fCryptographystatic classv1.0.0b11
Provides cryptography functionality, including hashing, symmetric-key encryption and public-key encryption
| 1.0.0b11 | Updated class to use fCore::startErrorCapture() instead of error_reporting() 8/9/10 |
|---|---|
| 1.0.0b10 | Added a missing parameter to an fProgrammerException in randomString() 7/29/10 |
| 1.0.0b9 | Added hashHMAC() 4/20/10 |
| 1.0.0b8 | Fixed seedRandom() to pass a directory instead of a file to disk_free_space() 3/9/10 |
| 1.0.0b7 | SECURITY FIX: fixed issue with random() and randomString() not producing random output on OSX, made seedRandom() more robust 10/6/09 |
| 1.0.0b6 | Changed symmetricKeyEncrypt() to throw an fValidationException when the $secret_key is less than 8 characters 9/30/09 |
| 1.0.0b5 | Fixed a bug where some windows machines would throw an exception when generating random strings or numbers 6/9/09 |
| 1.0.0b4 | Updated for new fCore API 2/16/09 |
| 1.0.0b3 | Changed @ error suppression operator to error_reporting() calls 1/26/09 |
| 1.0.0b2 | Backwards compatibility break - changed symmetricKeyEncrypt() to not encrypt the IV since we are using HMAC on it 1/26/09 |
| 1.0.0b | The initial implementation 11/27/07 |
Static Methods
::checkPasswordHash() public
Checks a password against a hash created with hashPassword()
Signature
boolean checkPasswordHash( string $password, string $hash )
Parameters
| string | $password | The password to check |
| string | $hash | The hash to check against |
Returns
If the password matches the hash
::hashHMAC() internal public
Please note: this method is public, however it is primarily intended for internal use by Flourish and will normally not be useful in site/application code
Provides a pure PHP implementation of hash_hmac() for when the hash extension is not installed
Signature
string hashHMAC( string $algorithm, string $data, string $key )
Parameters
| string | $algorithm | The hashing algorithm to use: 'md5' or 'sha1' |
| string | $data | The data to create an HMAC for |
| string | $key | The key to generate the HMAC with |
Returns
The HMAC
::hashPassword() public
Hashes a password using a loop of sha1 hashes and a salt, making rainbow table attacks infeasible
Signature
string hashPassword( string $password )
Parameters
| string | $password | The password to hash |
Returns
An 80 character string of the Flourish fingerprint, salt and hashed password
::publicKeyDecrypt() public
Decrypts ciphertext encrypted using public-key encryption via publicKeyEncrypt()
A public key (X.509 certificate) is required for encryption and a private key (PEM) is required for decryption.
Signature
string publicKeyDecrypt( string $ciphertext, string $private_key_file, string $password )
Parameters
| string | $ciphertext | The content to be decrypted |
| string | $private_key_file | The path to a PEM-encoded private key |
| string | $password | The password for the private key |
Returns
The decrypted plaintext
Throws
- fValidationException
- When the ciphertext appears to be corrupted
::publicKeyEncrypt() public
Encrypts the passed data using public key encryption via OpenSSL
A public key (X.509 certificate) is required for encryption and a private key (PEM) is required for decryption.
Signature
string publicKeyEncrypt( string $plaintext, string $public_key_file )
Parameters
| string | $plaintext | The content to be encrypted |
| string | $public_key_file | The path to an X.509 public key certificate |
Returns
A base-64 encoded result containing a Flourish fingerprint and suitable for decryption using publicKeyDecrypt()
::publicKeySign() public
Creates a signature for plaintext to allow verification of the creator
A private key (PEM) is required for signing and a public key (X.509 certificate) is required for verification.
Signature
string publicKeySign( string $plaintext, string $private_key_file, string $password )
Parameters
| string | $plaintext | The content to be signed |
| string | $private_key_file | The path to a PEM-encoded private key |
| string | $password | The password for the private key |
Returns
The base64-encoded signature suitable for verification using publicKeyVerify()
Throws
- fValidationException
- When the private key is invalid
::publicKeyVerify() public
Checks a signature for plaintext to verify the creator - works with publicKeySign()
A private key (PEM) is required for signing and a public key (X.509 certificate) is required for verification.
Signature
boolean publicKeyVerify( string $plaintext, string $signature, string $public_key_file )
Parameters
| string | $plaintext | The content to check |
| string | $signature | The base64-encoded signature for the plaintext |
| string | $public_key_file | The path to an X.509 public key certificate |
Returns
If the public key file is the public key of the user who signed the plaintext
::random() public
Generates a random number using mt_rand() after ensuring a good PRNG seed
Signature
integer random( integer $min=NULL, integer $max=NULL )
Parameters
| integer | $min | The minimum number to return |
| integer | $max | The maximum number to return |
Returns
The psuedo-random number
::randomString() public
Returns a random string of the type and length specified
Signature
string randomString( integer $length, string $type='alphanumeric' )
Parameters
| integer | $length | The length of string to return |
| string | $type | The type of string to return: 'alphanumeric', 'alpha', 'numeric', or 'hexadecimal' |
Returns
A random string of the type and length specified
::symmetricKeyDecrypt() public
Decrypts ciphertext encrypted using symmetric-key encryption via symmetricKeyEncrypt()
Since this is symmetric-key cryptography, the same key is used for encryption and decryption.
Signature
string symmetricKeyDecrypt( string $ciphertext, string $secret_key )
Parameters
| string | $ciphertext | The content to be decrypted |
| string | $secret_key | The secret key to use for decryption |
Returns
The decrypted plaintext
Throws
- fValidationException
- When the ciphertext appears to be corrupted
::symmetricKeyEncrypt() public
Encrypts the passed data using symmetric-key encryption
Since this is symmetric-key cryptography, the same key is used for encryption and decryption.
Signature
string symmetricKeyEncrypt( string $plaintext, string $secret_key )
Parameters
| string | $plaintext | The content to be encrypted |
| string | $secret_key | The secret key to use for encryption - must be at least 8 characters |
Returns
An encrypted and base-64 encoded result containing a Flourish fingerprint and suitable for decryption using symmetricKeyDecrypt()
Throws
- fValidationException
- When the $secret_key is less than 8 characters long
