From 2067d1a727e7eb5e5ffb40e967f3d1fc4c8a41b2 Mon Sep 17 00:00:00 2001 From: Derek Allard Date: Thu, 13 Nov 2008 22:59:24 +0000 Subject: Changing EOL style to LF --- user_guide/libraries/encryption.html | 362 +++++++++++++++++------------------ 1 file changed, 181 insertions(+), 181 deletions(-) (limited to 'user_guide/libraries/encryption.html') diff --git a/user_guide/libraries/encryption.html b/user_guide/libraries/encryption.html index 092dad2ac..a0733ab19 100644 --- a/user_guide/libraries/encryption.html +++ b/user_guide/libraries/encryption.html @@ -1,182 +1,182 @@ - - - - - -Encryption Class : CodeIgniter User Guide - - - - - - - - - - - - - - - - - - - - - -
- - - - - -

CodeIgniter User Guide Version 1.7

-
- - - - - - - - - -
- - -
- - - -
- - -

Encryption Class

- -

The Encryption Class provides two-way data encryption. It uses a scheme that pre-compiles -the message using a randomly hashed bitwise XOR encoding scheme, which is then encrypted using -the Mcrypt library. If Mcrypt is not available on your server the encoded message will -still provide a reasonable degree of security for encrypted sessions or other such "light" purposes. -If Mcrypt is available, you'll effectively end up with a double-encrypted message string, which should -provide a very high degree of security.

- - -

Setting your Key

- -

A key is a piece of information that controls the cryptographic process and permits an encrypted string to be decoded. -In fact, the key you chose will provide the only means to decode data that was encrypted with that key, -so not only must you choose the key carefully, you must never change it if you intend use it for persistent data.

- -

It goes without saying that you should guard your key carefully. -Should someone gain access to your key, the data will be easily decoded. If your server is not totally under your control -it's impossible to ensure key security so you may want to think carefully before using it for anything -that requires high security, like storing credit card numbers.

- -

To take maximum advantage of the encryption algorithm, your key should be 32 characters in length (128 bits). -The key should be as random a string as you can concoct, with numbers and uppercase and lowercase letters. -Your key should not be a simple text string. In order to be cryptographically secure it -needs to be as random as possible.

- -

Your key can be either stored in your application/config/config.php, or you can design your own -storage mechanism and pass the key dynamically when encoding/decoding.

- -

To save your key to your application/config/config.php, open the file and set:

-$config['encryption_key'] = "YOUR KEY"; - - -

Message Length

- -

It's important for you to know that the encoded messages the encryption function generates will be approximately 2.6 times longer than the original -message. For example, if you encrypt the string "my super secret data", which is 21 characters in length, you'll end up -with an encoded string that is roughly 55 characters (we say "roughly" because the encoded string length increments in -64 bit clusters, so it's not exactly linear). Keep this information in mind when selecting your data storage mechanism. Cookies, -for example, can only hold 4K of information.

- - -

Initializing the Class

- -

Like most other classes in CodeIgniter, the Encryption class is initialized in your controller using the $this->load->library function:

- -$this->load->library('encrypt'); -

Once loaded, the Encrypt library object will be available using: $this->encrypt

- - -

$this->encrypt->encode()

- -

Performs the data encryption and returns it as a string. Example:

- -$msg = 'My secret message';
-
-$encrypted_string = $this->encrypt->encode($msg); - -

You can optionally pass your encryption key via the second parameter if you don't want to use the one in your config file:

- - -$msg = 'My secret message';
-$key = 'super-secret-key';
-
-$encrypted_string = $this->encrypt->encode($msg, $key); - - -

$this->encrypt->decode()

- -

Decrypts an encoded string. Example:

- - -$encrypted_string = 'APANtByIGI1BpVXZTJgcsAG8GZl8pdwwa84';
-
-$plaintext_string = $this->encrypt->decode($encrypted_string); - - -

$this->encrypt->set_cipher();

- -

Permits you to set an Mcrypt cipher. By default it uses MCRYPT_RIJNDAEL_256. Example:

-$this->encrypt->set_cipher(MCRYPT_BLOWFISH); -

Please visit php.net for a list of available ciphers.

- -

If you'd like to manually test whether your server supports Mcrypt you can use:

-echo ( ! function_exists('mcrypt_encrypt')) ? 'Nope' : 'Yup'; - - -

$this->encrypt->set_mode();

- -

Permits you to set an Mcrypt mode. By default it uses MCRYPT_MODE_ECB. Example:

-$this->encrypt->set_mode(MCRYPT_MODE_CFB); -

Please visit php.net for a list of available modes.

