues (Github)
    • Bakery
    • Featured Resources
    • Training
    • Meetups
    • My CakePHP
    • CakeFest
    • Newsletter
    • Linkedin
    • YouTube
    • Facebook
    • Twitter
    • Mastodon
    • Help & Support
    • Forum
    • Stack Overflow
    • IRC
    • Slack
    • Paid Support
CakePHP

C CakePHP 3.1 Red Velvet API

  • Project:
    • CakePHP
      • CakePHP
      • Authentication
      • Authorization
      • Chronos
      • Elastic Search
      • Queue
  • Version:
    • 3.1
      • 5.2
      • 5.1
      • 5.0
      • 4.6
      • 4.5
      • 4.4
      • 4.3
      • 4.2
      • 4.1
      • 4.0
      • 3.10
      • 3.9
      • 3.8
      • 3.7
      • 3.6
      • 3.5
      • 3.4
      • 3.3
      • 3.2
      • 3.1
      • 3.0
      • 2.10
      • 2.9
      • 2.8
      • 2.7
      • 2.6
      • 2.5
      • 2.4
      • 2.3
      • 2.2
      • 2.1
      • 2.0
      • 1.3
      • 1.2

Namespaces

  • Global
  • Cake
    • Auth
    • Cache
    • Collection
    • Console
    • Controller
    • Core
    • Database
    • Datasource
    • Error
    • Event
    • Filesystem
    • Form
    • I18n
    • Log
    • Mailer
    • Network
    • ORM
    • Routing
    • Shell
    • TestSuite
    • Utility
      • Crypto
      • Exception
    • Validation
    • View

Class Security

Security Library contains utility methods related to security

Namespace: Cake\Utility

Property Summary

  • $_instance protected static
    object

    The crypto implementation to use.

  • $_salt protected static
    string

    The HMAC salt to use for encryption and decryption routines

  • $hashType public static
    string

    Default hash method. If $type param for Security::hash() is not specified this value is used. Defaults to 'sha1'.

Method Summary

  • _checkKey() protected static

    Check the encryption key for proper length.

  • _constantEquals() protected static

    A timing attack resistant comparison that prefers native PHP implementations.

  • decrypt() public static

    Decrypt a value using AES-256.

  • encrypt() public static

    Encrypt a value using AES-256.

  • engine() public static

    Get the crypto implementation based on the loaded extensions.

  • hash() public static

    Create a hash from string using given method.

  • rijndael() public static

    Encrypts/Decrypts a text using the given key using rijndael method.

  • salt() public static

    Gets or sets the HMAC salt to be used for encryption/decryption routines.

  • setHash() public static

    Sets the default hash method for the Security object. This affects all objects using Security::hash().

Method Detail

_checkKey() ¶ protected static 

_checkKey(string $key, string $method): void

Check the encryption key for proper length.

Parameters
string $key

Key to check.

string $method

The method the key is being checked for.

Returns
void
Throws
InvalidArgumentException
When key length is not 256 bit/32 bytes

_constantEquals() ¶ protected static 

_constantEquals(string $hmac, string $compare): bool

A timing attack resistant comparison that prefers native PHP implementations.

Parameters
string $hmac

The hmac from the ciphertext being decrypted.

string $compare

The comparison hmac.

Returns
bool
See Also
https://github.com/resonantcore/php-future/

decrypt() ¶ public static 

decrypt(string $cipher, string $key, string|null $hmacSalt = null): string

Decrypt a value using AES-256.

Parameters
string $cipher

The ciphertext to decrypt.

string $key

The 256 bit/32 byte key to use as a cipher key.

string|null $hmacSalt optional

The salt to use for the HMAC process. Leave null to use Security.salt.

Returns
string

Decrypted data. Any trailing null bytes will be removed.

Throws
InvalidArgumentException
On invalid data or key.

encrypt() ¶ public static 

encrypt(string $plain, string $key, string|null $hmacSalt = null): string

Encrypt a value using AES-256.

Caveat You cannot properly encrypt/decrypt data with trailing null bytes. Any trailing null bytes will be removed on decryption due to how PHP pads messages with nulls prior to encryption.

Parameters
string $plain

The value to encrypt.

string $key

The 256 bit/32 byte key to use as a cipher key.

string|null $hmacSalt optional

The salt to use for the HMAC process. Leave null to use Security.salt.

Returns
string

Encrypted data.

Throws
InvalidArgumentException
On invalid data or key.

engine() ¶ public static 

engine(object $instance = null): object

Get the crypto implementation based on the loaded extensions.

You can use this method to forcibly decide between mcrypt/openssl/custom implementations.

Parameters
object $instance optional

The crypto instance to use.

Returns
object

Crypto instance.

Throws
InvalidArgumentException
When no compatible crypto extension is available.

hash() ¶ public static 

hash(string $string, string|null $type = null, mixed $salt = false): string

Create a hash from string using given method.

Parameters
string $string

String to hash

string|null $type optional

Hashing algo to use (i.e. sha1, sha256 etc.). Can be any valid algo included in list returned by hash_algos(). If no value is passed the type specified by Security::$hashType is used.

mixed $salt optional

If true, automatically prepends the application's salt value to $string (Security.salt).

Returns
string

Hash

Links
http://book.cakephp.org/3.0/en/core-libraries/security.html#hashing-data

rijndael() ¶ public static 

rijndael(string $text, string $key, string $operation): string

Encrypts/Decrypts a text using the given key using rijndael method.

Parameters
string $text

Encrypted string to decrypt, normal string to encrypt

string $key

Key to use as the encryption key for encrypted data.

string $operation

Operation to perform, encrypt or decrypt

Returns
string

Encrypted/Decrypted string

Throws
InvalidArgumentException
When there are errors.

salt() ¶ public static 

salt(string|null $salt = null): string

Gets or sets the HMAC salt to be used for encryption/decryption routines.

Parameters
string|null $salt optional

The salt to use for encryption routines. If null returns current salt.

Returns
string

The currently configured salt

setHash() ¶ public static 

setHash(string $hash): void

Sets the default hash method for the Security object. This affects all objects using Security::hash().

Parameters
string $hash

Method to use (sha1/sha256/md5 etc.)

Returns
void
See Also
Security::hash()

Property Detail

$_instance ¶ protected static

The crypto implementation to use.

Type
object

$_salt ¶ protected static

The HMAC salt to use for encryption and decryption routines

Type
string

$hashType ¶ public static

Default hash method. If $type param for Security::hash() is not specified this value is used. Defaults to 'sha1'.

Type
string
OpenHub
Pingping
Linode
  • Business Solutions
  • Showcase
  • Documentation
  • Book
  • API
  • Videos
  • Reporting Security Issues
  • Privacy Policy
  • Logos & Trademarks
  • Community
  • Get Involved
  • Issues (Github)
  • Bakery
  • Featured Resources
  • Training
  • Meetups
  • My CakePHP
  • CakeFest
  • Newsletter
  • Linkedin
  • YouTube
  • Facebook
  • Twitter
  • Mastodon
  • Help & Support
  • Forum
  • Stack Overflow
  • IRC
  • Slack
  • Paid Support

Generated using CakePHP API Docs