Luminova Framework

PHP Luminova: Data Encryption and Decryption with the Crypter Module

Last updated: 2024-08-28 22:46:58

Luminova's Crypter class provides methods for encrypting and decrypting data using encryption algorithms in OpenSSL or Sodium.

Luminova Crypter class is straightforward means to implement encryption and decryption functionalities in anywhere in your applications. This helper class seamlessly integrates both Sodium and OpenSSL encryption libraries, providing a unified and simplified interface for encrypting and decrypting data without the need for manual initialization of handlers.


Methods

Supported AES encryption methods with their corresponding key sizes.

public static array $ciphers = []

Each cipher entry specifies the size of the encryption key in bytes.

  • AES-128-CBC - 128-bit key (16 bytes)
  • AES-192-CBC - 192-bit key (24 bytes)
  • AES-256-CBC - 256-bit key (32 bytes)
  • AES-128-CBC-HMAC-SHA1 - 128-bit key (16 bytes)
  • AES-256-CBC-HMAC-SHA1 - 256-bit key (32 bytes)
  • AES-128-CBC-HMAC-SHA256 - 128-bit key (16 bytes)
  • AES-256-CBC-HMAC-SHA256 - 256-bit key (32 bytes)
  • AES-128-CFB - 128-bit key (16 bytes)
  • AES-192-CFB - 192-bit key (24 bytes)
  • AES-256-CFB - 256-bit key (32 bytes)
  • AES-128-CFB1 - 128-bit key (16 bytes)
  • AES-192-CFB1 - 192-bit key (24 bytes)
  • AES-256-CFB1 - 256-bit key (32 bytes)
  • AES-128-CFB8 - 128-bit key (16 bytes)
  • AES-192-CFB8 - 192-bit key (24 bytes)
  • AES-256-CFB8 - 256-bit key (32 bytes)
  • AES-128-CTR - 128-bit key (16 bytes)
  • AES-192-CTR - 192-bit key (24 bytes)
  • AES-256-CTR - 256-bit key (32 bytes)
  • AES-128-ECB - 128-bit key (16 bytes)
  • AES-192-ECB - 192-bit key (24 bytes)
  • AES-256-ECB - 256-bit key (32 bytes)
  • AES-128-OFB - 128-bit key (16 bytes)
  • AES-192-OFB - 192-bit key (24 bytes)
  • AES-256-OFB - 256-bit key (32 bytes)
  • AES-128-XTS - 128-bit key (16 bytes)
  • AES-256-XTS - 256-bit key (32 bytes)

getInstance

Get an instance of OpenSSL or Sodium encryption depending on your configurations in encryption .class located in your controller configuration directory in /app/Config/Encryption.php.

public static getInstance(): \Luminova\Interface\EncryptionInterface

Return Value:

EncryptionInterface - An instance of the encryption class.

Throws:


encrypt

Encrypt the given data using OpenSSL or Sodium encryption.

public static encrypt(string $data): string|bool

Parameters:

ParameterTypeDescription
$datastringThe data to encrypt.

Return Value:

string|bool - Return the encrypted data, or false if encryption fails.

Throws:

Encryption Example

<?php
$encrypted = Crypter::encrypt('Hello world');

decrypt

Decrypt the given data using OpenSSL or Sodium encryption.

public static decrypt(string $data): string|null

Parameters:

ParameterTypeDescription
$datastringThe data to decrypt.

Return Value:

string|null - Return the decrypted data, or null if decryption fails.

Throws:

Decryption Example

<?php
echo Crypter::decrypt($encrypted);

password

Generate a hash representation of user login password string.

public static password(string $password, ?array $options = null): string|false

Parameters:

ParameterTypeDescription
$passwordstringThe actual password to hash.
$optionsarray|nullOptional password hash options.

Return Value:

string|false - Return hashed password otherwise false on empty password.

Default Options:

[
    'cost' => 12,
    'salt' => 'custom_salt', // You can optionally specify a custom salt
    'algorithm' => PASSWORD_BCRYPT, // Optionally specify the algorithm
];

Hashing Password Example

<?php
$hash = Crypter::password('12345@123');

verify

Verify user password against it stored hash value to determine if if they match.

public static verify(string $password, string $hash): bool

Parameters:

ParameterTypeDescription
$passwordstringThe password string to verify.
$hashstringThe password stored hash value.

Return Value:

bool - Return true if password matches with the hash, otherwise false.

Verifying Password Hash Value Example

<?php
$ok = Crypter::password('12345@123', $hash);

supported

Determine if the given key and cipher method are valid.

public static supported(string $key, string $method): bool

Parameters:

ParameterTypeDescription
$keystringThe encryption key.
$methodstringThe encryption cipher method.

Return Value:

bool - Return true if encryption method and key are valid false otherwise.


generate_key

Generates a random encryption key or a pair of private and public keys using the default encryption handler.For RSA key generation, OpenSSL is utilized.

public static generate_key(string $type = 'random', array $options = []): string|array|false

Parameters:

ParameterTypeDescription
$typestringThe type of key to generate: (e.g, 'random', 'private', or 'public').
$optionsarrayAssociative array of options for key generation.

Return Value:

string|array|false - Returns the generated key(s), an array containing private and public keys, or false on failure.

Options Keys:

  • For random type:

    • length: Specifies the length of the random string to generate.
  • For private type:

    • private_key_bits: (default: 2048) Specifies the number of bits in the private key.
    • private_key_type: (default: OPENSSL_KEYTYPE_RSA) Specifies the type of the private key (e.g., OPENSSL_KEYTYPE_RSA).
  • For public type:

    • private_key: Specifies the private key string from which to derive the public key. If not provided, a new private key will be generated.

Example Usage:

Generate a random key:

$key = Crypter::generate_key('random', ['length' => 32]);

Generate a private key:

$privateKey = Crypter::generate_key('private', [
    'private_key_bits' => 2048,
    'private_key_type' => OPENSSL_KEYTYPE_RSA
]);

Generate a public key:

$keys = Crypter::generate_key('public', ['private_key' => $privateKey]);

Configuration

These Configuration properties allows you to configure encryption settings for your application. The location of the configuration class is /app/Config/Encryption.php

$handler

  • Description: Specify encryption handler class to use (openssl or sodium).
  • Type: string
  • Default Value: 'openssl'

$method

  • Description: The encryption mode for openssl (e.g., 'AES-128-CBC', 'AES-192-CBC', 'AES-128-CFB', 'AES-128-ECB').
  • Type: string
  • Default Value: 'AES-128-CBC'

$digest

  • Description: Specify hashing digest to use (e.g., SHA512, SHA256).
  • Type: string
  • Default Value: 'SHA512'

$keyInfo

  • Description: Openssl key information.
  • Type: string
  • Default Value: blank string