class McryptCrypto implements CryptoHandler (View source)

deprecated 2.2.0 Use OpenSSLCrypto instead WARNING: Please beware that McryptCrypto does not preserve zero bytes at the end of encrypted messages. Thus, a message such as "data\x00" will become "data" after encrypt-decrypt. As such, it is not binary safe. It is guaranteed for UTF-8 encoded text not to have zero bytes. However, other encodings may contain those. For example, be careful with UTF-16LE, since characters less than U+0100 are very common.

Some cryptography used for Session cookie encryption. Requires the mcrypt extension.

Properties

protected $key
protected $ivSize
protected $keySize
protected $salt
protected $saltedKey

Methods

public
string
getKey()

No description

public
string
getSalt()

No description

public
__construct($key, $salt)

No description

public
string
encrypt($cleartext)

Encrypt and then sign some cleartext

public
string
decrypt(string $data)

Check the signature on an encrypted-and-signed message, and if valid decrypt the content

Details

string getKey()

No description

Return Value

string

string getSalt()

No description

Return Value

string

__construct($key, $salt)

No description

Parameters

$key

a per-site secret string which is used as the base encryption key.

$salt

a per-session random string which is used as a salt to generate a per-session key

The base encryption key needs to stay secret. If an attacker ever gets it, they can read their session, and even modify & re-sign it.

The salt is a random per-session string that is used with the base encryption key to create a per-session key. This (amongst other things) makes sure an attacker can't use a known-plaintext attack to guess the key.

Normally we could create a salt on encryption, send it to the client as part of the session (it doesn't need to remain secret), then use the returned salt to decrypt. But we already have the Session ID which makes a great salt, so no need to generate & handle another one.

string encrypt($cleartext)

Encrypt and then sign some cleartext

Parameters

$cleartext
  • The cleartext to encrypt and sign

Return Value

string

string decrypt(string $data)

Check the signature on an encrypted-and-signed message, and if valid decrypt the content

Parameters

string $data

Return Value

string