SilverStripe\HybridSessions\Crypto\McryptCrypto

class McryptCrypto implements CryptoHandler (View source)

deprecated 2.2.0 Use OpenSSLCrypto instead WARNING: Please beware that McryptCrypto does not preserve zero bytes at the end of encrypted messages. Thus, a message such as "data\x00" will become "data" after encrypt-decrypt. As such, it is not binary safe. It is guaranteed for UTF-8 encoded text not to have zero bytes. However, other encodings may contain those. For example, be careful with UTF-16LE, since characters less than U+0100 are very common.

Some cryptography used for Session cookie encryption. Requires the mcrypt extension.

Properties

protected		$key
protected		$ivSize
protected		$keySize
protected		$salt
protected		$saltedKey

Methods

public

string

getKey()

No description

public

string

getSalt()

No description

public

__construct($key, $salt)

No description

public

string

encrypt($cleartext)

Encrypt and then sign some cleartext

public

string

decrypt(string $data)

Check the signature on an encrypted-and-signed message, and if valid decrypt the content

Details

at line 33
`string getKey()`

No description

Return Value

string

at line 41
`string getSalt()`

No description

Return Value

string

at line 60
`__construct($key, $salt)`

No description

Parameters

$key

a per-site secret string which is used as the base encryption key.

$salt

a per-session random string which is used as a salt to generate a per-session key

The base encryption key needs to stay secret. If an attacker ever gets it, they can read their session, and even modify & re-sign it.

The salt is a random per-session string that is used with the base encryption key to create a per-session key. This (amongst other things) makes sure an attacker can't use a known-plaintext attack to guess the key.

Normally we could create a salt on encryption, send it to the client as part of the session (it doesn't need to remain secret), then use the returned salt to decrypt. But we already have the Session ID which makes a great salt, so no need to generate & handle another one.

at line 77
`string encrypt($cleartext)`

Encrypt and then sign some cleartext

Parameters

$cleartext

The cleartext to encrypt and sign

Return Value

string

at line 102
`string decrypt(string $data)`

Check the signature on an encrypted-and-signed message, and if valid decrypt the content

Parameters

string

$data

Return Value

string

McryptCrypto deprecated

Properties

Methods

Details

at line 33 string getKey()

Return Value

at line 41 string getSalt()

Return Value

at line 60 __construct($key, $salt)

Parameters

at line 77 string encrypt($cleartext)

Parameters

Return Value

at line 102 string decrypt(string $data)

Parameters

Return Value

at line 33
`string getKey()`

at line 41
`string getSalt()`

at line 60
`__construct($key, $salt)`

at line 77
`string encrypt($cleartext)`

at line 102
`string decrypt(string $data)`