Download the PHP package bereznii/yii2-encrypter without Composer
On this page you can find all versions of the php package bereznii/yii2-encrypter. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.
Download bereznii/yii2-encrypter
More information about bereznii/yii2-encrypter
Files in bereznii/yii2-encrypter
FAQ
Example:
In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
- Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
- To use Composer is sometimes complicated. Especially for beginners.
- Composer needs much resources. Sometimes they are not available on a simple webspace.
- If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
- Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Informations about the package yii2-encrypter
Openssl Encrypter for Yii2
This extension is used for two-way encryption. The cypher method used is AES256.
The main difference from original package is usage of unique initialization vector for each operation. The main purpose is to provide additional level of security by randomization of resulting hash. Also, as it seems from threads on stackoverflow, publicly stored IV is a very bad practice. However, it is needed to decrypt value. Implemented idea is described below.
Step-by-step encryption:
- Passphrase (32 bytes length) is being stored as ENV constant;
- Unique IV is randomly generated for each encryption operation by openssl_random_pseudo_bytes() and is presented as 16 bytes length string;
- Input is encrypted with openssl_encrypt(). Result is encrypted byte-string;
- IV (16 bytes) is prepended in front of byte-string from previous step;
- Concatenated string is encoded with base64_encode() to avoid encoding problems when transferring over a network or storing in a database.
- Result is a securely encrypted and encoded string.
Step-by-step decryption:
- Fully encrypted string is decoded with base64_decode();
- First 16 bytes is retrieved for further decryption process. This is IV;
- Remaining part of string is decrypted with openssl_decrypt() using IV from previous step and passphrase from ENV;
- Result is the initial string.
Installation
The preferred way to install this extension is through composer.
Either run
or add
to the require section of your composer.json file.
Set Up
To use Encrypter component it needs to be registered in Components list of Yii2 Application.
Basic Usage
Component
Encrypter can be used both from web and console.
To encrypt value manually in any part of the application encrypter can be used as follows:
or to decrypt:
Behavior
The extension also comes with a behavior class that can be easily attached to any ActiveRecord Model.
Use the following syntax to attach the behavior.
The behavior will automatically encrypt all the data before saving it on the database and decrypt it after the retrieve.
Keep in mind that the behavior will use the current configuration of the extension for the encryption.
Unit Testing
Original package was built with TDD. However, current package is not covered with unit-tests due to lack of time caused by russian invasion to Ukraine. Hopefully, one day unit tests will be added and package will become more customizable. But until then, it is published for educational purposes only.
Warnings
It is extremely hard (or practically impossible) to decrypt the data without the password, copy of it should be store in secure place to avoid losing all encrypted data.
Two-way encryption should not be used to store passwords: you should use a one-way encryption function like sha1 and a SALT
