Class Security
Security Library contains utility methods related to security
Properties summary
- $_instance protected static
object
The crypto implementation to use.
- $_salt protected static
string|null
The HMAC salt to use for encryption and decryption routines
- $hashType public static
string
Default hash method. If
$type
param forSecurity::hash()
is not specified this value is used. Defaults to 'sha1'.
Method Summary
- constantEquals() public static
A timing attack resistant comparison that prefers native PHP implementations.
- setHash() public static
Sets the default hash method for the Security object. This affects all objects using Security::hash().
Method Detail
_checkKey() protected static
_checkKey(mixed $key, mixed $method)
Check the encryption key for proper length.
Parameters
-
string
$key Key to check.
-
string
$method The method the key is being checked for.
Throws
InvalidArgumentException
When key length is not 256 bit/32 bytes
constantEquals() public static
constantEquals(mixed $original, mixed $compare)
A timing attack resistant comparison that prefers native PHP implementations.
Parameters
-
string
$original The original value.
-
string
$compare The comparison value.
Returns
bool
See Also
decrypt() public static
decrypt(mixed $cipher, mixed $key, mixed $hmacSalt)
Decrypt a value using AES-256.
Parameters
-
string
$cipher The ciphertext to decrypt.
-
string
$key The 256 bit/32 byte key to use as a cipher key.
-
string|null
$hmacSalt optional The salt to use for the HMAC process. Leave null to use Security.salt.
Returns
string|false
Decrypted data. Any trailing null bytes will be removed.
Throws
InvalidArgumentException
On invalid data or key.
encrypt() public static
encrypt(mixed $plain, mixed $key, mixed $hmacSalt)
Encrypt a value using AES-256.
Caveat You cannot properly encrypt/decrypt data with trailing null bytes. Any trailing null bytes will be removed on decryption due to how PHP pads messages with nulls prior to encryption.
Parameters
-
string
$plain The value to encrypt.
-
string
$key The 256 bit/32 byte key to use as a cipher key.
-
string|null
$hmacSalt optional The salt to use for the HMAC process. Leave null to use Security.salt.
Returns
string
Encrypted data.
Throws
InvalidArgumentException
On invalid data or key.
engine() public static
engine(mixed $instance)
Get the crypto implementation based on the loaded extensions.
You can use this method to forcibly decide between mcrypt/openssl/custom implementations.
Parameters
-
\Cake\Utility\Crypto\OpenSsl|\Cake\Utility\Crypto\Mcrypt|null
$instance optional The crypto instance to use.
Returns
\Cake\Utility\Crypto\OpenSsl|\Cake\Utility\Crypto\Mcrypt
Crypto instance.
Throws
InvalidArgumentException
When no compatible crypto extension is available.
getSalt() public static
getSalt()
Gets the HMAC salt to be used for encryption/decryption routines.
Returns
string
The currently configured salt
hash() public static
hash(mixed $string, mixed $algorithm, mixed $salt)
Create a hash from string using given method.
Parameters
-
string
$string String to hash
-
string|null
$algorithm optional Hashing algo to use (i.e. sha1, sha256 etc.). Can be any valid algo included in list returned by hash_algos(). If no value is passed the type specified by
Security::$hashType
is used.-
mixed
$salt optional If true, automatically prepends the application's salt value to $string (Security.salt).
Returns
string
Hash
Throws
RuntimeException
Links
insecureRandomBytes() public static
insecureRandomBytes(mixed $length)
Like randomBytes() above, but not cryptographically secure.
Parameters
-
int
$length The number of bytes you want.
Returns
string
Random bytes in binary.
See Also
randomBytes() public static
randomBytes(mixed $length)
Get random bytes from a secure source.
This method will fall back to an insecure source an trigger a warning if it cannot find a secure source of random data.
Parameters
-
int
$length The number of bytes you want.
Returns
string
Random bytes in binary.
randomString() public static
randomString(mixed $length)
Creates a secure random string.
Parameters
-
int
$length optional String length. Default 64.
Returns
string
rijndael() public static
rijndael(mixed $text, mixed $key, mixed $operation)
Encrypts/Decrypts a text using the given key using rijndael method.
Parameters
-
string
$text Encrypted string to decrypt, normal string to encrypt
-
string
$key Key to use as the encryption key for encrypted data.
-
string
$operation Operation to perform, encrypt or decrypt
Returns
string
Encrypted/Decrypted string.
Throws
InvalidArgumentException
When there are errors.
salt() public static
salt(mixed $salt)
Gets or sets the HMAC salt to be used for encryption/decryption routines.
Parameters
-
string|null
$salt optional The salt to use for encryption routines. If null returns current salt.
Returns
string
The currently configured salt
setHash() public static
setHash(mixed $hash)
Sets the default hash method for the Security object. This affects all objects using Security::hash().
Parameters
-
string
$hash Method to use (sha1/sha256/md5 etc.)
See Also
setSalt() public static
setSalt(mixed $salt)
Sets the HMAC salt to be used for encryption/decryption routines.
Parameters
-
string
$salt The salt to use for encryption routines.
Property Detail
$_instance protected static
The crypto implementation to use.
Type
object
$_salt protected static
The HMAC salt to use for encryption and decryption routines
Type
string|null
$hashType public static
Default hash method. If $type
param for Security::hash()
is not specified this value is used. Defaults to 'sha1'.
Type
string
© 2005–present The Cake Software Foundation, Inc.
Licensed under the MIT License.
CakePHP is a registered trademark of Cake Software Foundation, Inc.
We are not endorsed by or affiliated with CakePHP.
https://api.cakephp.org/3.9/class-Cake.Utility.Security.html