Class Security

_checkKeysource protected static

_checkKey( string $key , string $method )

Check the encryption key for proper length.

Parameters

string $key

Key to check.

string $method

The method the key is being checked for.

Throws

InvalidArgumentException
When key length is not 256 bit/32 bytes

_constantEqualssource protected static

_constantEquals( string $hmac , string $compare )

A timing attack resistant comparison that prefers native PHP implementations.

Parameters

string $hmac

The hmac from the ciphertext being decrypted.

string $compare

The comparison hmac.

Returns

boolean
bool

See

https://github.com/resonantcore/php-future/

decryptsource public static

decrypt( string $cipher , string $key , string|null $hmacSalt null )

Decrypt a value using AES-256.

Parameters

string $cipher

The ciphertext to decrypt.

string $key

The 256 bit/32 byte key to use as a cipher key.

string|null $hmacSalt optional null

The salt to use for the HMAC process. Leave null to use Security.salt.

Returns

string
Decrypted data. Any trailing null bytes will be removed.

Throws

InvalidArgumentException
On invalid data or key.

encryptsource public static

encrypt( string $plain , string $key , string|null $hmacSalt null )

Encrypt a value using AES-256.

Caveat You cannot properly encrypt/decrypt data with trailing null bytes. Any trailing null bytes will be removed on decryption due to how PHP pads messages with nulls prior to encryption.

Parameters

string $plain

The value to encrypt.

string $key

The 256 bit/32 byte key to use as a cipher key.

string|null $hmacSalt optional null

The salt to use for the HMAC process. Leave null to use Security.salt.

Returns

string
Encrypted data.

Throws

InvalidArgumentException
On invalid data or key.

enginesource public static

engine( object $instance null )

Get the crypto implementation based on the loaded extensions.

You can use this method to forcibly decide between mcrypt/openssl/custom implementations.

Parameters

object $instance optional null

The crypto instance to use.

Returns

object
Crypto instance.

Throws

InvalidArgumentException
When no compatible crypto extension is available.

hashsource public static

hash( string $string , string|null $type null , mixed $salt false )

Create a hash from string using given method.

Parameters

string $string

String to hash

string|null $type optional null

Hashing algo to use (i.e. sha1, sha256 etc.). Can be any valid algo included in list returned by hash_algos(). If no value is passed the type specified by Security::$hashType is used.

mixed $salt optional false

If true, automatically prepends the application's salt value to $string (Security.salt).

Returns

string
Hash

Link

http://book.cakephp.org/3.0/en/core-libraries/security.html#hashing-data

rijndaelsource public static

rijndael( string $text , string $key , string $operation )

Encrypts/Decrypts a text using the given key using rijndael method.

Parameters

string $text

Encrypted string to decrypt, normal string to encrypt

string $key

Key to use as the encryption key for encrypted data.

string $operation

Operation to perform, encrypt or decrypt

Returns

string
Encrypted/Decrypted string

Throws

InvalidArgumentException
When there are errors.

saltsource public static

salt( string|null $salt null )

Gets or sets the HMAC salt to be used for encryption/decryption routines.

Parameters

string|null $salt optional null

The salt to use for encryption routines. If null returns current salt.

Returns

string
The currently configured salt

setHashsource public static

setHash( string $hash )

Sets the default hash method for the Security object. This affects all objects using Security::hash().

Parameters

string $hash

Method to use (sha1/sha256/md5 etc.)

See

Cake\Utility\Security::hash()

'sha1'