AesInterface

Interface for AES encryption adapters

since

4.0.0

Methods

decrypt

Decrypts a string. Returns the raw binary plaintext.

decrypt(string $cipherText, string $key) : string

$ciphertext MUST start with the IV followed by the ciphertext, even for EBC data (the first block of data is dropped in EBC mode since there is no concept of IV in EBC).

WARNING: The returned plaintext is zero-padded to the algorithm's block size during encryption. You are advised to trim the string to the original plaintext's length upon decryption. While rtrim($decrypted, "\0") sounds appealing it's NOT the correct approach for binary data (zero bytes may actually be part of your plaintext, not just padding!).

Arguments

$cipherText

stringThe ciphertext to encrypt

$key

stringThe raw binary key (will be zero-padded or chopped if its size is different than the block size)

Response

stringThe raw unencrypted binary string.

encrypt

Encrypts a string. Returns the raw binary ciphertext.

encrypt(string $plainText, string $key, null|string $iv = null) : string

WARNING: The plaintext is zero-padded to the algorithm's block size. You are advised to store the size of the plaintext and trim the string to that length upon decryption.

Arguments

$plainText

stringThe plaintext to encrypt

$key

stringThe raw binary key (will be zero-padded or chopped if its size is different than the block size)

$iv

null|stringThe initialization vector (for CBC mode algorithms)

Response

stringThe raw encrypted binary string.

getBlockSize

Returns the encryption block size in bytes

getBlockSize() : integer

Response

integer

isSupported

Is this adapter supported?

isSupported() : boolean

Response

boolean

setEncryptionMode

Sets the AES encryption mode.

setEncryptionMode(string $mode = 'cbc', integer $strength = 128) : mixed

WARNING: The strength is deprecated as it has a different effect in MCrypt and OpenSSL. MCrypt was abandoned in 2003 before the Rijndael-128 algorithm was officially the Advanced Encryption Standard (AES). MCrypt also offered Rijndael-192 and Rijndael-256 algorithms with different block sizes. These are NOT used in AES. OpenSSL, however, implements AES correctly. It always uses a 128-bit (16 byte) block. The 192 and 256 bit strengths refer to the key size, not the block size. Therefore using different strengths in MCrypt and OpenSSL will result in different and incompatible ciphertexts.

TL;DR: Always use $strength = 128!

Arguments

$mode

stringChoose between CBC (recommended) or ECB

$strength

integerBit strength of the key (128, 192 or 256 bits). DEPRECATED. READ NOTES ABOVE.

Response

mixed