Class Security

Security Library contains utility methods related to security

Namespace: Cake\Utility

Properties summary

  • $_instance protected static
    object

    The crypto implementation to use.

  • $_salt protected static
    string|null

    The HMAC salt to use for encryption and decryption routines

  • $hashType public static
    string

    Default hash method. If $type param for Security::hash() is not specified this value is used. Defaults to 'sha1'.

Method Summary

  • _checkKey() protected static

    Check the encryption key for proper length.

  • constantEquals() public static

    A timing attack resistant comparison that prefers native PHP implementations.

  • decrypt() public static

    Decrypt a value using AES-256.

  • encrypt() public static

    Encrypt a value using AES-256.

  • engine() public static

    Get the crypto implementation based on the loaded extensions.

  • getSalt() public static

    Gets the HMAC salt to be used for encryption/decryption routines.

  • hash() public static

    Create a hash from string using given method.

  • insecureRandomBytes() public static

    Like randomBytes() above, but not cryptographically secure.

  • randomBytes() public static

    Get random bytes from a secure source.

  • randomString() public static

    Creates a secure random string.

  • setHash() public static

    Sets the default hash method for the Security object. This affects all objects using Security::hash().

  • setSalt() public static

    Sets the HMAC salt to be used for encryption/decryption routines.

Method Detail

_checkKey() protected static

_checkKey(string $key, string $method)

Check the encryption key for proper length.

Parameters

string $key

Key to check.

string $method

The method the key is being checked for.

Throws

InvalidArgumentException
When key length is not 256 bit/32 bytes

constantEquals() public static

constantEquals(mixed $original, mixed $compare)

A timing attack resistant comparison that prefers native PHP implementations.

Parameters

mixed $original

The original value.

mixed $compare

The comparison value.

Returns

bool

decrypt() public static

decrypt(string $cipher, string $key, ?string $hmacSalt)

Decrypt a value using AES-256.

Parameters

string $cipher

The ciphertext to decrypt.

string $key

The 256 bit/32 byte key to use as a cipher key.

string|null $hmacSalt optional

The salt to use for the HMAC process. Leave null to use value of Security::getSalt().

Returns

string|null

Decrypted data. Any trailing null bytes will be removed.

Throws

InvalidArgumentException
On invalid data or key.

encrypt() public static

encrypt(string $plain, string $key, ?string $hmacSalt)

Encrypt a value using AES-256.

Caveat You cannot properly encrypt/decrypt data with trailing null bytes. Any trailing null bytes will be removed on decryption due to how PHP pads messages with nulls prior to encryption.

Parameters

string $plain

The value to encrypt.

string $key

The 256 bit/32 byte key to use as a cipher key.

string|null $hmacSalt optional

The salt to use for the HMAC process. Leave null to use value of Security::getSalt().

Returns

string

Encrypted data.

Throws

InvalidArgumentException
On invalid data or key.

engine() public static

engine(mixed $instance)

Get the crypto implementation based on the loaded extensions.

You can use this method to forcibly decide between openssl/custom implementations.

Parameters

\Cake\Utility\Crypto\OpenSsl|null $instance optional

The crypto instance to use.

Returns

\Cake\Utility\Crypto\OpenSsl

Crypto instance.

Throws

InvalidArgumentException
When no compatible crypto extension is available.

getSalt() public static

getSalt()

Gets the HMAC salt to be used for encryption/decryption routines.

Returns

string

The currently configured salt

hash() public static

hash(string $string, ?string $algorithm, mixed $salt)

Create a hash from string using given method.

Parameters

string $string

String to hash

string|null $algorithm optional

Hashing algo to use (i.e. sha1, sha256 etc.). Can be any valid algo included in list returned by hash_algos(). If no value is passed the type specified by Security::$hashType is used.

mixed $salt optional

If true, automatically prepends the value returned by Security::getSalt() to $string.

Returns

string

Hash

Throws

RuntimeException

Links

insecureRandomBytes() public static

insecureRandomBytes(int $length)

Like randomBytes() above, but not cryptographically secure.

Parameters

int $length

The number of bytes you want.

Returns

string

Random bytes in binary.

See Also

\Cake\Utility\Security::randomBytes()

randomBytes() public static

randomBytes(int $length)

Get random bytes from a secure source.

This method will fall back to an insecure source an trigger a warning if it cannot find a secure source of random data.

Parameters

int $length

The number of bytes you want.

Returns

string

Random bytes in binary.

randomString() public static

randomString(int $length)

Creates a secure random string.

Parameters

int $length optional

String length. Default 64.

Returns

string

setHash() public static

setHash(string $hash)

Sets the default hash method for the Security object. This affects all objects using Security::hash().

Parameters

string $hash

Method to use (sha1/sha256/md5 etc.)

See Also

\Cake\Utility\Security::hash()

setSalt() public static

setSalt(string $salt)

Sets the HMAC salt to be used for encryption/decryption routines.

Parameters

string $salt

The salt to use for encryption routines.

Property Detail

$_instance protected static

The crypto implementation to use.

Type

object

$_salt protected static

The HMAC salt to use for encryption and decryption routines

Type

string|null

$hashType public static

Default hash method. If $type param for Security::hash() is not specified this value is used. Defaults to 'sha1'.

Type

string

© 2005–present The Cake Software Foundation, Inc.
Licensed under the MIT License.
CakePHP is a registered trademark of Cake Software Foundation, Inc.
We are not endorsed by or affiliated with CakePHP.
https://api.cakephp.org/4.1/class-Cake.Utility.Security.html