Modules

  1. Kohana
    2. Debug
    3. HTTP_Cache
    4. I18n
    5. Kohana
    6. Kohana_Config_Writer
    7. Request
    8. Request_Client
    9. Request_Client_Curl
    10. Request_Client_External
    11. Request_Client_HTTP
    12. Request_Client_Internal
    13. Request_Client_Stream
    14. Response
    15. Route
    16. UTF8
    17. View
    18. Configuration
      1. Config
      2. Config_File
      3. Config_Group
      4. Kohana_Config_File_Reader
      5. Kohana_Config_Reader
      6. Kohana_Config_Source
    19. Controller
      1. Controller
      2. Controller_Template
      3. Controller_Welcome
    20. Exceptions
      1. HTTP_Exception
      2. HTTP_Exception_300
      3. HTTP_Exception_301
      4. HTTP_Exception_302
      5. HTTP_Exception_303
      6. HTTP_Exception_304
      7. HTTP_Exception_305
      8. HTTP_Exception_307
      9. HTTP_Exception_400
      10. HTTP_Exception_401
      11. HTTP_Exception_402
      12. HTTP_Exception_403
      13. HTTP_Exception_404
      14. HTTP_Exception_405
      15. HTTP_Exception_406
      16. HTTP_Exception_407
      17. HTTP_Exception_408
      18. HTTP_Exception_409
      19. HTTP_Exception_410
      20. HTTP_Exception_411
      21. HTTP_Exception_412
      22. HTTP_Exception_413
      23. HTTP_Exception_414
      24. HTTP_Exception_415
      25. HTTP_Exception_416
      26. HTTP_Exception_417
      27. HTTP_Exception_500
      28. HTTP_Exception_501
      29. HTTP_Exception_502
      30. HTTP_Exception_503
      31. HTTP_Exception_504
      32. HTTP_Exception_505
      33. HTTP_Exception_Expected
      34. HTTP_Exception_Redirect
      35. Kohana_Exception
      36. Request_Client_Recursion_Exception
      37. Request_Exception
      38. Session_Exception
      39. UTF8_Exception
      40. Validation_Exception
      41. View_Exception
    21. HTTP
      1. HTTP
      2. HTTP_Header
      3. HTTP_Message
      4. HTTP_Request
      5. HTTP_Response
    22. Helpers
      1. Arr
      2. Cookie
      3. Date
      4. Feed
      5. File
      6. Form
      7. Fragment
      8. HTML
      9. Inflector
      10. Num
      11. Profiler
      12. Task_Help
      13. Text
      14. URL
      15. Upload
    23. Logging
      1. Log
      2. Log_File
      3. Log_StdErr
      4. Log_StdOut
      5. Log_Syslog
      6. Log_Writer
    24. Minion
      1. Minion_Exception
      2. Minion_Exception_InvalidTask
    25. Models
      1. Model
    26. Security
      1. Encrypt
      2. Security
      3. Valid
      4. Validation
    27. Session
      1. Session
      2. Session_Cookie
      3. Session_Native
  2. Kohana/Auth
    2. Auth
    3. Auth_File
    4. Auth_ORM
    5. Model_Auth_Role
    6. Model_Auth_User
    7. Model_Auth_User_Token
    8. Model_Role
    9. Model_User
    10. Model_User_Token
  3. Kohana/Cache
    2. Cache
    3. Cache_Apc
    4. Cache_Arithmetic
    5. Cache_Exception
    6. Cache_File
    7. Cache_GarbageCollect
    8. Cache_Memcache
    9. Cache_MemcacheTag
    10. Cache_Sqlite
    11. Cache_Tagging
    12. Cache_Wincache
  4. Kohana/Codebench
    2. Codebench
    3. Controllers
      1. Controller_Codebench
    4. Tests
      1. Bench_ArrCallback
      2. Bench_AutoLinkEmails
      3. Bench_DateSpan
      4. Bench_ExplodeLimit
      5. Bench_GruberURL
      6. Bench_LtrimDigits
      7. Bench_MDDoBaseURL
      8. Bench_MDDoImageURL
      9. Bench_MDDoIncludeViews
      10. Bench_StripNullBytes
      11. Bench_Transliterate
      12. Bench_URLSite
      13. Bench_UserFuncArray
      14. Bench_ValidColor
      15. Bench_ValidURL
  5. Kohana/Database
    2. DB
    3. Database
    4. Database_Expression
    5. Configuration
      1. Config_Database
      2. Config_Database_Reader
      3. Config_Database_Writer
    6. Drivers
      1. Database_MySQL
      2. Database_MySQLi
      3. Database_PDO
    7. Exceptions
      1. Database_Exception
    8. Models
      1. Model_Database
    9. Query
      1. Database_Query
      2. Database_Query_Builder
      3. Database_Query_Builder_Delete
      4. Database_Query_Builder_Insert
      5. Database_Query_Builder_Join
      6. Database_Query_Builder_Select
      7. Database_Query_Builder_Update
      8. Database_Query_Builder_Where
    10. Query/Result
      1. Database_MySQL_Result
      2. Database_MySQLi_Result
      3. Database_Result
      4. Database_Result_Cached
    11. Session
      1. Session_Database
  6. Kohana/Image
    2. Image
    3. Drivers
      1. Image_GD
      2. Image_Imagick
  7. Kohana/ORM
    2. ORM
    3. ORM_Validation_Exception
  8. Kohana/UnitTest
    2. Unittest_Database_TestCase
    3. Unittest_Tests
  9. Kohana/Userguide
    2. Kodoc
    3. Kodoc_Class
    4. Kodoc_Markdown
    5. Kodoc_Method
    6. Kodoc_Method_Param
    7. Kodoc_Property
    8. Controller
      1. Controller_Userguide
    9. Undocumented
      1. Kodoc_Missing
  10. [Unknown]
    2. Minion_CLI
    3. Minion_Task
    4. Unittest_Helpers
    5. Unittest_TestCase
    6. Unittest_TestSuite

