From 09c7793b23ae77c54e25d12b63d8ca9c9232efeb Mon Sep 17 00:00:00 2001
From: Derek Jones
Note: If your application does not use the Encryption library, does not store Encrypted data permanently, or is on an environment that does not support Mcrypt, you may skip this step.
+ +The Encryption library has had a number of improvements, some for encryption strength and some for performance, that has an unavoidable consequence of + making it no longer possible to decode encrypted data produced by the original version of this library. To help with the transition, a new method has + been added, encode_from_legacy() that will decode the data with the original algorithm and return a re-encoded string using the improved methods. + This will enable you to easily replace stale encrypted data with fresh in your applications, either on the fly or en masse.
+ +Please read how to use this method in the Encryption library documentation.
+ + + +Please replace your local copy of the user guide with the new version, including the image files.
diff --git a/user_guide/libraries/encryption.html b/user_guide/libraries/encryption.html index dac1db911..fbffd63c6 100644 --- a/user_guide/libraries/encryption.html +++ b/user_guide/libraries/encryption.html @@ -58,12 +58,11 @@ Encryption ClassThe Encryption Class provides two-way data encryption. It uses a scheme that pre-compiles -the message using a randomly hashed bitwise XOR encoding scheme, which is then encrypted using +
The Encryption Class provides two-way data encryption. It uses a scheme that either compiles +the message using a randomly hashed bitwise XOR encoding scheme, or is encrypted using the Mcrypt library. If Mcrypt is not available on your server the encoded message will still provide a reasonable degree of security for encrypted sessions or other such "light" purposes. -If Mcrypt is available, you'll effectively end up with a double-encrypted message string, which should -provide a very high degree of security.
+If Mcrypt is available, you'll be provided with a high degree of security appropriate for storage.Permits you to set an Mcrypt mode. By default it uses MCRYPT_MODE_ECB. Example:
+Permits you to set an Mcrypt mode. By default it uses MCRYPT_MODE_CBC. Example:
$this->encrypt->set_mode(MCRYPT_MODE_CFB);
Please visit php.net for a list of available modes.
@@ -169,7 +168,42 @@ function:If your server does not support SHA1 you can use the provided function.
+Enables you to re-encode data that was originally encrypted with CodeIgniter 1.x to be compatible with the Encryption library in CodeIgniter 2.x. It is only + necessary to use this method if you have encrypted data stored permanently such as in a file or database and are on a server that supports Mcrypt. "Light" use encryption + such as encrypted session data or transitory encrypted flashdata require no intervention on your part. However, existing encrypted Sessions will be + destroyed since data encrypted prior to 2.x will not be decoded.
+Why only a method to re-encode the data instead of maintaining legacy methods for both encoding and decoding? The algorithms in + the Encryption library have improved in CodeIgniter 2.x both for performance and security, and we do not wish to encourage continued use of the older methods. + You can of course extend the Encryption library if you wish and replace the new methods with the old and retain seamless compatibility with CodeIgniter 1.x + encrypted data, but this a decision that a developer should make cautiously and deliberately, if at all.
+ +$new_data = $this->encrypt->encode_from_legacy($old_encrypted_string);
+
+Parameter | +Default | +Description | +
---|---|---|
$orig_data | +n/a | +The original encrypted data from CodeIgniter 1.x's Encryption library | +
$legacy_mode | +MCRYPT_MODE_ECB | +The Mcrypt mode that was used to generate the original encrypted data. CodeIgniter 1.x's default was MCRYPT_MODE_ECB, and it will + assume that to be the case unless overridden by this parameter. | +
$key | +n/a | +The encryption key. This it typically specified in your config file as outlined above. | +