CakePHP
  • Documentation
    • Book
    • API
    • Videos
    • Reporting Security Issues
    • Privacy Policy
    • Logos & Trademarks
  • Business Solutions
  • Swag
  • Road Trip
  • Team
  • Community
    • Community
    • Get Involved
    • Issues (Github)
    • Bakery
    • Featured Resources
    • Training
    • Meetups
    • My CakePHP
    • CakeFest
    • Newsletter
    • Linkedin
    • YouTube
    • Facebook
    • Twitter
    • Mastodon
    • Help & Support
    • Forum
    • Stack Overflow
    • IRC
    • Slack
    • Paid Support
CakePHP

C CakePHP 5.1 Chiffon API

  • Project:
    • CakePHP
      • CakePHP
      • Chronos
      • Elastic Search
      • Queue
  • Version:
    • 5.1
      • 5.1
      • 5.0
      • 4.5
      • 4.4
      • 4.3
      • 4.2
      • 4.1
      • 4.0
      • 3.10
      • 3.9
      • 3.8
      • 3.7
      • 3.6
      • 3.5
      • 3.4
      • 3.3
      • 3.2
      • 3.1
      • 3.0
      • 2.10
      • 2.9
      • 2.8
      • 2.7
      • 2.6
      • 2.5
      • 2.4
      • 2.3
      • 2.2
      • 2.1
      • 2.0
      • 1.3
      • 1.2

Namespaces

  • Global
  • Cake
    • Cache
    • Collection
    • Command
    • Console
    • Controller
    • Core
    • Database
    • Datasource
    • Error
    • Event
    • Form
    • Http
    • I18n
    • Log
    • Mailer
    • Network
    • ORM
    • Routing
    • TestSuite
    • Utility
      • Crypto
      • Exception
    • Validation
    • View

Class Security

Security Library contains utility methods related to security

Namespace: Cake\Utility

Property Summary

  • $_instance protected static
    object|null

    The crypto implementation to use.

  • $_salt protected static
    string|null

    The HMAC salt to use for encryption and decryption routines

  • $hashType public static
    string

    Default hash method. If $type param for Security::hash() is not specified this value is used. Defaults to 'sha1'.

Method Summary

  • _checkKey() protected static

    Check the encryption key for proper length.

  • constantEquals() public static

    A timing attack resistant comparison that prefers native PHP implementations.

  • decrypt() public static

    Decrypt a value using AES-256.

  • encrypt() public static

    Encrypt a value using AES-256.

  • engine() public static

    Get the crypto implementation based on the loaded extensions.

  • getSalt() public static

    Gets the HMAC salt to be used for encryption/decryption routines.

  • hash() public static

    Create a hash from string using given method.

  • insecureRandomBytes() public static

    Like randomBytes() above, but not cryptographically secure.

  • randomBytes() public static

    Get random bytes from a secure source.

  • randomString() public static

    Creates a secure random string.

  • setHash() public static

    Sets the default hash method for the Security object. This affects all objects using Security::hash().

  • setSalt() public static

    Sets the HMAC salt to be used for encryption/decryption routines.

Method Detail

_checkKey() ¶ protected static 

_checkKey(string $key, string $method): void

Check the encryption key for proper length.

Parameters
string $key

Key to check.

string $method

The method the key is being checked for.

Returns
void
Throws
InvalidArgumentException
When key length is not 256 bit/32 bytes

constantEquals() ¶ public static 

constantEquals(mixed $original, mixed $compare): bool

A timing attack resistant comparison that prefers native PHP implementations.

Parameters
mixed $original

The original value.

mixed $compare

The comparison value.

Returns
bool

decrypt() ¶ public static 

decrypt(string $cipher, string $key, string|null $hmacSalt = null): string|null

Decrypt a value using AES-256.

Parameters
string $cipher

The ciphertext to decrypt.

string $key

The 256 bit/32 byte key to use as a cipher key.

string|null $hmacSalt optional

The salt to use for the HMAC process. Leave null to use value of Security::getSalt().

