OpenSSL

Extends \Joomla\CMS\Encrypt\AES\AbstractAES Implements \Joomla\CMS\Encrypt\AES\AesInterface

OpenSSL encryption class

since

4.0.0

Methods

__construct

Constructor for this class

__construct() 

decrypt

Decrypts a string. Returns the raw binary plaintext.

decrypt(string $cipherText, string $key) : string

$ciphertext MUST start with the IV followed by the ciphertext, even for EBC data (the first block of data is dropped in EBC mode since there is no concept of IV in EBC).

WARNING: The returned plaintext is zero-padded to the algorithm's block size during encryption. You are advised to trim the string to the original plaintext's length upon decryption. While rtrim($decrypted, "\0") sounds appealing it's NOT the correct approach for binary data (zero bytes may actually be part of your plaintext, not just padding!).

Arguments

$cipherText

stringThe ciphertext to encrypt

$key

stringThe raw binary key (will be zero-padded or chopped if its size is different than the block size)

Response

stringThe raw unencrypted binary string.

encrypt

Encrypts a string. Returns the raw binary ciphertext.

encrypt(string $plainText, string $key, null|string $iv = null) : string

WARNING: The plaintext is zero-padded to the algorithm's block size. You are advised to store the size of the plaintext and trim the string to that length upon decryption.

Arguments

$plainText

stringThe plaintext to encrypt

$key

stringThe raw binary key (will be zero-padded or chopped if its size is different than the block size)

$iv

null|stringThe initialization vector (for CBC mode algorithms)

Response

stringThe raw encrypted binary string.

getBlockSize

Returns the encryption block size in bytes

getBlockSize() : integer

Response

integer

getZeroPadding

Returns null bytes to append to the string so that it's zero padded to the specified block size

getZeroPadding(string $string, integer $blockSize) : string
inherited

Arguments

$string

stringThe binary string which will be zero padded

$blockSize

integerThe block size

Response

stringThe zero bytes to append to the string to zero pad it to $blockSize

isSupported

Is this adapter supported?

isSupported() : boolean

Response

boolean

resizeKey

Trims or zero-pads a key / IV

resizeKey(string $key, integer $size) : null|string
inherited

Arguments

$key

stringThe key or IV to treat

$size

integerThe block size of the currently used algorithm

Response

null|stringNull if $key is null, treated string of $size byte length otherwise

setEncryptionMode

Sets the AES encryption mode.

setEncryptionMode(string $mode = 'cbc', integer $strength = 128) : mixed

WARNING: The strength is deprecated as it has a different effect in MCrypt and OpenSSL. MCrypt was abandoned in 2003 before the Rijndael-128 algorithm was officially the Advanced Encryption Standard (AES). MCrypt also offered Rijndael-192 and Rijndael-256 algorithms with different block sizes. These are NOT used in AES. OpenSSL, however, implements AES correctly. It always uses a 128-bit (16 byte) block. The 192 and 256 bit strengths refer to the key size, not the block size. Therefore using different strengths in MCrypt and OpenSSL will result in different and incompatible ciphertexts.

TL;DR: Always use $strength = 128!

Arguments

$mode

stringChoose between CBC (recommended) or ECB

$strength

integerBit strength of the key (128, 192 or 256 bits). DEPRECATED. READ NOTES ABOVE.

Response

mixed

Properties

openSSLOptions

The OpenSSL options for encryption / decryption

Type(s)

integer

method

The encryption method to use

Type(s)

string