_checkKey()source protected static

_checkKey( string $key , string $method )

Check the encryption key for proper length.

Parameters

string $key

Key to check.

string $method

The method the key is being checked for.

Throws

InvalidArgumentException
When key length is not 256 bit/32 bytes

constantEquals()source public static

constantEquals( string $original , string $compare )

A timing attack resistant comparison that prefers native PHP implementations.

Parameters

string $original

The original value.

string $compare

The comparison value.

Returns

boolean

See

https://github.com/resonantcore/php-future/

Since

3.6.2

decrypt()source public static

decrypt( string $cipher , string $key , string|null $hmacSalt = null )

Decrypt a value using AES-256.

Parameters

string $cipher

The ciphertext to decrypt.

string $key

The 256 bit/32 byte key to use as a cipher key.

string|null $hmacSalt optional null

The salt to use for the HMAC process. Leave null to use Security.salt.

Returns

string|boolean
Decrypted data. Any trailing null bytes will be removed.

Throws

InvalidArgumentException
On invalid data or key.

encrypt()source public static

encrypt( string $plain , string $key , string|null $hmacSalt = null )

Encrypt a value using AES-256.

Caveat You cannot properly encrypt/decrypt data with trailing null bytes. Any trailing null bytes will be removed on decryption due to how PHP pads messages with nulls prior to encryption.

Parameters

string $plain

The value to encrypt.

string $key

The 256 bit/32 byte key to use as a cipher key.

string|null $hmacSalt optional null

The salt to use for the HMAC process. Leave null to use Security.salt.

Returns

string
Encrypted data.

Throws

InvalidArgumentException
On invalid data or key.

engine()source public static

engine( Cake\Utility\Crypto\OpenSsl|Cake\Utility\Crypto\Mcrypt|null $instance = null )

Get the crypto implementation based on the loaded extensions.

You can use this method to forcibly decide between mcrypt/openssl/custom implementations.

Parameters

Cake\Utility\Crypto\OpenSsl|Cake\Utility\Crypto\Mcrypt|null $instance optional null

The crypto instance to use.

Returns

Cake\Utility\Crypto\OpenSsl|Cake\Utility\Crypto\Mcrypt
Crypto instance.

Throws

InvalidArgumentException
When no compatible crypto extension is available.

getSalt()source public static

getSalt( )

Gets the HMAC salt to be used for encryption/decryption routines.

Returns

string
The currently configured salt

hash()source public static

hash( string $string , string|null $algorithm = null , mixed $salt = false )

Create a hash from string using given method.

Parameters

string $string

String to hash

string|null $algorithm optional null

Hashing algo to use (i.e. sha1, sha256 etc.). Can be any valid algo included in list returned by hash_algos(). If no value is passed the type specified by Security::$hashType is used.

mixed $salt optional false

If true, automatically prepends the application's salt value to $string (Security.salt).

Returns

string
Hash

Link

https://book.cakephp.org/3.0/en/core-libraries/security.html#hashing-data

insecureRandomBytes()source public static

insecureRandomBytes( integer $length )

Like randomBytes() above, but not cryptographically secure.

Parameters

integer $length

The number of bytes you want.

Returns

string
Random bytes in binary.

See

\Cake\Utility\Security::randomBytes()

randomBytes()source public static

randomBytes( integer $length )

Get random bytes from a secure source.

This method will fall back to an insecure source an trigger a warning if it cannot find a secure source of random data.

Parameters

integer $length

The number of bytes you want.

Returns

string
Random bytes in binary.

randomString()source public static

randomString( integer $length = 64 )

Creates a secure random string.

Parameters

integer $length optional 64

String length. Default 64.

Returns

string

Since

3.6.0

rijndael()source public static deprecated

rijndael( string $text , string $key , string $operation )

Encrypts/Decrypts a text using the given key using rijndael method.

Deprecated

3.6.3 This method relies on functions provided by mcrypt extension which has been deprecated in PHP 7.1 and removed in PHP 7.2. There's no 1:1 replacement for this method. Upgrade your code to use Security::encrypt()/Security::decrypt() with OpenSsl engine instead.

Parameters

string $text

Encrypted string to decrypt, normal string to encrypt

string $key

Key to use as the encryption key for encrypted data.

string $operation

Operation to perform, encrypt or decrypt

Returns

string
Encrypted/Decrypted string.

Throws

InvalidArgumentException
When there are errors.

salt()source public static deprecated

salt( string|null $salt = null )

Gets or sets the HMAC salt to be used for encryption/decryption routines.

Deprecated

3.5.0 Use getSalt()/setSalt() instead.

Parameters

string|null $salt optional null

The salt to use for encryption routines. If null returns current salt.

Returns

string
The currently configured salt

setHash()source public static

setHash( string $hash )

Sets the default hash method for the Security object. This affects all objects using Security::hash().

Parameters

string $hash

Method to use (sha1/sha256/md5 etc.)

See

\Cake\Utility\Security::hash()

setSalt()source public static

setSalt( string $salt )

Sets the HMAC salt to be used for encryption/decryption routines.

Parameters

string $salt

The salt to use for encryption routines.

'sha1'