Getting started
Routing and controllers
Command line
Databases (SQL)
Databases (NoSQL)
Security
Packages
Learn more
- Array helper
- Caching
- Collections
- Command bus
- Date and time
- Events
- File system
- HTML helper
- Humanizer
- Image manipulation
- Internationalization
- Logging
- Number helper
- Pagination
- Retry helper
- Sessions
- String helper
- URL builder
- UUID helper
- Validation
- Views
Official packages
Encryption and signing
Mako comes with a set of classes to help you encrypt and sign your data.
Make sure to NEVER use the example secret and keys provided with the framework in production. ALWAYS create your own!
You can easily generate your own secure secret and keys using the
app:generate-secret
andapp:generate-key
reactor commands.
Encryption
Basics
The encryption library allows you to encrypt data using OpenSSL.
First we'll need to get an encrypter instance. This is done using the CryptoManager::getInstance()
method.
// Returns instance of the "default" crypto configuration defined in the config file
$encrypter = $this->crypto->getInstance();
// Returns instance of the "openssl" crypto configuration defined in the config file
$encrypter = $this->crypto->getInstance('openssl');
The encrypt
method is used to encrypt your data.
$encrypted = $encrypter->encrypt('Hello, world!');
The decrypt
method is used to decrypt your data. It throws a CryptoException
if it's unable to decrypt your data.
$decrypted = $encrypter->decrypt($encrypted);
Note that data will automatically be signed with the application secret when encrypted and validated when decrypting when using the Crypto class.
Magic shortcut
You can access the default crypto configuration directly without having to go through the instance
method thanks to the magic __call
method.
$encrypted = $this->crypto->encrypt('Hello, world!');
Re-encrypting data
Sometimes you'll have to re-encrypt data. This could be because you have generated a new application secret or encryption key. Luckily, this can easily be achieved in a few simple lines of code.
// Decrypt data using the old key and secret
$crypto = new Crypto(new OpenSSL(Key::decode($oldKey)), new Signer(Key::decode($oldSecret)));
$decrypted = $crypto->decrypt($encrypted);
// Encrypt the data using the new key and secret
$crypto = new Crypto(new OpenSSL(Key::decode($newKey)), new Signer(Key::decode($newSecret)));
$encrypted = $crypto->encrypt($decrypted);
Note that we're using the
Key::decode()
method since we're assuming that your application secret and encryption key were generated by theapp:generate-secret
andapp:generate-key
reactor commands.
Signing
Signing strings allows you to verify both the data integrity and the authenticity of your data. A HMAC (hash-based message authentication code) will be prepended to your string upon signing and stripped when validated.
You can easily sign strings with the application secret using the default signer instance.
$signed = $this->signer->sign('Hello, world!');
If you want to sign strings with a different secret then you can do so by creating a new Signer instance.
$signer = new Signer('secret_used_to_sign_data');
Make sure to use a cryptographically strong secret and to keep it away from prying eyes.
The sign
method returns a signed version of the provided string.
$signed = $signer->sign('Hello, world!');
The validate
method will check if your string is valid. It returns the original string if it is and false
if not.
$string = $signer->validate($signed);