Security Library contains utility methods related to security
object|null
The crypto implementation to use.
string|null
The HMAC salt to use for encryption and decryption routines
string
Default hash method. If $type
param for Security::hash()
is not specified this value is used. Defaults to 'sha1'.
Check the encryption key for proper length.
A timing attack resistant comparison that prefers native PHP implementations.
Decrypt a value using AES-256.
Encrypt a value using AES-256.
Get the crypto implementation based on the loaded extensions.
Gets the HMAC salt to be used for encryption/decryption routines.
Create a hash from string using given method.
Like randomBytes() above, but not cryptographically secure.
Get random bytes from a secure source.
Creates a secure random string.
Sets the default hash method for the Security object. This affects all objects using Security::hash().
Sets the HMAC salt to be used for encryption/decryption routines.
_checkKey(string $key, string $method): void
Check the encryption key for proper length.
string
$key Key to check.
string
$method The method the key is being checked for.
void
InvalidArgumentException
constantEquals(mixed $original, mixed $compare): bool
A timing attack resistant comparison that prefers native PHP implementations.
mixed
$original The original value.
mixed
$compare The comparison value.
bool
decrypt(string $cipher, string $key, string|null $hmacSalt = null): string|null
Decrypt a value using AES-256.
string
$cipher The ciphertext to decrypt.
string
$key The 256 bit/32 byte key to use as a cipher key.
string|null
$hmacSalt optional The salt to use for the HMAC process. Leave null to use value of Security::getSalt().
string|null
InvalidArgumentException
encrypt(string $plain, string $key, string|null $hmacSalt = null): string
Encrypt a value using AES-256.
Caveat You cannot properly encrypt/decrypt data with trailing null bytes. Any trailing null bytes will be removed on decryption due to how PHP pads messages with nulls prior to encryption.
string
$plain The value to encrypt.
string
$key The 256 bit/32 byte key to use as a cipher key.
string|null
$hmacSalt optional The salt to use for the HMAC process. Leave null to use value of Security::getSalt().
string
InvalidArgumentException
engine(Cake\Utility\Crypto\OpenSsl|null $instance = null): Cake\Utility\Crypto\OpenSsl
Get the crypto implementation based on the loaded extensions.
You can use this method to forcibly decide between openssl/custom implementations.
Cake\Utility\Crypto\OpenSsl|null
$instance optional The crypto instance to use.
Cake\Utility\Crypto\OpenSsl
InvalidArgumentException
getSalt(): string
Gets the HMAC salt to be used for encryption/decryption routines.
string
hash(string $string, string|null $algorithm = null, mixed $salt = false): string
Create a hash from string using given method.
string
$string String to hash
string|null
$algorithm optional Hashing algo to use (i.e. sha1, sha256 etc.). Can be any valid algo included in list returned by hash_algos(). If no value is passed the type specified by Security::$hashType
is used.
mixed
$salt optional If true, automatically prepends the value returned by Security::getSalt() to $string.
string
RuntimeException
insecureRandomBytes(int $length): string
Like randomBytes() above, but not cryptographically secure.
int
$length The number of bytes you want.
string
randomBytes(int $length): string
Get random bytes from a secure source.
This method will fall back to an insecure source an trigger a warning if it cannot find a secure source of random data.
int
$length The number of bytes you want.
string
randomString(int $length = 64): string
Creates a secure random string.
int
$length optional String length. Default 64.
string
setHash(string $hash): void
Sets the default hash method for the Security object. This affects all objects using Security::hash().
string
$hash Method to use (sha1/sha256/md5 etc.)
void
setSalt(string $salt): void
Sets the HMAC salt to be used for encryption/decryption routines.
string
$salt The salt to use for encryption routines.
void
The crypto implementation to use.
object|null
The HMAC salt to use for encryption and decryption routines
string|null
Default hash method. If $type
param for Security::hash()
is not specified this value is used. Defaults to 'sha1'.
string
© 2005–present The Cake Software Foundation, Inc.
Licensed under the MIT License.
CakePHP is a registered trademark of Cake Software Foundation, Inc.
We are not endorsed by or affiliated with CakePHP.
https://api.cakephp.org/4.4/class-Cake.Utility.Security.html