1. class
  2. SilverStripe
  3. \
  4. HybridSessions
  5. \
  6. Crypto
  7. \
  8. OpenSSLCrypto

OpenSSLCrypto

class OpenSSLCrypto implements CryptoHandler (View source)

Some cryptography used for Session cookie encryption.

Properties

protected $key
protected $salt
protected $saltedKey

Methods

public
string
getKey()

No description

public
string
getSalt()

No description

public
__construct(string $key, string $salt)

No description

public
string
encrypt(string $cleartext)

Encrypt and then sign some cleartext

public
string
decrypt(string $data)

Check the signature on an encrypted-and-signed message, and if valid decrypt the content

Details

at line 20
string getKey()

No description

Return Value

string

at line 28
string getSalt()

No description

Return Value

string

at line 47
__construct(string $key, string $salt)

No description

Parameters

string $key

a per-site secret string which is used as the base encryption key.
string $salt

a per-session random string which is used as a salt to generate a per-session key

The base encryption key needs to stay secret. If an attacker ever gets it, they can read their session, and even modify & re-sign it.

The salt is a random per-session string that is used with the base encryption key to create a per-session key. This (amongst other things) makes sure an attacker can't use a known-plaintext attack to guess the key.

Normally we could create a salt on encryption, send it to the client as part of the session (it doesn't need to remain secret), then use the returned salt to decrypt. But we already have the Session ID which makes a great salt, so no need to generate & handle another one.

at line 60
string encrypt(string $cleartext)

Encrypt and then sign some cleartext

Parameters

string $cleartext
  • The cleartext to encrypt and sign

Return Value

string

at line 86
string decrypt(string $data)

Check the signature on an encrypted-and-signed message, and if valid decrypt the content

Parameters

string $data

Return Value

string