Class Security

Security Library contains utility methods related to security

Namespace: Cake\Utility

Properties summary

  • $_instance protected static
    object

    The crypto implementation to use.

  • $_salt protected static
    string|null

    The HMAC salt to use for encryption and decryption routines

  • $hashType public static
    string

    Default hash method. If $type param for Security::hash() is not specified this value is used. Defaults to 'sha1'.

Method Summary

  • _checkKey() protected static

    Check the encryption key for proper length.

  • constantEquals() public static

    A timing attack resistant comparison that prefers native PHP implementations.

  • decrypt() public static

    Decrypt a value using AES-256.

  • encrypt() public static

    Encrypt a value using AES-256.

  • engine() public static

    Get the crypto implementation based on the loaded extensions.

  • getSalt() public static

    Gets the HMAC salt to be used for encryption/decryption routines.

  • hash() public static

    Create a hash from string using given method.

  • insecureRandomBytes() public static

    Like randomBytes() above, but not cryptographically secure.

  • randomBytes() public static

    Get random bytes from a secure source.

  • randomString() public static

    Creates a secure random string.

  • rijndael() public static

    Encrypts/Decrypts a text using the given key using rijndael method.

  • salt() public static

    Gets or sets the HMAC salt to be used for encryption/decryption routines.

  • setHash() public static

    Sets the default hash method for the Security object. This affects all objects using Security::hash().

  • setSalt() public static

    Sets the HMAC salt to be used for encryption/decryption routines.

Method Detail

_checkKey() protected static 

_checkKey(mixed $key, mixed $method)

Check the encryption key for proper length.

Parameters

string $key

Key to check.

string $method

The method the key is being checked for.

Throws

InvalidArgumentException
When key length is not 256 bit/32 bytes

constantEquals() public static 

constantEquals(mixed $original, mixed $compare)

A timing attack resistant comparison that prefers native PHP implementations.

Parameters

string $original

The original value.

string $compare

The comparison value.

Returns

bool

See Also

https://github.com/resonantcore/php-future/

decrypt() public static 

decrypt(mixed $cipher, mixed $key, mixed $hmacSalt)

Decrypt a value using AES-256.

Parameters

string $cipher

The ciphertext to decrypt.

string $key

The 256 bit/32 byte key to use as a cipher key.

string|null $hmacSalt optional

The salt to use for the HMAC process. Leave null to use Security.salt.

Returns

string|false

Decrypted data. Any trailing null bytes will be removed.

Throws

InvalidArgumentException
On invalid data or key.

encrypt() public static 

encrypt(mixed $plain, mixed $key, mixed $hmacSalt)

Encrypt a value using AES-256.

Caveat You cannot properly encrypt/decrypt data with trailing null bytes. Any trailing null bytes will be removed on decryption due to how PHP pads messages with nulls prior to encryption.

Parameters

string $plain

The value to encrypt.

string $key

The 256 bit/32 byte key to use as a cipher key.

string|null $hmacSalt optional

The salt to use for the HMAC process. Leave null to use Security.salt.

Returns

string

Encrypted data.

Throws

InvalidArgumentException
On invalid data or key.

engine() public static 

engine(mixed $instance)

Get the crypto implementation based on the loaded extensions.

You can use this method to forcibly decide between mcrypt/openssl/custom implementations.

Parameters

\Cake\Utility\Crypto\OpenSsl|\Cake\Utility\Crypto\Mcrypt|null $instance optional

The crypto instance to use.

Returns

\Cake\Utility\Crypto\OpenSsl|\Cake\Utility\Crypto\Mcrypt

Crypto instance.

Throws

InvalidArgumentException
When no compatible crypto extension is available.

getSalt() public static 

getSalt()

Gets the HMAC salt to be used for encryption/decryption routines.

Returns

string

The currently configured salt

hash() public static 

hash(mixed $string, mixed $algorithm, mixed $salt)

Create a hash from string using given method.

Parameters

string $string

String to hash

string|null $algorithm optional

Hashing algo to use (i.e. sha1, sha256 etc.). Can be any valid algo included in list returned by hash_algos(). If no value is passed the type specified by Security::$hashType is used.

mixed $salt optional

If true, automatically prepends the application's salt value to $string (Security.salt).

Returns

string

Hash

Throws

RuntimeException

Links

https://book.cakephp.org/3/en/core-libraries/security.html#hashing-data

insecureRandomBytes() public static 

insecureRandomBytes(mixed $length)

Like randomBytes() above, but not cryptographically secure.

Parameters

int $length

The number of bytes you want.

Returns

string

Random bytes in binary.

See Also

\Cake\Utility\Security::randomBytes()

randomBytes() public static 

randomBytes(mixed $length)

Get random bytes from a secure source.

This method will fall back to an insecure source an trigger a warning if it cannot find a secure source of random data.

Parameters

int $length

The number of bytes you want.

Returns

string

Random bytes in binary.

randomString() public static 

randomString(mixed $length)

Creates a secure random string.

Parameters

int $length optional

String length. Default 64.

Returns

string

rijndael() public static 

rijndael(mixed $text, mixed $key, mixed $operation)

Encrypts/Decrypts a text using the given key using rijndael method.

Parameters

string $text

Encrypted string to decrypt, normal string to encrypt

string $key

Key to use as the encryption key for encrypted data.

string $operation

Operation to perform, encrypt or decrypt

Returns

string

Encrypted/Decrypted string.

Throws

InvalidArgumentException
When there are errors.

salt() public static 

salt(mixed $salt)

Gets or sets the HMAC salt to be used for encryption/decryption routines.

Parameters

string|null $salt optional

The salt to use for encryption routines. If null returns current salt.

Returns

string

The currently configured salt

setHash() public static 

setHash(mixed $hash)

Sets the default hash method for the Security object. This affects all objects using Security::hash().

Parameters

string $hash

Method to use (sha1/sha256/md5 etc.)

See Also

\Cake\Utility\Security::hash()

setSalt() public static 

setSalt(mixed $salt)

Sets the HMAC salt to be used for encryption/decryption routines.

Parameters

string $salt

The salt to use for encryption routines.

Property Detail

$_instance protected static

The crypto implementation to use.

Type

object

$_salt protected static

The HMAC salt to use for encryption and decryption routines

Type

string|null

$hashType public static

Default hash method. If $type param for Security::hash() is not specified this value is used. Defaults to 'sha1'.

Type

string

© 2005–present The Cake Software Foundation, Inc.
Licensed under the MIT License.
CakePHP is a registered trademark of Cake Software Foundation, Inc.
We are not endorsed by or affiliated with CakePHP.
https://api.cakephp.org/3.9/class-Cake.Utility.Security.html