OpenSSL

Extends AbstractAES Implements AesInterface

OpenSSL encryption class

since

4.0.0

package

Application

Methods

__construct

Constructor for this class

__construct() : mixed

Response

mixed

decrypt

Decrypts a string. Returns the raw binary plaintext.

decrypt(string cipherText, string key) : string

$ciphertext MUST start with the IV followed by the ciphertext, even for EBC data (the first block of data is dropped in EBC mode since there is no concept of IV in EBC).

WARNING: The returned plaintext is zero-padded to the algorithm's block size during encryption. You are advised to trim the string to the original plaintext's length upon decryption. While rtrim($decrypted, "\0") sounds appealing it's NOT the correct approach for binary data (zero bytes may actually be part of your plaintext, not just padding!).

Arguments

cipherText

stringThe ciphertext to encrypt

key

stringThe raw binary key (will be zero-padded or chopped if its size is different than the block size)

Response

stringThe raw unencrypted binary string.

encrypt

Encrypts a string. Returns the raw binary ciphertext.

encrypt(string plainText, string key, null|string iv = null) : string

WARNING: The plaintext is zero-padded to the algorithm's block size. You are advised to store the size of the plaintext and trim the string to that length upon decryption.

Arguments

plainText

stringThe plaintext to encrypt

key

stringThe raw binary key (will be zero-padded or chopped if its size is different than the block size)

iv

null|stringThe initialization vector (for CBC mode algorithms)

Response

stringThe raw encrypted binary string.

getBlockSize

Returns the encryption block size in bytes

getBlockSize() : int

Response

int

getZeroPadding

Returns null bytes to append to the string so that it's zero padded to the specified block size

getZeroPadding(string string, int blockSize) : string
inherited

Arguments

string

stringThe binary string which will be zero padded

blockSize

intThe block size

Response

stringThe zero bytes to append to the string to zero pad it to $blockSize

isSupported

Is this adapter supported?

isSupported() : bool

Response

bool

resizeKey

Trims or zero-pads a key / IV

resizeKey(string key, int size) : null|string
inherited

Arguments

key

stringThe key or IV to treat

size

intThe block size of the currently used algorithm

Response

null|stringNull if $key is null, treated string of $size byte length otherwise

setEncryptionMode

Sets the AES encryption mode.

setEncryptionMode(string mode = 'cbc', int strength = 128) : mixed

WARNING: The strength is deprecated as it has a different effect in MCrypt and OpenSSL. MCrypt was abandoned in 2003 before the Rijndael-128 algorithm was officially the Advanced Encryption Standard (AES). MCrypt also offered Rijndael-192 and Rijndael-256 algorithms with different block sizes. These are NOT used in AES. OpenSSL, however, implements AES correctly. It always uses a 128-bit (16 byte) block. The 192 and 256 bit strengths refer to the key size, not the block size. Therefore using different strengths in MCrypt and OpenSSL will result in different and incompatible ciphertexts.

TL;DR: Always use $strength = 128!

Arguments

mode

stringChoose between CBC (recommended) or ECB

strength

intBit strength of the key (128, 192 or 256 bits). DEPRECATED. READ NOTES ABOVE.

Response

mixed

Properties

openSSLOptions

The OpenSSL options for encryption / decryption

Type(s)

int

method

The encryption method to use

Type(s)

string