Returns
string|null
Throws
InvalidArgumentException
On invalid data or key.

encrypt() ¶ public static 

encrypt(string $plain, string $key, string|null $hmacSalt = null): string

Encrypt a value using AES-256.

Caveat You cannot properly encrypt/decrypt data with trailing null bytes. Any trailing null bytes will be removed on decryption due to how PHP pads messages with nulls prior to encryption.

Parameters
string $plain

The value to encrypt.

string $key

The 256 bit/32 byte key to use as a cipher key.

string|null $hmacSalt optional

The salt to use for the HMAC process. Leave null to use value of Security::getSalt().

Returns
string
Throws
InvalidArgumentException
On invalid data or key.

engine() ¶ public static 

engine(Cake\Utility\Crypto\OpenSsl|null $instance = null): Cake\Utility\Crypto\OpenSsl

Get the crypto implementation based on the loaded extensions.

You can use this method to forcibly decide between openssl/custom implementations.

Parameters
Cake\Utility\Crypto\OpenSsl|null $instance optional

The crypto instance to use.

Returns
Cake\Utility\Crypto\OpenSsl
Throws
InvalidArgumentException
When no compatible crypto extension is available.

getSalt() ¶ public static 

getSalt(): string

Gets the HMAC salt to be used for encryption/decryption routines.

Returns
string

hash() ¶ public static 

hash(string $string, string|null $algorithm = null, string|bool $salt = false): string

Create a hash from string using given method.

Parameters
string $string

String to hash

string|null $algorithm optional

Hashing algo to use (i.e. sha1, sha256 etc.). Can be any valid algo included in list returned by hash_algos(). If no value is passed the type specified by Security::$hashType is used.

string|bool $salt optional

If true, automatically prepends the value returned by Security::getSalt() to $string.

Returns
string
Throws
InvalidArgumentException
Links
https://book.cakephp.org/5/en/core-libraries/security.html#hashing-data

insecureRandomBytes() ¶ public static 

insecureRandomBytes(int $length): string

Like randomBytes() above, but not cryptographically secure.

Parameters
int $length

The number of bytes you want.

Returns
string
See Also
\Cake\Utility\Security::randomBytes()

randomBytes() ¶ public static 

randomBytes(int $length): string

Get random bytes from a secure source.

This method will fall back to an insecure source an trigger a warning if it cannot find a secure source of random data.

Parameters
int $length

The number of bytes you want.

Returns
string

randomString() ¶ public static 

randomString(int $length = 64): string

Creates a secure random string.

Parameters
int $length optional

String length. Default 64.

Returns
string

setHash() ¶ public static 

setHash(string $hash): void

Sets the default hash method for the Security object. This affects all objects using Security::hash().

Parameters
string $hash

Method to use (sha1/sha256/md5 etc.)

Returns
void
See Also
\Cake\Utility\Security::hash()

setSalt() ¶ public static 

setSalt(string $salt): void

Sets the HMAC salt to be used for encryption/decryption routines.

Parameters
string $salt

The salt to use for encryption routines.

Returns
void

Property Detail

$_instance ¶ protected static

The crypto implementation to use.

Type
object|null

$_salt ¶ protected static

The HMAC salt to use for encryption and decryption routines

Type
string|null

$hashType ¶ public static

Default hash method. If $type param for Security::hash() is not specified this value is used. Defaults to 'sha1'.

Type
string
OpenHub
Pingping
Linode
  • Business Solutions
  • Showcase
  • Documentation
  • Book
  • API
  • Videos
  • Reporting Security Issues
  • Privacy Policy
  • Logos & Trademarks
  • Community
  • Get Involved
  • Issues (Github)
  • Bakery
  • Featured Resources
  • Training
  • Meetups
  • My CakePHP
  • CakeFest
  • Newsletter
  • Linkedin
  • YouTube
  • Facebook
  • Twitter
  • Mastodon
  • Help & Support
  • Forum
  • Stack Overflow
  • IRC
  • Slack
  • Paid Support

Generated using CakePHP API Docs