Encrypt
extends Kohana_Encrypt

The Encrypt library provides two-way encryption of text and binary strings using the Mcrypt extension, which consists of three parts: the key, the cipher, and the mode.

The Key
A secret passphrase that is used for encoding and decoding
The Cipher
A cipher determines how the encryption is mathematically calculated. By default, the "rijndael-128" cipher is used. This is commonly known as "AES-128" and is an industry standard.
The Mode
The mode determines how the encrypted data is written in binary form. By default, the "nofb" mode is used, which produces short output with high entropy.
package
Kohana
category
Security
author
Kohana Team
copyright
© 2007-2012 Kohana Team
license
http://kohanaframework.org/license

Class declared in SYSPATH/classes/Encrypt.php on line 3.

Constants

  • None

Properties

Methods

Properties

public static string $default

default instance name

string(7) "default"

public static array $instances

Encrypt class instances

array(0)

protected string $_cipher

mcrypt cipher

Default value:
NULL

protected int $_iv_size

the size of the Initialization Vector (IV) in bytes

Default value:
NULL

protected string $_key

Encryption key

Default value:
NULL

protected string $_mode

mcrypt mode

Default value:
NULL

protected static string $_rand

RAND type to use

Only MCRYPT_DEV_URANDOM and MCRYPT_DEV_RANDOM are considered safe. Using MCRYPT_RAND will silently revert to MCRYPT_DEV_URANDOM

integer 1

Methods

public __construct( string $key , string $mode , string $cipher ) (defined in Kohana_Encrypt)

Creates a new mcrypt wrapper.

Parameters

  • string $key required - Encryption key
  • string $mode required - Mcrypt mode
  • string $cipher required - Mcrypt cipher

Source Code

public function __construct($key, $mode, $cipher)
{
	// Find the max length of the key, based on cipher and mode
	$size = mcrypt_get_key_size($cipher, $mode);

	if (isset($key[$size]))
	{
		// Shorten the key to the maximum size
		$key = substr($key, 0, $size);
	}
	else if (version_compare(PHP_VERSION, '5.6.0', '>='))
	{
		$key = $this->_normalize_key($key, $cipher, $mode);
	}

	// Store the key, mode, and cipher
	$this->_key    = $key;
	$this->_mode   = $mode;
	$this->_cipher = $cipher;

	// Store the IV size
	$this->_iv_size = mcrypt_get_iv_size($this->_cipher, $this->_mode);
}

public decode( string $data ) (defined in Kohana_Encrypt)

Decrypts an encoded string back to its original value.

