Modules

Kohana_Encrypt

The Encrypt library provides two-way encryption of text and binary strings using the Mcrypt extension, which consists of three parts: the key, the cipher, and the mode.

The Key
A secret passphrase that is used for encoding and decoding
The Cipher
A cipher determines how the encryption is mathematically calculated. By default, the "rijndael-128" cipher is used. This is commonly known as "AES-128" and is an industry standard.
The Mode
The mode determines how the encrypted data is written in binary form. By default, the "nofb" mode is used, which produces short output with high entropy.
package
Kohana
category
Security
author
Kohana Team
copyright
© 2007-2012 Kohana Team
license
http://kohanaframework.org/license

Class declared in SYSPATH/classes/kohana/encrypt.php on line 26.

Constants

  • None

Properties

public static string $default

default instance name

string(7) "default"

public static array $instances

Encrypt class instances

array(0) 

protected static string $_rand

OS-dependent RAND type to use

NULL

Methods

public __construct( string $key , string $mode , string $cipher ) (defined in Kohana_Encrypt)

Creates a new mcrypt wrapper.

Parameters

  • string $key required - Encryption key
  • string $mode required - Mcrypt mode
  • string $cipher required - Mcrypt cipher

Source Code

public function __construct($key, $mode, $cipher)
{
	// Find the max length of the key, based on cipher and mode
	$size = mcrypt_get_key_size($cipher, $mode);

	if (isset($key[$size]))
	{
		// Shorten the key to the maximum size
		$key = substr($key, 0, $size);
	}

	// Store the key, mode, and cipher
	$this->_key    = $key;
	$this->_mode   = $mode;
	$this->_cipher = $cipher;

	// Store the IV size
	$this->_iv_size = mcrypt_get_iv_size($this->_cipher, $this->_mode);
}

public decode( string $data ) (defined in Kohana_Encrypt)

Decrypts an encoded string back to its original value.

$data = $encrypt->decode($data);

Parameters

  • string $data required - Encoded string to be decrypted

Return Values

  • FALSE - If decryption fails
  • string

Source Code

public function decode($data)
{
	// Convert the data back to binary
	$data = base64_decode($data, TRUE);

	if ( ! $data)
	{
		// Invalid base64 data
		return FALSE;
	}

	// Extract the initialization vector from the data
	$iv = substr($data, 0, $this->_iv_size);

	if ($this->_iv_size !== strlen($iv))
	{
		// The iv is not the expected size
		return FALSE;
	}

	// Remove the iv from the data
	$data = substr($data, $this->_iv_size);

	// Return the decrypted data, trimming the \0 padding bytes from the end of the data
	return rtrim(mcrypt_decrypt($this->_cipher, $this->_key, $data, $this->_mode, $iv), "\0");
}

public encode( string $data ) (defined in Kohana_Encrypt)

Encrypts a string and returns an encrypted string that can be decoded.

$data = $encrypt->encode($data);

The encrypted binary data is encoded using base64 to convert it to a string. This string can be stored in a database, displayed, and passed using most other means without corruption.

Parameters

  • string $data required - Data to be encrypted

Return Values

  • string

Source Code

public function encode($data)
{
	// Set the rand type if it has not already been set
	if (Encrypt::$_rand === NULL)
	{
		if (Kohana::$is_windows)
		{
			// Windows only supports the system random number generator
			Encrypt::$_rand = MCRYPT_RAND;
		}
		else
		{
			if (defined('MCRYPT_DEV_URANDOM'))
			{
				// Use /dev/urandom
				Encrypt::$_rand = MCRYPT_DEV_URANDOM;
			}
			elseif (defined('MCRYPT_DEV_RANDOM'))
			{
				// Use /dev/random
				Encrypt::$_rand = MCRYPT_DEV_RANDOM;
			}
			else
			{
				// Use the system random number generator
				Encrypt::$_rand = MCRYPT_RAND;
			}
		}
	}

	if (Encrypt::$_rand === MCRYPT_RAND)
	{
		// The system random number generator must always be seeded each
		// time it is used, or it will not produce true random results
		mt_srand();
	}

	// Create a random initialization vector of the proper size for the current cipher
	$iv = mcrypt_create_iv($this->_iv_size, Encrypt::$_rand);

	// Encrypt the data using the configured options and generated iv
	$data = mcrypt_encrypt($this->_cipher, $this->_key, $data, $this->_mode, $iv);

	// Use base64 encoding to convert to a string
	return base64_encode($iv.$data);
}

public static instance( [ string $name = NULL ] ) (defined in Kohana_Encrypt)

Returns a singleton instance of Encrypt. An encryption key must be provided in your "encrypt" configuration file.

$encrypt = Encrypt::instance();

Parameters

  • string $name = NULL - Configuration group name

Return Values

  • Encrypt

Source Code

public static function instance($name = NULL)
{
	if ($name === NULL)
	{
		// Use the default instance name
		$name = Encrypt::$default;
	}

	if ( ! isset(Encrypt::$instances[$name]))
	{
		// Load the configuration data
		$config = Kohana::config('encrypt')->$name;

		if ( ! isset($config['key']))
		{
			// No default encryption key is provided!
			throw new Kohana_Exception('No encryption key is defined in the encryption configuration group: :group',
				array(':group' => $name));
		}

		if ( ! isset($config['mode']))
		{
			// Add the default mode
			$config['mode'] = MCRYPT_MODE_NOFB;
		}

		if ( ! isset($config['cipher']))
		{
			// Add the default cipher
			$config['cipher'] = MCRYPT_RIJNDAEL_128;
		}

		// Create a new instance
		Encrypt::$instances[$name] = new Encrypt($config['key'], $config['mode'], $config['cipher']);
	}

	return Encrypt::$instances[$name];
}