Encryption/Decryption
Phalcon provides encryption facilities via the Phalcon\Crypt component. This class offers simple object-oriented wrappers to the openssl PHP’s encryption library.
By default, this component provides secure encryption using AES-256-CFB.
You must use a key length corresponding to the current algorithm. For the algorithm used by default it is 32 bytes.
Basic Usage
This component is designed to provide a very simple usage:
<?php
use Phalcon\Crypt;
// Create an instance
$crypt = new Crypt();
/**
* Set the cipher algorithm.
*
* The `aes-256-gcm' is the preferable cipher, but it is not usable until the
* openssl library is upgraded, which is available in PHP 7.1.
*
* The `aes-256-ctr' is arguably the best choice for cipher
* algorithm in these days.
*/
$crypt->setCipher('aes-256-ctr');
/**
* Set the encryption key.
*
* The `$key' should have been previously generated in a cryptographically safe way.
*
* Bad key:
* "le password"
*
* Better (but still unsafe):
* "#1dj8$=dp?.ak//j1V$~%*0X"
*
* Good key:
* "T4\xb1\x8d\xa9\x98\x05\\\x8c\xbe\x1d\x07&[\x99\x18\xa4~Lc1\xbeW\xb3"
*
* Use your own key. Do not copy and paste this example key.
*/
$key = "T4\xb1\x8d\xa9\x98\x05\\\x8c\xbe\x1d\x07&[\x99\x18\xa4~Lc1\xbeW\xb3";
$text = 'This is the text that you want to encrypt.';
$encrypted = $crypt->encrypt($text, $key);
echo $crypt->decrypt($encrypted, $key);
You can use the same instance to encrypt/decrypt several times:
<?php
use Phalcon\Crypt;
// Create an instance
$crypt = new Crypt();
$crypt->setCipher('aes-256-ctr');
// Use your own keys!
$texts = [
"T4\xb1\x8d\xa9\x98\x054t7w!z%C*F-Jk\x98\x05\\\x5c" => 'This is a secret text',
"T4\xb1\x8d\xa9\x98\x05\\\x8c\xbe\x1d\x07&[\x99\x18\xa4~Lc1\xbeW\xb3" => 'This is a very secret',
];
foreach ($texts as $key => $text) {
// Perform the encryption
$encrypted = $crypt->encrypt($text, $key);
// Now decrypt
echo $crypt->decrypt($encrypted, $key);
}
Encryption Options
The following options are available to change the encryption behavior:
Name | Description |
---|---|
Cipher | The cipher is one of the encryption algorithms supported by openssl. You can see a list here |
Example:
<?php
use Phalcon\Crypt;
// Create an instance
$crypt = new Crypt();
// Use blowfish
$crypt->setCipher('bf-cbc');
// Use your own key!
$key = "T4\xb1\x8d\xa9\x98\x05\\\x8c\xbe\x1d\x07&[\x99\x18\xa4~Lc1\xbeW\xb3";
$text = 'This is a secret text';
echo $crypt->encrypt($text, $key);
Base64 Support
In order for encryption to be properly transmitted (emails) or displayed (browsers) base64 encoding is usually applied to encrypted texts:
<?php
use Phalcon\Crypt;
// Create an instance
$crypt = new Crypt();
// Use your own key!
$key = "T4\xb1\x8d\xa9\x98\x05\\\x8c\xbe\x1d\x07&[\x99\x18\xa4~Lc1\xbeW\xb3";
$text = 'This is a secret text';
$encrypt = $crypt->encryptBase64($text, $key);
echo $crypt->decryptBase64($encrypt, $key);
Setting up an Encryption service
You can set up the encryption component in the services container in order to use it from any part of the application:
<?php
use Phalcon\Crypt;
$di->set(
'crypt',
function () {
$crypt = new Crypt();
// Set a global encryption key
$crypt->setKey(
"T4\xb1\x8d\xa9\x98\x05\\\x8c\xbe\x1d\x07&[\x99\x18\xa4~Lc1\xbeW\xb3"
);
return $crypt;
},
true
);
Then, for example, in a controller you can use it as follows:
<?php
use Phalcon\Mvc\Controller;
class SecretsController extends Controller
{
public function saveAction()
{
$secret = new Secrets();
$text = $this->request->getPost('text');
$secret->content = $this->crypt->encrypt($text);
if ($secret->save()) {
$this->flash->success(
'Secret was successfully created!'
);
}
}
}