我的书签
添加书签
移除书签Crypt Component
Phalcon provides encryption facilities via the Phalcon\Crypt component. This class offers simple object-oriented wrappers to the PHP’s encryption library.
By default, this component utilizes the AES-256-CFB cipher.
The cipher AES-256 is used among other places in SSL/TLS across the Internet. It’s considered among the top ciphers. In theory it’s not crackable since the combinations of keys are massive. Although NSA has categorized this in Suite B, they have also recommended using higher than 128-bit keys for encryption.
Basic Usage
This component is designed to be very simple to use:
If no parameters are passed in the constructor, the component will use the aes-256-cfb cipher with signing by default. You can always change the cipher as well as disable signing.
<?phpuse Phalcon\Crypt;$key = "12345"; // Your luggage combination$crypt = new Crypt();$crypt->setCipher('aes-256-gcm')->useSigning(false);$text = 'This is the text that you want to encrypt.';$encrypted = $crypt->encrypt($text, $key);echo $crypt->decrypt($encrypted, $key);
Encrypt
<?phpuse Phalcon\Crypt;$key = "12345"; // Your luggage combination$crypt = new Crypt();$crypt->setKey($key);$text = 'This is the text that you want to encrypt.';$encrypted = $crypt->encrypt($text);
or using the key as the second parameter
The method will also internally use signing by default. You can always use useSigning(false) prior to the method call to disable it.
The decrypt() method decrypts a string. Similar to encrypt() the component will use the previously set cipher, which has been set in the constructor or explicitly. If no key is passed in the parameter, the previously set key will be used.
use Phalcon\Crypt;$key = "12345"; // Your luggage combination$crypt = new Crypt();$crypt->setKey($key);$text = 'T4\xb1\x8d\xa9\x98\x05\\\x8c\xbe\x1d\x07&[\x99\x18\xa4~Lc1\xbeW\xb3';$encrypted = $crypt->decrypt($text);
or using the key as the second parameter
<?php$key = "12345"; // Your luggage combination$crypt = new Crypt();$crypt->setKey($key);$text = 'T4\xb1\x8d\xa9\x98\x05\\\x8c\xbe\x1d\x07&[\x99\x18\xa4~Lc1\xbeW\xb3';$encrypted = $crypt->decrypt($text, $key);
The method will also internally use signing by default. You can always use useSigning(false) prior to the method call to disable it.
Base64 Encrypt
The encryptBase64() can be used to encrypt a string in a URL friendly way. It uses encrypt() internally and accepts the text and optionally the key of the element to encrypt. There is also a third parameter safe (defaults to false) which will perform string replacements for non URL friendly characters such as + or /.
Base64 Decrypt
The decryptBase64() can be used to deecrypt a string in a URL friendly way. Similar to encryptBase64() it uses decrypt() internally and accepts the text and optionally the key of the element to encrypt. There is also a third parameter safe (defaults to false) which will perform string replacements for previously replaced non URL friendly characters such as + or /.
Exceptions thrown in the component will be of type [Phalcon\Crypt\Exception][config-exception]. If however you are using signing and the calculated hash for decrypt() does not match, Phalcon\Crypt\Mismatch will be thrown. You can use these exceptions to selectively catch exceptions thrown only from this component.
Functionality
The getter getCipher() returns the currently selected cipher. If none has been explicitly defined either by the setter setCipher() or the constructor of the object the aes-256-cfb is selected by default. The aes-256-gcm is the preferable cipher.
Hash algorithm
The getter getHashAlgo() returns the hashing algorithm use by the component. If none has been explicitly defined by the setter setHashAlgo() the sha256 will be used. If the hash algorithm defined is not available in the system or is wrong, a [Phalcon\Crypt\Exception][crypt=exception] will be thrown.
You can always get an array of all the available hashing algorithms for your system by calling getAvailableHashAlgos().
The component offers a getter and a setter for the key to be used. Once the key is set, it will be used for any encrypting or decrypting operation (provided that the key parameter is not defined when using these methods).
getKey(): Returns the encryption key.setKey()Sets the encryption key.
Signing
To instruct the component to use signing or not, useSigning is available. It accepts a boolean which sets a flag internally, specifying whether signing will be used or not.
If the cipher selected is of type gcm or ccm (what the cipher name ends with), auth data is required for the component to correctly encrypt or decrypt data. The methods available for this operation are:
setAuthTag()setAuthData()setAuthTagLength()- defaults to16
Padding
You can also set the padding used by the component by using setPadding(). By default the component will use PADDING_DEFAULT. The available padding constants are:
PADDING_ANSI_X_923PADDING_DEFAULTPADDING_ISO_10126PADDING_PKCS7PADDING_SPACEPADDING_ZERO
Dependency Injection
As with most Phalcon components, you can store the Phalcon\Crypt object in your container. By doing so, you will be able to access your configuration object from controllers, models, views and any component that implements Injectable.
<?phpuse Phalcon\Di\FactoryDefault;use Phalcon\Crypt;// Create a container$container = new FactoryDefault();$container->set('crypt',function () {// Set a global encryption key$crypt->setKey("T4\xb1\x8d\xa9\x98\x05\\\x8c\xbe\x1d\x07&[\x99\x18\xa4~Lc1\xbeW\xb3");return $crypt;},true);
The component is now available in your controllers using the crypt key
<?phpuse MyApp\Models\Secrets;use Phalcon\Crypt;use Phalcon\Http\Request;use Phalcon\Mvc\Controller;/*** @property Crypt $crypt* @property Request $request*/class SecretsController extends Controller{public function saveAction(){$secret = new Secrets();$text = $this->request->getPost('text');$secret->content = $this->crypt->encrypt($text);if ($secret->save()) {$this->flash->success('Secret was successfully created!');}}
