Cryptography

Introduction

Solital makes use of OpenSSL and Sodium encryption. If you are using Core >= 4.2, you should find the following variables in your .env file: APP_HASH, FIRST_SECRET and SECOND_SECRET. The APP_HASH variable is the main variable used by Solital, but if this variable is not available, the other two can be used instead.

Encrypt

To create an encrypted key, use the Hash class together with the static encrypt function as shown below:

use Solital\Core\Security\Hash;

$res = Hash::encrypt('word_to_encrypt');

pre($res);

You can define how long this key will be valid. It can be 1 second, 1 hour or 1 year. by default the value is +1 hour.

use Solital\Core\Security\Hash;

$res = Hash::encrypt('word_to_encrypt', '+1 month');

pre($res);

Decrypt

If you want to decrypt, use the decrypt function chained with the value method.

use Solital\Core\Security\Hash;

$res = Hash::decrypt('word_to_decrypt')->value();

pre($res);

Check value

If you want to check if the encrypted key is still valid, use isValid. If you want to verify that the encrypted key is still valid, use isValid. the isValid method will returntrue if it is still valid, and false if it is already expired

use Solital\Core\Security\Hash;

$res = Hash::decrypt('word_to_decrypt')->isValid();

pre($res);

Changing the encryption type

Solital uses OpenSSL and Sodium to perform value encryption. To change the encryption, change the crypt value in the bootstrap.yaml file.

crypt: sodium

Sodium encryption (Core <= 4.4)

Solital supports Sodium encryption. To enable, make sure that libsodium is installed in your development environment. You can use the Hash::checkSodium() method to check if libsodium is installed.

Generating a sodium key

First, you need to generate a sodium key. This key is automatically renewed with each new request, so it can be stored in a database, in the session or in another type of storage.

use Solital\Core\Security\Hash;

$key = Hash::getSodiumKey();

Encrypting and decrypting with Sodium

Use the Hash::sodiumCrypt() (to encrypt), and Hash::sodiumDecrypt() (to decrypt) methods. Remember to use the key generated using the Hash::getSodiumKey() method.

use Solital\Core\Security\Hash;

$key = Hash::getSodiumKey();

# Crypt
$encoded = Hash::sodiumCrypt("HashTest!", $key);
pre($encoded);

# Decrypt
$decoded = Hash::sodiumDecrypt($encoded, $key);
pre($decoded);

What to see next?


Built with MkDocs.