Kohana Encrypt OpenSSL driver. Provides two-way encryption of text and binary strings using the OpenSSL extension.
Class declared in SYSPATH/classes/Encrypt/Openssl.php on line 3.
string
$aadThe authentication tag when using AEAD cipher mode (GCM or CCM).
NULL
string
$ivThe Initialization Vector for unit testing.
NULL
int
$ivSizeThe size of the Initialization Vector (IV) in bytes.
NULL
string
$keyEncryption key.
NULL
string
$methodThe cipher method.
NULL
int
$optionsEncryption key.
integer 3
string
$tagEncryption key.
NULL
string
$tagLengthThe length of the authentication tag.
NULL
Creates a new mcrypt wrapper.
string
$name
required - Configuration group name. string
$config
required - Configuration parameters. public function __construct($name, $config)
{
if (!isset($config['key'])) {
// No default encryption key is provided!
throw new Kohana_Exception('No encryption key is defined in the encryption configuration group: :group', [':group' => $name]);
}
if (!isset($config['method'])) {
// Add the default cipher method.
$config['method'] = 'AES-256-CTR';
}
// Store the cipher method and the key.
$this->method = $config['method'];
$this->key = $config['key'];
// Store other parameters.
isset($config['options']) and $this->options = $config['options'];
isset($config['tag']) and $this->tag = $config['tag'];
isset($config['aad']) and $this->aad = $config['aad'];
isset($config['tagLength']) and $this->tagLength = $config['tagLength'];
// Store the faked IV for unit testing.
isset($config['iv']) and $this->iv = $config['iv'];
// Store the IV size.
$this->ivSize = openssl_cipher_iv_length($this->method);
}
Decrypts an encoded string back to its original value.
$data = $encrypt->decode($data);
string
$data
required - Encoded string to be decrypted. false
- If decryption fails.string
public function decode($data)
{
// Convert the data back to binary.
$data = base64_decode($data, true);
if (!$data) {
// Invalid base64 data.
return false;
}
// Extract the initialization vector from the data.
$iv = substr($data, 0, $this->ivSize);
if ($this->ivSize !== strlen($iv)) {
// The IV is not the expected size.
return false;
}
// Remove the IV from the data.
$data = substr($data, $this->ivSize);
// Return the decrypted data, trimming the \0 padding bytes from the end of the data.
if (PHP_VERSION_ID >= 71000) {
return rtrim(openssl_decrypt($data, $this->method, $this->key, $this->options, $iv, $this->tag, $this->aad, $this->tagLength), "\0");
} else {
return rtrim(openssl_decrypt($data, $this->method, $this->key, $this->options, $iv), "\0");
}
}
Encrypts a string and returns an encrypted string that can be decoded.
$data = $encrypt->encode($data);
The encrypted binary data is encoded using base64 to convert it to a string. This string can be stored in a database, displayed, and passed using most other means without corruption.
string
$data
required - Data to be encrypted. string
public function encode($data)
{
// Use a fake random initialization vector for unit testing.
if (isset($this->iv)) {
$iv = $this->iv;
} else {
// Create a random initialization vector of the proper size for the current cipher.
$iv = openssl_random_pseudo_bytes($this->ivSize);
}
// Encrypt the data using the configured options and generated IV.
if (PHP_VERSION_ID >= 71000) {
$data = openssl_encrypt($data, $this->method, $this->key, $this->options, $iv, $this->tag, $this->aad, $this->tagLength);
} else {
$data = openssl_encrypt($data, $this->method, $this->key, $this->options, $iv);
}
// Use base64 encoding to convert to a string.
return base64_encode($iv . $data);
}