Gitee
\
Acme
Aura
Intl
Exception
Behavior
Boris
Cake
Auth
Storage
Cache
Engine
Chronos
Benchmarks
Chronos
MutableDateTime
Traits
Collection
Iterator
Command
Console
Exception
Controller
Component
Exception
Core
Configure
Engine
Exception
Retry
Database
Driver
Exception
Expression
Log
Retry
Schema
Statement
Type
Datasource
Exception
Error
Middleware
Event
Decorator
Filesystem
Form
Http
Client
Adapter
Auth
Cookie
Exception
Middleware
Session
I18n
Formatter
Middleware
Parser
Log
Engine
Mailer
Exception
Transport
Network
Exception
ORM
Association
Loader
Behavior
Translate
Exception
Locator
Rule
PHPStan
Routing
Exception
Filter
Middleware
Route
Shell
Helper
Task
Test
Fixture
TestSuite
Constraint
Console
Email
Response
Session
View
Fixture
Stub
Utility
Crypto
Exception
Validation
View
Exception
Form
Helper
Widget
Composer
Autoload
Installers
f4engine
engine
Home
Controller
Monolog
Formatter
Handler
Processor
Org
Net
Util
Psr
Http
Message
Log
Test
SimpleCache
Think
Cache
Driver
Controller
Crypt
Driver
Db
Driver
Image
Driver
Log
Driver
Model
Session
Driver
Storage
Driver
Template
Driver
TagLib
Upload
Driver
Bcs
Qiniu
Zend
Diactoros
Exception
Request
Response

\Cake\UtilitySecurity

Security Library contains utility methods related to security

Summary

Methods
Properties
Constants
hash()
setHash()
randomBytes()
randomString()
insecureRandomBytes()
engine()
rijndael()
encrypt()
decrypt()
constantEquals()
getSalt()
setSalt()
salt()
$hashType
No constants found
_checkKey()
$_salt
$_instance
N/A
No private methods found
No private properties found
N/A

Properties

$hashType

$hashType : string

Default hash method. If `$type` param for `Security::hash()` is not specified this value is used. Defaults to 'sha1'.

Type

string

$_salt

$_salt : string

The HMAC salt to use for encryption and decryption routines

Type

string

$_instance

$_instance : object

The crypto implementation to use.

Type

object

Methods

hash()

hash(string  $string, string|null  $algorithm = null, mixed  $salt = false) : string

Create a hash from string using given method.

Parameters

string $string

String to hash
string|null $algorithm

Hashing algo to use (i.e. sha1, sha256 etc.). Can be any valid algo included in list returned by hash_algos(). If no value is passed the type specified by Security::$hashType is used.
mixed $salt

If true, automatically prepends the application's salt value to $string (Security.salt).

Returns

string —

Hash

setHash()

setHash(string  $hash) : void

Sets the default hash method for the Security object. This affects all objects using Security::hash().

Parameters

string $hash

Method to use (sha1/sha256/md5 etc.)

randomBytes()

randomBytes(integer  $length) : string

Get random bytes from a secure source.

This method will fall back to an insecure source an trigger a warning if it cannot find a secure source of random data.

Parameters

integer $length

The number of bytes you want.

Returns

string —

Random bytes in binary.

randomString()

randomString(integer  $length = 64) : string

Creates a secure random string.

Parameters

integer $length

String length. Default 64.

Returns

string

insecureRandomBytes()

insecureRandomBytes(integer  $length) : string

Like randomBytes() above, but not cryptographically secure.

Parameters

integer $length

The number of bytes you want.

Returns

string —

Random bytes in binary.

engine()

engine(\Cake\Utility\Crypto\OpenSsl|\Cake\Utility\Crypto\Mcrypt|null  $instance = null) : \Cake\Utility\Crypto\OpenSsl|\Cake\Utility\Crypto\Mcrypt

Get the crypto implementation based on the loaded extensions.

You can use this method to forcibly decide between mcrypt/openssl/custom implementations.

Parameters

\Cake\Utility\Crypto\OpenSsl|\Cake\Utility\Crypto\Mcrypt|null $instance

The crypto instance to use.

Throws

\InvalidArgumentException

When no compatible crypto extension is available.

Returns

\Cake\Utility\Crypto\OpenSsl|\Cake\Utility\Crypto\Mcrypt

Crypto instance.

rijndael()

rijndael(string  $text, string  $key, string  $operation) : string

Encrypts/Decrypts a text using the given key using rijndael method.

Parameters

string $text

Encrypted string to decrypt, normal string to encrypt
string $key

Key to use as the encryption key for encrypted data.
string $operation

Operation to perform, encrypt or decrypt

Throws

\InvalidArgumentException

When there are errors.

Returns

string —

Encrypted/Decrypted string.

encrypt()

encrypt(string  $plain, string  $key, string|null  $hmacSalt = null) : string

Encrypt a value using AES-256.

Caveat You cannot properly encrypt/decrypt data with trailing null bytes. Any trailing null bytes will be removed on decryption due to how PHP pads messages with nulls prior to encryption.

Parameters

string $plain

The value to encrypt.
string $key

The 256 bit/32 byte key to use as a cipher key.
string|null $hmacSalt

The salt to use for the HMAC process. Leave null to use Security.salt.

Throws

\InvalidArgumentException

On invalid data or key.

Returns

string —

Encrypted data.

decrypt()

decrypt(string  $cipher, string  $key, string|null  $hmacSalt = null) : string|boolean

Decrypt a value using AES-256.

Parameters

string $cipher

The ciphertext to decrypt.
string $key

The 256 bit/32 byte key to use as a cipher key.
string|null $hmacSalt

The salt to use for the HMAC process. Leave null to use Security.salt.

Throws

\InvalidArgumentException

On invalid data or key.

Returns

string|boolean —

Decrypted data. Any trailing null bytes will be removed.

constantEquals()

constantEquals(string  $original, string  $compare) : boolean

A timing attack resistant comparison that prefers native PHP implementations.

Parameters

string $original

The original value.
string $compare

The comparison value.

Returns

boolean

getSalt()

getSalt() : string

Gets the HMAC salt to be used for encryption/decryption routines.

Returns

string —

The currently configured salt

setSalt()

setSalt(string  $salt) : void

Sets the HMAC salt to be used for encryption/decryption routines.

Parameters

string $salt

The salt to use for encryption routines.

salt()

salt(string|null  $salt = null) : string

Gets or sets the HMAC salt to be used for encryption/decryption routines.

Parameters

string|null $salt

The salt to use for encryption routines. If null returns current salt.

Returns

string —

The currently configured salt

_checkKey()

_checkKey(string  $key, string  $method) : void

Check the encryption key for proper length.

Parameters

string $key

Key to check.
string $method

The method the key is being checked for.

Throws

\InvalidArgumentException

When key length is not 256 bit/32 bytes