From 42183de45621e09621399ee161135f995af552ff Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Sun, 22 Jun 2014 00:09:36 +0300 Subject: Add CI_Encryption::create_key() This was planned, we somehow forgot about it. :) --- user_guide_src/source/libraries/encryption.rst | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) (limited to 'user_guide_src/source') diff --git a/user_guide_src/source/libraries/encryption.rst b/user_guide_src/source/libraries/encryption.rst index 28aa57302..1353c4ed0 100644 --- a/user_guide_src/source/libraries/encryption.rst +++ b/user_guide_src/source/libraries/encryption.rst @@ -84,14 +84,19 @@ your server is not totally under your control it's impossible to ensure key security so you may want to think carefully before using it for anything that requires high security, like storing credit card numbers. -Your encryption key should be as long as the encyption algorithm in use -allows. For AES-128, that's 128 bits or 16 bytes (charcters) long. The -key should be as random as possible and it should **not** be a simple -text string. - +Your encryption key **must** be as long as the encyption algorithm in use +allows. For AES-128, that's 128 bits or 16 bytes (charcters) long. You will find a table below that shows the supported key lengths of different ciphers. +The key should be as random as possible and it **must not** be a regular +text string, nor the output of a hashing function, etc. In order to create +a proper key, you must use the Encryption library's ``create_key()`` method +:: + + // $key will be assigned a 16-byte (128-bit) random key + $key = $this->encryption->create_key(16); + The key can be either stored in your *application/config/config.php*, or you can design your own storage mechanism and pass the key dynamically when encrypting/decrypting. -- cgit v1.2.3-24-g4f1b