Provides cryptography functionality, including hashing, symmetric-key encryption and public-key encryption
1.0.0b14 | Added the base36, base56 and custom types to randomString() 8/25/11 |
---|---|
1.0.0b13 | Updated documentation about symmetric-key encryption to explicitly state block and key sizes, added base64 type to randomString() 11/6/10 |
1.0.0b12 | Fixed an inline comment that incorrectly references AES-256 11/4/10 |
1.0.0b11 | Updated class to use fCore::startErrorCapture() instead of error_reporting() 8/9/10 |
1.0.0b10 | Added a missing parameter to an fProgrammerException in randomString() 7/29/10 |
1.0.0b9 | Added hashHMAC() 4/20/10 |
1.0.0b8 | Fixed seedRandom() to pass a directory instead of a file to disk_free_space() 3/9/10 |
1.0.0b7 | SECURITY FIX: fixed issue with random() and randomString() not producing random output on OSX, made seedRandom() more robust 10/6/09 |
1.0.0b6 | Changed symmetricKeyEncrypt() to throw an fValidationException when the $secret_key is less than 8 characters 9/30/09 |
1.0.0b5 | Fixed a bug where some windows machines would throw an exception when generating random strings or numbers 6/9/09 |
1.0.0b4 | Updated for new fCore API 2/16/09 |
1.0.0b3 | Changed @ error suppression operator to error_reporting() calls 1/26/09 |
1.0.0b2 | Backwards compatibility break - changed symmetricKeyEncrypt() to not encrypt the IV since we are using HMAC on it 1/26/09 |
1.0.0b | The initial implementation 11/27/07 |
Checks a password against a hash created with hashPassword()
boolean checkPasswordHash( string $password, string $hash )
string | $password | The password to check |
string | $hash | The hash to check against |
If the password matches the hash
Please note: this method is public, however it is primarily intended for internal use by Flourish and will normally not be useful in site/application code
Provides a pure PHP implementation of hash_hmac() for when the hash extension is not installed
string hashHMAC( string $algorithm, string $data, string $key )
string | $algorithm | The hashing algorithm to use: 'md5' or 'sha1' |
string | $data | The data to create an HMAC for |
string | $key | The key to generate the HMAC with |
The HMAC
Hashes a password using a loop of sha1 hashes and a salt, making rainbow table attacks infeasible
string hashPassword( string $password )
string | $password | The password to hash |
An 80 character string of the Flourish fingerprint, salt and hashed password
Decrypts ciphertext encrypted using public-key encryption via publicKeyEncrypt()
A public key (X.509 certificate) is required for encryption and a private key (PEM) is required for decryption.
string publicKeyDecrypt( string $ciphertext, string $private_key_file, string $password )
string | $ciphertext | The content to be decrypted |
string | $private_key_file | The path to a PEM-encoded private key |
string | $password | The password for the private key |
The decrypted plaintext
Encrypts the passed data using public key encryption via OpenSSL
A public key (X.509 certificate) is required for encryption and a private key (PEM) is required for decryption.
string publicKeyEncrypt( string $plaintext, string $public_key_file )
string | $plaintext | The content to be encrypted |
string | $public_key_file | The path to an X.509 public key certificate |
A base-64 encoded result containing a Flourish fingerprint and suitable for decryption using publicKeyDecrypt()
Creates a signature for plaintext to allow verification of the creator
A private key (PEM) is required for signing and a public key (X.509 certificate) is required for verification.
string publicKeySign( string $plaintext, string $private_key_file, string $password )
string | $plaintext | The content to be signed |
string | $private_key_file | The path to a PEM-encoded private key |
string | $password | The password for the private key |
The base64-encoded signature suitable for verification using publicKeyVerify()
Checks a signature for plaintext to verify the creator - works with publicKeySign()
A private key (PEM) is required for signing and a public key (X.509 certificate) is required for verification.
boolean publicKeyVerify( string $plaintext, string $signature, string $public_key_file )
string | $plaintext | The content to check |
string | $signature | The base64-encoded signature for the plaintext |
string | $public_key_file | The path to an X.509 public key certificate |
If the public key file is the public key of the user who signed the plaintext
Generates a random number using mt_rand() after ensuring a good PRNG seed
integer random( integer $min=NULL, integer $max=NULL )
integer | $min | The minimum number to return |
integer | $max | The maximum number to return |
The psuedo-random number
Returns a random string of the type and length specified
string randomString( integer $length, string $type='alphanumeric' )
integer | $length | The length of string to return |
string | $type | The type of string to return: 'base64', 'base56', 'base36', 'alphanumeric', 'alpha', 'numeric', or 'hexadecimal', if a different string is provided, it will be used for the alphabet |
A random string of the type and length specified
Decrypts ciphertext encrypted using symmetric-key encryption via symmetricKeyEncrypt()
Since this is symmetric-key cryptography, the same key is used for encryption and decryption.
string symmetricKeyDecrypt( string $ciphertext, string $secret_key )
string | $ciphertext | The content to be decrypted |
string | $secret_key | The secret key to use for decryption |
The decrypted plaintext
Encrypts the passed data using symmetric-key encryption
Since this is symmetric-key cryptography, the same key is used for encryption and decryption.
string symmetricKeyEncrypt( string $plaintext, string $secret_key )
string | $plaintext | The content to be encrypted |
string | $secret_key | The secret key to use for encryption - must be at least 8 characters |
An encrypted and base-64 encoded result containing a Flourish fingerprint and suitable for decryption using symmetricKeyDecrypt()