Class Security
Security Library contains utility methods related to security
Property Summary
-
$_instance protected static
objectThe crypto implementation to use.
-
$_salt protected static
string|nullThe HMAC salt to use for encryption and decryption routines
-
$hashType public static
stringDefault hash method. If
$typeparam forSecurity::hash()is not specified this value is used. Defaults to 'sha1'.
Method Summary
-
_checkKey() protected static
Check the encryption key for proper length.
-
constantEquals() public static
A timing attack resistant comparison that prefers native PHP implementations.
-
decrypt() public static
Decrypt a value using AES-256.
-
encrypt() public static
Encrypt a value using AES-256.
-
engine() public static
Get the crypto implementation based on the loaded extensions.
-
getSalt() public static
Gets the HMAC salt to be used for encryption/decryption routines.
-
hash() public static
Create a hash from string using given method.
-
insecureRandomBytes() public static
Like randomBytes() above, but not cryptographically secure.
-
randomBytes() public static
Get random bytes from a secure source.
-
randomString() public static
Creates a secure random string.
-
rijndael() public static deprecated
Encrypts/Decrypts a text using the given key using rijndael method.
-
salt() public static deprecated
Gets or sets the HMAC salt to be used for encryption/decryption routines.
-
setHash() public static
Sets the default hash method for the Security object. This affects all objects using Security::hash().
-
setSalt() public static
Sets the HMAC salt to be used for encryption/decryption routines.
Method Detail
_checkKey() ¶ protected static
_checkKey(string $key, string $method): voidCheck the encryption key for proper length.
Parameters
-
string$key Key to check.
-
string$method The method the key is being checked for.
Returns
voidThrows
InvalidArgumentExceptionWhen key length is not 256 bit/32 bytes
constantEquals() ¶ public static
constantEquals(string $original, string $compare): boolA timing attack resistant comparison that prefers native PHP implementations.
Parameters
-
string$original The original value.
-
string$compare The comparison value.
Returns
boolSee Also
decrypt() ¶ public static
decrypt(string $cipher, string $key, string|null $hmacSalt = null): string|falseDecrypt a value using AES-256.
Parameters
-
string$cipher The ciphertext to decrypt.
-
string$key The 256 bit/32 byte key to use as a cipher key.
-
string|null$hmacSalt optional The salt to use for the HMAC process. Leave null to use Security.salt.
Returns
string|falseThrows
InvalidArgumentExceptionOn invalid data or key.
encrypt() ¶ public static
encrypt(string $plain, string $key, string|null $hmacSalt = null): stringEncrypt a value using AES-256.
Caveat You cannot properly encrypt/decrypt data with trailing null bytes. Any trailing null bytes will be removed on decryption due to how PHP pads messages with nulls prior to encryption.
Parameters
-
string$plain The value to encrypt.
-
string$key The 256 bit/32 byte key to use as a cipher key.
-
string|null$hmacSalt optional The salt to use for the HMAC process. Leave null to use Security.salt.
Returns
stringThrows
InvalidArgumentExceptionOn invalid data or key.
engine() ¶ public static
engine(Cake\Utility\Crypto\OpenSslCake\Utility\Crypto\Mcrypt|null $instance = null): Cake\Utility\Crypto\OpenSslCake\Utility\Crypto\McryptGet the crypto implementation based on the loaded extensions.
You can use this method to forcibly decide between mcrypt/openssl/custom implementations.
Parameters
-
Cake\Utility\Crypto\OpenSslCake\Utility\Crypto\Mcrypt|null$instance optional The crypto instance to use.
Returns
Cake\Utility\Crypto\OpenSslCake\Utility\Crypto\McryptThrows
InvalidArgumentExceptionWhen no compatible crypto extension is available.
getSalt() ¶ public static
getSalt(): stringGets the HMAC salt to be used for encryption/decryption routines.
Returns
stringhash() ¶ public static
hash(string $string, string|null $algorithm = null, mixed $salt = false): stringCreate a hash from string using given method.
Parameters
-
string$string String to hash
-
string|null$algorithm optional Hashing algo to use (i.e. sha1, sha256 etc.). Can be any valid algo included in list returned by hash_algos(). If no value is passed the type specified by
Security::$hashTypeis used.-
mixed$salt optional If true, automatically prepends the application's salt value to $string (Security.salt).
Returns
stringThrows
RuntimeExceptionLinks
insecureRandomBytes() ¶ public static
insecureRandomBytes(int $length): stringLike randomBytes() above, but not cryptographically secure.
Parameters
-
int$length The number of bytes you want.
Returns
stringSee Also
randomBytes() ¶ public static
randomBytes(int $length): stringGet random bytes from a secure source.
This method will fall back to an insecure source an trigger a warning if it cannot find a secure source of random data.
Parameters
-
int$length The number of bytes you want.
Returns
stringrandomString() ¶ public static
randomString(int $length = 64): stringCreates a secure random string.
Parameters
-
int$length optional String length. Default 64.
Returns
stringrijndael() ¶ public static
rijndael(string $text, string $key, string $operation): stringEncrypts/Decrypts a text using the given key using rijndael method.
Parameters
-
string$text Encrypted string to decrypt, normal string to encrypt
-
string$key Key to use as the encryption key for encrypted data.
-
string$operation Operation to perform, encrypt or decrypt
Returns
stringThrows
InvalidArgumentExceptionWhen there are errors.
salt() ¶ public static
salt(string|null $salt = null): stringGets or sets the HMAC salt to be used for encryption/decryption routines.
Parameters
-
string|null$salt optional The salt to use for encryption routines. If null returns current salt.
Returns
stringsetHash() ¶ public static
setHash(string $hash): voidSets the default hash method for the Security object. This affects all objects using Security::hash().
Parameters
-
string$hash Method to use (sha1/sha256/md5 etc.)
Returns
voidSee Also
setSalt() ¶ public static
setSalt(string $salt): voidSets the HMAC salt to be used for encryption/decryption routines.
Parameters
-
string$salt The salt to use for encryption routines.
Returns
void