$data = $encrypt->decode($data);

Parameters

  • string $data required - Encoded string to be decrypted

Return Values

  • FALSE - If decryption fails
  • string

Source Code

public function decode($data)
{
	// Convert the data back to binary
	$data = base64_decode($data, TRUE);

	if ( ! $data)
	{
		// Invalid base64 data
		return FALSE;
	}

	// Extract the initialization vector from the data
	$iv = substr($data, 0, $this->_iv_size);

	if ($this->_iv_size !== strlen($iv))
	{
		// The iv is not the expected size
		return FALSE;
	}

	// Remove the iv from the data
	$data = substr($data, $this->_iv_size);

	// Return the decrypted data, trimming the \0 padding bytes from the end of the data
	return rtrim(mcrypt_decrypt($this->_cipher, $this->_key, $data, $this->_mode, $iv), "\0");
}

public encode( string $data ) (defined in Kohana_Encrypt)

Encrypts a string and returns an encrypted string that can be decoded.

$data = $encrypt->encode($data);

The encrypted binary data is encoded using base64 to convert it to a string. This string can be stored in a database, displayed, and passed using most other means without corruption.

Parameters

  • string $data required - Data to be encrypted

Return Values

  • string

Source Code

public function encode($data)
{
	// Get an initialization vector
	$iv = $this->_create_iv();

	// Encrypt the data using the configured options and generated iv
	$data = mcrypt_encrypt($this->_cipher, $this->_key, $data, $this->_mode, $iv);

	// Use base64 encoding to convert to a string
	return base64_encode($iv.$data);
}

public static instance( [ string $name = NULL ] ) (defined in Kohana_Encrypt)

Returns a singleton instance of Encrypt. An encryption key must be provided in your "encrypt" configuration file.

$encrypt = Encrypt::instance();

Parameters

  • string $name = NULL - Configuration group name

Return Values

  • Encrypt

Source Code

public static function instance($name = NULL)
{
	if ($name === NULL)
	{
		// Use the default instance name
		$name = Encrypt::$default;
	}

	if ( ! isset(Encrypt::$instances[$name]))
	{
		// Load the configuration data
		$config = Kohana::$config->load('encrypt')->$name;

		if ( ! isset($config['key']))
		{
			// No default encryption key is provided!
			throw new Kohana_Exception('No encryption key is defined in the encryption configuration group: :group',
				array(':group' => $name));
		}

		if ( ! isset($config['mode']))
		{
			// Add the default mode
			$config['mode'] = MCRYPT_MODE_NOFB;
		}

		if ( ! isset($config['cipher']))
		{
			// Add the default cipher
			$config['cipher'] = MCRYPT_RIJNDAEL_128;
		}

		// Create a new instance
		Encrypt::$instances[$name] = new Encrypt($config['key'], $config['mode'], $config['cipher']);
	}

	return Encrypt::$instances[$name];
}

protected _create_iv( ) (defined in Kohana_Encrypt)

Proxy for the mcrypt_create_iv function - to allow mocking and testing against KAT vectors

Return Values

  • string - The initialization vector or FALSE on error

Source Code

protected function _create_iv()
{
	/*
	 * Silently use MCRYPT_DEV_URANDOM when the chosen random number generator
	 * is not one of those that are considered secure.
	 *
	 * Also sets Encrypt::$_rand to MCRYPT_DEV_URANDOM when it's not already set
	 */
	if ((Encrypt::$_rand !== MCRYPT_DEV_URANDOM) AND ( Encrypt::$_rand !== MCRYPT_DEV_RANDOM))
	{
		Encrypt::$_rand = MCRYPT_DEV_URANDOM;
	}

	// Create a random initialization vector of the proper size for the current cipher
	return mcrypt_create_iv($this->_iv_size, Encrypt::$_rand);
}

protected _normalize_key( string $key , string $cipher , string $mode ) (defined in Kohana_Encrypt)

Normalize key for PHP 5.6 for backwards compatibility

This method is a shim to make PHP 5.6 behave in a B/C way for legacy key padding when shorter-than-supported keys are used

Parameters

  • string $key required - Encryption key
  • string $cipher required - Mcrypt cipher
  • string $mode required - Mcrypt mode

Source Code

protected function _normalize_key($key, $cipher, $mode)
{
	// open the cipher
	$td = mcrypt_module_open($cipher, '', $mode, '');

	// loop through the supported key sizes
	foreach (mcrypt_enc_get_supported_key_sizes($td) as $supported) {
		// if key is short, needs padding
		if (strlen($key) <= $supported)
		{
			return str_pad($key, $supported, "\0");
		}
	}

	// at this point key must be greater than max supported size, shorten it
	return substr($key, 0, mcrypt_get_key_size($cipher, $mode));
}