PHP Class lithium\storage\session\strategy\Encrypt

To use this class, you need to have the mcrypt extension enabled. Example configuration: {{{ Session::config(array('default' => array( 'adapter' => 'Cookie', 'strategies' => array('Encrypt' => array('secret' => 'foobar')) ))); }}} By default, this strategy uses the AES algorithm in the CBC mode. This means that an initialization vector has to be generated and transported with the payload data. This is done transparently, but you may want to keep this in mind (the ECB mode doesn't require an itialization vector but is not recommended to use as it's insecure). You can override this defaults by passing a different cipher and/or mode to the config like this: {{{ Session::config(array('default' => array( 'adapter' => 'Cookie', 'strategies' => array('Encrypt' => array( 'cipher' => MCRYPT_RIJNDAEL_128, 'mode' => MCRYPT_MODE_ECB, // Don't use ECB when you don't have to! 'secret' => 'foobar' )) ))); }}} Please keep in mind that it is generally not a good idea to store sensitive information in cookies (or generally on the client side) and this class is no exception to the rule. It allows you to store client side data in a more secure way, but 100% security can't be achieved.

See link: The mcrypt extension.

See link: List of supported ciphers.

See link: List of supported modes.

Inheritance: extends lithium\core\Object

Afficher le fichier Open project: unionofrad/lithium Class Usage Examples

Protected Properties

Свойство	Type	Description
$_defaults		Default configuration.
$_resource		Holds the crypto resource after initialization.
$_vector		Holds the initialization vector.

Méthodes publiques

Méthode	Description
__construct ( array $config = [] ) : void	Constructor.
__destruct ( ) : void	Destructor. Closes the crypto resource when it is no longer needed.
delete ( mixed $data, array $options = [] ) : string	Delete encryption method.
enabled ( ) : boolean	Determines if the Mcrypt extension has been installed.
read ( array $data, array $options = [] ) : mixed	Read encryption method.
write ( mixed $data, array $options = [] ) : string	Write encryption method.

Méthodes protégées

Méthode	Description
_decrypt ( string $encrypted ) : array	Decrypt and unserialize a previously encrypted string.
_encrypt ( array $decrypted = [] ) : string	Serialize and encrypt a given data array.
_hashSecret ( string $key ) : string	Hashes the given secret to make harder to detect.
_vector ( ) : string	Generates an initialization vector.
_vectorSize ( ) : number	Returns the vector size vor a given cipher and mode.

Method Details

__construct() public méthode

Constructor.

public __construct ( array $config = [] ) : void
$config	array	Configuration array. You can override the default cipher and mode.
Résultat	void

__destruct() public méthode

Destructor. Closes the crypto resource when it is no longer needed.

public __destruct ( ) : void
Résultat	void

_decrypt() protected méthode

Decrypt and unserialize a previously encrypted string.

protected _decrypt ( string $encrypted ) : array
$encrypted	string	The base64 encoded and encrypted string.
Résultat	array	The cleartext data.

_encrypt() protected méthode

Serialize and encrypt a given data array.

protected _encrypt ( array $decrypted = [] ) : string
$decrypted	array	The cleartext data to be encrypted.
Résultat	string	A Base64 encoded and encrypted string.

_hashSecret() protected méthode

This method figures out the appropriate key size for the chosen encryption algorithm and then hashes the given key accordingly. Note that if the key has already the needed length, it is considered to be hashed (secure) already and is therefore not hashed again. This lets you change the hashing method in your own code if you like. The default MCRYPT_RIJNDAEL_128 key should be 32 byte long sha256 is used as the hashing algorithm. If the key size is shorter than the one generated by sha256, the first n bytes will be used.

See link: http://php.net/function.mcrypt-enc-get-key-size.php

protected _hashSecret ( string $key ) : string
$key	string	The possibly too weak key.
Résultat	string	The hashed (raw) key.

_vector() protected static méthode

Generates an initialization vector.

See link: http://php.net/function.mcrypt-create-iv.php

protected static _vector ( ) : string
Résultat	string	Returns an initialization vector.

_vectorSize() protected static méthode

Returns the vector size vor a given cipher and mode.

See link: http://php.net/function.mcrypt-enc-get-iv-size.php

protected static _vectorSize ( ) : number
Résultat	number	The vector size.

delete() public méthode

Delete encryption method.

public delete ( mixed $data, array $options = [] ) : string
$data	mixed	The data to be encrypted.
$options	array	Options for this method.
Résultat	string	Returns the deleted data in cleartext.

enabled() public static méthode

Determines if the Mcrypt extension has been installed.

public static enabled ( ) : boolean
Résultat	boolean	`true` if enabled, `false` otherwise.

read() public méthode

Read encryption method.

public read ( array $data, array $options = [] ) : mixed
$data	array	the Data being read.
$options	array	Options for this method.
Résultat	mixed	Returns the decrypted key or the dataset.

write() public méthode

Write encryption method.

public write ( mixed $data, array $options = [] ) : string
$data	mixed	The data to be encrypted.
$options	array	Options for this method.
Résultat	string	Returns the written data in cleartext.

Property Details

$_defaults protected_oe property

Default configuration.

protected $_defaults

$_resource protected_oe static_oe property

Holds the crypto resource after initialization.

protected static $_resource

$_vector protected_oe static_oe property

Holds the initialization vector.

protected static $_vector