summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAndrey Andreev <narf@devilix.net>2014-06-21 23:09:36 +0200
committerAndrey Andreev <narf@devilix.net>2014-06-21 23:09:36 +0200
commit42183de45621e09621399ee161135f995af552ff (patch)
tree740dfbc685d8780929684547c6e7e4ac2913ed7c
parent4191be3d3be76909253158a6cd35fbf3a89cfb5f (diff)
Add CI_Encryption::create_key()
This was planned, we somehow forgot about it. :)
-rw-r--r--system/libraries/Encryption.php15
-rw-r--r--user_guide_src/source/libraries/encryption.rst15
2 files changed, 25 insertions, 5 deletions
diff --git a/system/libraries/Encryption.php b/system/libraries/Encryption.php
index d6ffc9bfe..aa91cd3f9 100644
--- a/system/libraries/Encryption.php
+++ b/system/libraries/Encryption.php
@@ -310,6 +310,21 @@ class CI_Encryption {
// --------------------------------------------------------------------
/**
+ * Create a random key
+ *
+ * @param int $length Output length
+ * @return string
+ */
+ public function create_key($length)
+ {
+ return ($this->_driver === 'mcrypt')
+ ? mcrypt_create_iv($length, MCRYPT_DEV_URANDOM)
+ : openssl_random_pseudo_bytes($length);
+ }
+
+ // --------------------------------------------------------------------
+
+ /**
* Encrypt
*
* @param string $data Input data
diff --git a/user_guide_src/source/libraries/encryption.rst b/user_guide_src/source/libraries/encryption.rst
index 28aa57302..1353c4ed0 100644
--- a/user_guide_src/source/libraries/encryption.rst
+++ b/user_guide_src/source/libraries/encryption.rst
@@ -84,14 +84,19 @@ your server is not totally under your control it's impossible to ensure
key security so you may want to think carefully before using it for
anything that requires high security, like storing credit card numbers.
-Your encryption key should be as long as the encyption algorithm in use
-allows. For AES-128, that's 128 bits or 16 bytes (charcters) long. The
-key should be as random as possible and it should **not** be a simple
-text string.
-
+Your encryption key **must** be as long as the encyption algorithm in use
+allows. For AES-128, that's 128 bits or 16 bytes (charcters) long.
You will find a table below that shows the supported key lengths of
different ciphers.
+The key should be as random as possible and it **must not** be a regular
+text string, nor the output of a hashing function, etc. In order to create
+a proper key, you must use the Encryption library's ``create_key()`` method
+::
+
+ // $key will be assigned a 16-byte (128-bit) random key
+ $key = $this->encryption->create_key(16);
+
The key can be either stored in your *application/config/config.php*, or
you can design your own storage mechanism and pass the key dynamically
when encrypting/decrypting.