defuse/php-encryption
Secure, hard-to-misuse PHP encryption library for encrypting data with keys or passwords. Requires PHP 5.6+ and OpenSSL 1.0.1+. Simple API inspired by libsodium, built to avoid common crypto mistakes.
With version 2.0.0 of this library came major changes to the ciphertext format, algorithms used for encryption, and API.
In version 1.2, keys were represented by 16-byte string variables. In version
2.0.0, keys are represented by objects, instances of the Key class. This
change was made in order to make it harder to misuse the API. For example, in
version 1.2, you could pass in any 16-byte string, but in version 2.0.0 you
need a Key object, which you can only get if you're "doing the right thing."
This means that for all of your old version 1.2 keys, you'll have to:
Use the special Crypto::legacyDecrypt() method to decrypt the old ciphertexts
using the old key and then re-encrypt them using Crypto::encrypt() with the
new key. Your code will look something like the following. To avoid data loss,
securely back up your keys and data before running your upgrade code.
<?php
// ...
$legacy_ciphertext = // ... get the ciphertext you want to upgrade ...
$legacy_key = // ... get the key to decrypt this ciphertext ...
// Generate the new key that we'll re-encrypt the ciphertext with.
$new_key = Key::createNewRandomKey();
// ... save it somewhere ...
// Decrypt it.
try {
$plaintext = Crypto::legacyDecrypt($legacy_ciphertext, $legacy_key);
} catch (Defuse\Crypto\Exception\WrongKeyOrModifiedCiphertextException $ex)
{
// ... TODO: handle this case appropriately ...
}
// Re-encrypt it.
$new_ciphertext = Crypto::encrypt($plaintext, $new_key);
// ... replace the old $legacy_ciphertext with the new $new_ciphertext
// ...
How can I help you explore Laravel packages today?