Gitiles
Code Review Sign In
www.giggi.me / code-igniter-v3-giggi / 42183de45621e09621399ee161135f995af552ff^! / .
commit42183de45621e09621399ee161135f995af552ff[log] [tgz]
authorAndrey Andreev <narf@devilix.net>Sun Jun 22 00:09:36 2014 +0300
committerAndrey Andreev <narf@devilix.net>Sun Jun 22 00:09:36 2014 +0300
tree740dfbc685d8780929684547c6e7e4ac2913ed7c
parent4191be3d3be76909253158a6cd35fbf3a89cfb5f [diff]
Add CI_Encryption::create_key()

This was planned, we somehow forgot about it. :)

diff --git a/system/libraries/Encryption.php b/system/libraries/Encryption.php
index d6ffc9b..aa91cd3 100644
--- a/system/libraries/Encryption.php
+++ b/system/libraries/Encryption.php

@@ -310,6 +310,21 @@
 	// --------------------------------------------------------------------
 
 	/**
+	 * Create a random key
+	 *
+	 * @param	int	$length	Output length
+	 * @return	string
+	 */
+	public function create_key($length)
+	{
+		return ($this->_driver === 'mcrypt')
+			? mcrypt_create_iv($length, MCRYPT_DEV_URANDOM)
+			: openssl_random_pseudo_bytes($length);
+	}
+
+	// --------------------------------------------------------------------
+
+	/**
 	 * Encrypt
 	 *
 	 * @param	string	$data	Input data

diff --git a/user_guide_src/source/libraries/encryption.rst b/user_guide_src/source/libraries/encryption.rst
index 28aa573..1353c4e 100644
--- a/user_guide_src/source/libraries/encryption.rst
+++ b/user_guide_src/source/libraries/encryption.rst

@@ -84,14 +84,19 @@
 key security so you may want to think carefully before using it for
 anything that requires high security, like storing credit card numbers.
 
-Your encryption key should be as long as the encyption algorithm in use
-allows. For AES-128, that's 128 bits or 16 bytes (charcters) long. The
-key should be as random as possible and it should **not** be a simple
-text string.
-
+Your encryption key **must** be as long as the encyption algorithm in use
+allows. For AES-128, that's 128 bits or 16 bytes (charcters) long.
 You will find a table below that shows the supported key lengths of
 different ciphers.
 
+The key should be as random as possible and it **must not** be a regular
+text string, nor the output of a hashing function, etc. In order to create
+a proper key, you must use the Encryption library's ``create_key()`` method
+::
+
+	// $key will be assigned a 16-byte (128-bit) random key
+	$key = $this->encryption->create_key(16);
+
 The key can be either stored in your *application/config/config.php*, or
 you can design your own storage mechanism and pass the key dynamically
 when encrypting/decrypting.