- - -

$this->encrypt->sha1();

-

SHA1 encoding function. Provide a string and it will return a 160 bit one way hash. Note: SHA1, just like MD5 is non-decodable. Example:

-$hash = $this->encrypt->sha1('Some string'); - -

Many PHP installations have SHA1 support by default so if all you need is to encode a hash it's simpler to use the native -function:

- -$hash = sha1('Some string'); - -

If your server does not support SHA1 you can use the provided function.

- - - -
- - - - - - + + + + + +Encryption Class : CodeIgniter User Guide + + + + + + + + + + + + + + + + + + + + + +
+ + + + + +

CodeIgniter User Guide Version 1.7

+
+ + + + + + + + + +
+ + +
+ + + +
+ + +

Encryption Class

+ +

The Encryption Class provides two-way data encryption. It uses a scheme that pre-compiles +the message using a randomly hashed bitwise XOR encoding scheme, which is then encrypted using +the Mcrypt library. If Mcrypt is not available on your server the encoded message will +still provide a reasonable degree of security for encrypted sessions or other such "light" purposes. +If Mcrypt is available, you'll effectively end up with a double-encrypted message string, which should +provide a very high degree of security.

+ + +

Setting your Key

+ +

A key is a piece of information that controls the cryptographic process and permits an encrypted string to be decoded. +In fact, the key you chose will provide the only means to decode data that was encrypted with that key, +so not only must you choose the key carefully, you must never change it if you intend use it for persistent data.

+ +

It goes without saying that you should guard your key carefully. +Should someone gain access to your key, the data will be easily decoded. If your server is not totally under your control +it's impossible to ensure key security so you may want to think carefully before using it for anything +that requires high security, like storing credit card numbers.

+ +

To take maximum advantage of the encryption algorithm, your key should be 32 characters in length (128 bits). +The key should be as random a string as you can concoct, with numbers and uppercase and lowercase letters. +Your key should not be a simple text string. In order to be cryptographically secure it +needs to be as random as possible.

+ +

Your key can be either stored in your application/config/config.php, or you can design your own +storage mechanism and pass the key dynamically when encoding/decoding.

+ +

To save your key to your application/config/config.php, open the file and set:

+$config['encryption_key'] = "YOUR KEY"; + + +

Message Length

+ +

It's important for you to know that the encoded messages the encryption function generates will be approximately 2.6 times longer than the original +message. For example, if you encrypt the string "my super secret data", which is 21 characters in length, you'll end up +with an encoded string that is roughly 55 characters (we say "roughly" because the encoded string length increments in +64 bit clusters, so it's not exactly linear). Keep this information in mind when selecting your data storage mechanism. Cookies, +for example, can only hold 4K of information.

+ + +

Initializing the Class

+ +

Like most other classes in CodeIgniter, the Encryption class is initialized in your controller using the $this->load->library function:

+ +$this->load->library('encrypt'); +

Once loaded, the Encrypt library object will be available using: $this->encrypt

+ + +

$this->encrypt->encode()

+ +

Performs the data encryption and returns it as a string. Example:

+ +$msg = 'My secret message';
+
+$encrypted_string = $this->encrypt->encode($msg); + +

You can optionally pass your encryption key via the second parameter if you don't want to use the one in your config file:

+ + +$msg = 'My secret message';
+$key = 'super-secret-key';
+
+$encrypted_string = $this->encrypt->encode($msg, $key); + + +

$this->encrypt->decode()

+ +

Decrypts an encoded string. Example:

+ + +$encrypted_string = 'APANtByIGI1BpVXZTJgcsAG8GZl8pdwwa84';
+
+$plaintext_string = $this->encrypt->decode($encrypted_string); + + +

$this->encrypt->set_cipher();

+ +

Permits you to set an Mcrypt cipher. By default it uses MCRYPT_RIJNDAEL_256. Example:

+$this->encrypt->set_cipher(MCRYPT_BLOWFISH); +

Please visit php.net for a list of available ciphers.

+ +

If you'd like to manually test whether your server supports Mcrypt you can use:

+echo ( ! function_exists('mcrypt_encrypt')) ? 'Nope' : 'Yup'; + + +

$this->encrypt->set_mode();

+ +

Permits you to set an Mcrypt mode. By default it uses MCRYPT_MODE_ECB. Example:

+$this->encrypt->set_mode(MCRYPT_MODE_CFB); +

Please visit php.net for a list of available modes.

+ + +

$this->encrypt->sha1();

+

SHA1 encoding function. Provide a string and it will return a 160 bit one way hash. Note: SHA1, just like MD5 is non-decodable. Example:

+$hash = $this->encrypt->sha1('Some string'); + +

Many PHP installations have SHA1 support by default so if all you need is to encode a hash it's simpler to use the native +function:

+ +$hash = sha1('Some string'); + +

If your server does not support SHA1 you can use the provided function.

+ + + +
+ + + + + + \ No newline at end of file -- cgit v1.2.3-24-g4f1b