Security Library contains utility methods related to security
object
The crypto implementation to use.
string|null
The HMAC salt to use for encryption and decryption routines
string
Default hash method. If $type
param for Security::hash()
is not specified this value is used. Defaults to 'sha1'.
A timing attack resistant comparison that prefers native PHP implementations.
Sets the default hash method for the Security object. This affects all objects using Security::hash().
_checkKey(string $key, string $method)
Check the encryption key for proper length.
string
$key Key to check.
string
$method The method the key is being checked for.
InvalidArgumentException
constantEquals(mixed $original, mixed $compare)
A timing attack resistant comparison that prefers native PHP implementations.
mixed
$original The original value.
mixed
$compare The comparison value.
bool
decrypt(string $cipher, string $key, ?string $hmacSalt)
Decrypt a value using AES-256.
string
$cipher The ciphertext to decrypt.
string
$key The 256 bit/32 byte key to use as a cipher key.
string|null
$hmacSalt optional The salt to use for the HMAC process. Leave null to use value of Security::getSalt().
string|null
Decrypted data. Any trailing null bytes will be removed.
InvalidArgumentException
encrypt(string $plain, string $key, ?string $hmacSalt)
Encrypt a value using AES-256.
Caveat You cannot properly encrypt/decrypt data with trailing null bytes. Any trailing null bytes will be removed on decryption due to how PHP pads messages with nulls prior to encryption.
string
$plain The value to encrypt.
string
$key The 256 bit/32 byte key to use as a cipher key.
string|null
$hmacSalt optional The salt to use for the HMAC process. Leave null to use value of Security::getSalt().
string
Encrypted data.
InvalidArgumentException
engine(mixed $instance)
Get the crypto implementation based on the loaded extensions.
You can use this method to forcibly decide between openssl/custom implementations.
\Cake\Utility\Crypto\OpenSsl|null
$instance optional The crypto instance to use.
\Cake\Utility\Crypto\OpenSsl
Crypto instance.
InvalidArgumentException
getSalt()
Gets the HMAC salt to be used for encryption/decryption routines.
string
The currently configured salt
hash(string $string, ?string $algorithm, mixed $salt)
Create a hash from string using given method.
string
$string String to hash
string|null
$algorithm optional Hashing algo to use (i.e. sha1, sha256 etc.). Can be any valid algo included in list returned by hash_algos(). If no value is passed the type specified by Security::$hashType
is used.
mixed
$salt optional If true, automatically prepends the value returned by Security::getSalt() to $string.
string
Hash
RuntimeException
insecureRandomBytes(int $length)
Like randomBytes() above, but not cryptographically secure.
int
$length The number of bytes you want.
string
Random bytes in binary.
randomBytes(int $length)
Get random bytes from a secure source.
This method will fall back to an insecure source an trigger a warning if it cannot find a secure source of random data.
int
$length The number of bytes you want.
string
Random bytes in binary.
randomString(int $length)
Creates a secure random string.
int
$length optional String length. Default 64.
string
setHash(string $hash)
Sets the default hash method for the Security object. This affects all objects using Security::hash().
string
$hash Method to use (sha1/sha256/md5 etc.)
setSalt(string $salt)
Sets the HMAC salt to be used for encryption/decryption routines.
string
$salt The salt to use for encryption routines.
The crypto implementation to use.
object
The HMAC salt to use for encryption and decryption routines
string|null
Default hash method. If $type
param for Security::hash()
is not specified this value is used. Defaults to 'sha1'.
string
© 2005–present The Cake Software Foundation, Inc.
Licensed under the MIT License.
CakePHP is a registered trademark of Cake Software Foundation, Inc.
We are not endorsed by or affiliated with CakePHP.
https://api.cakephp.org/4.1/class-Cake.Utility.Security.html