blob: b16511d4d3b2eddd7a94035627e3da4b2f3bf220 [file] [log] [blame]
Andrey Andreev4b450652014-02-10 06:59:54 +02001##################
2Encryption Library
3##################
4
Andrey Andreev4fa5c4d2015-03-11 18:57:00 +02005.. important:: DO NOT use this or any other *encryption* library for
6 user password storage! Passwords must be *hashed* instead, and you
7 should do that via PHP's own `Password Hashing extension
8 <http://php.net/password>`_.
9
Andrey Andreev4b450652014-02-10 06:59:54 +020010The Encryption Library provides two-way data encryption. To do so in
11a cryptographically secure way, it utilizes PHP extensions that are
12unfortunately not always available on all systems.
Andrey Andreev5b3fe7c2014-07-07 10:55:53 +030013You must meet one of the following dependencies in order to use this
Andrey Andreev4b450652014-02-10 06:59:54 +020014library:
15
Andrey Andreeva8382792016-07-28 16:40:12 +030016- `OpenSSL <http://php.net/openssl>`_
Andrey Andreev4b450652014-02-10 06:59:54 +020017- `MCrypt <http://php.net/mcrypt>`_ (and `MCRYPT_DEV_URANDOM` availability)
18
Andrey Andreev5b3fe7c2014-07-07 10:55:53 +030019If neither of the above dependencies is met, we simply cannot offer
Andrey Andreev4b450652014-02-10 06:59:54 +020020you a good enough implementation to meet the high standards required
21for proper cryptography.
22
23.. contents::
24 :local:
25
26.. raw:: html
27
28 <div class="custom-index container"></div>
29
30****************************
31Using the Encryption Library
32****************************
33
34Initializing the Class
35======================
36
37Like most other classes in CodeIgniter, the Encryption library is
38initialized in your controller using the ``$this->load->library()``
39method::
40
Kakysha8fe7b622014-04-19 18:01:04 +040041 $this->load->library('encryption');
Andrey Andreev4b450652014-02-10 06:59:54 +020042
43Once loaded, the Encryption library object will be available using::
44
Kakysha8fe7b622014-04-19 18:01:04 +040045 $this->encryption
Andrey Andreev4b450652014-02-10 06:59:54 +020046
47Default behavior
48================
49
50By default, the Encryption Library will use the AES-128 cipher in CBC
51mode, using your configured *encryption_key* and SHA512 HMAC authentication.
52
53.. note:: AES-128 is chosen both because it is proven to be strong and
54 because of its wide availability across different cryptographic
55 software and programming languages' APIs.
56
57However, the *encryption_key* is not used as is.
58
59If you are somewhat familiar with cryptography, you should already know
60that a HMAC also requires a secret key and using the same key for both
61encryption and authentication is a bad practice.
62
63Because of that, two separate keys are derived from your already configured
64*encryption_key*: one for encryption and one for authentication. This is
65done via a technique called `HMAC-based Key Derivation Function
66<http://en.wikipedia.org/wiki/HKDF>`_ (HKDF).
67
68Setting your encryption_key
69===========================
70
71An *encryption key* is a piece of information that controls the
72cryptographic process and permits a plain-text string to be encrypted,
73and afterwards - decrypted. It is the secret "ingredient" in the whole
74process that allows you to be the only one who is able to decrypt data
75that you've decided to hide from the eyes of the public.
76After one key is used to encrypt data, that same key provides the **only**
77means to decrypt it, so not only must you chose one carefully, but you
Andrey Andreevec6a4032015-08-15 08:58:46 +030078must not lose it or you will also lose access to the data.
Andrey Andreev4b450652014-02-10 06:59:54 +020079
80It must be noted that to ensure maximum security, such key *should* not
81only be as strong as possible, but also often changed. Such behavior
82however is rarely practical or possible to implement, and that is why
83CodeIgniter gives you the ability to configure a single key that is to be
84used (almost) every time.
85
86It goes without saying that you should guard your key carefully. Should
87someone gain access to your key, the data will be easily decrypted. If
88your server is not totally under your control it's impossible to ensure
89key security so you may want to think carefully before using it for
90anything that requires high security, like storing credit card numbers.
91
Andrey Andreev42183de2014-06-22 00:09:36 +030092Your encryption key **must** be as long as the encyption algorithm in use
93allows. For AES-128, that's 128 bits or 16 bytes (charcters) long.
Andrey Andreev4b450652014-02-10 06:59:54 +020094You will find a table below that shows the supported key lengths of
95different ciphers.
96
Andrey Andreev42183de2014-06-22 00:09:36 +030097The key should be as random as possible and it **must not** be a regular
98text string, nor the output of a hashing function, etc. In order to create
99a proper key, you must use the Encryption library's ``create_key()`` method
100::
101
102 // $key will be assigned a 16-byte (128-bit) random key
103 $key = $this->encryption->create_key(16);
104
Andrey Andreev4b450652014-02-10 06:59:54 +0200105The key can be either stored in your *application/config/config.php*, or
106you can design your own storage mechanism and pass the key dynamically
107when encrypting/decrypting.
108
109To save your key to your *application/config/config.php*, open the file
110and set::
111
112 $config['encryption_key'] = 'YOUR KEY';
113
Andrey Andreeve7a30962015-03-08 22:15:57 +0200114You'll notice that the ``create_key()`` method outputs binary data, which
115is hard to deal with (i.e. a copy-paste may damage it), so you may use
116``bin2hex()``, ``hex2bin()`` or Base64-encoding to work with the key in
117a more friendly manner. For example::
118
119 // Get a hex-encoded representation of the key:
120 $key = bin2hex($this->encryption->create_key(16));
121
122 // Put the same value in your config with hex2bin(),
123 // so that it is still passed as binary to the library:
124 $config['encryption_key'] = hex2bin(<your hex-encoded key>);
125
Andrey Andreev4b450652014-02-10 06:59:54 +0200126.. _ciphers-and-modes:
127
128Supported encryption ciphers and modes
129======================================
130
131.. note:: The terms 'cipher' and 'encryption algorithm' are interchangeable.
132
133Portable ciphers
134----------------
135
136Because MCrypt and OpenSSL (also called drivers throughout this document)
137each support different sets of encryption algorithms and often implement
138them in different ways, our Encryption library is designed to use them in
139a portable fashion, or in other words - it enables you to use them
140interchangeably, at least for the ciphers supported by both drivers.
141
142It is also implemented in a way that aims to match the standard
143implementations in other programming languages and libraries.
144
145Here's a list of the so called "portable" ciphers, where
146"CodeIgniter name" is the string value that you'd have to pass to the
147Encryption library to use that cipher:
148
149======================== ================== ============================ ===============================
150Cipher name CodeIgniter name Key lengths (bits / bytes) Supported modes
151======================== ================== ============================ ===============================
152AES-128 / Rijndael-128 aes-128 128 / 16 CBC, CTR, CFB, CFB8, OFB, ECB
153AES-192 aes-192 192 / 24 CBC, CTR, CFB, CFB8, OFB, ECB
154AES-256 aes-256 256 / 32 CBC, CTR, CFB, CFB8, OFB, ECB
155DES des 56 / 7 CBC, CFB, CFB8, OFB, ECB
156TripleDES tripledes 56 / 7, 112 / 14, 168 / 21 CBC, CFB, CFB8, OFB
157Blowfish blowfish 128-448 / 16-56 CBC, CFB, OFB, ECB
Andrey Andreev18767e32014-03-04 22:21:35 +0200158CAST5 / CAST-128 cast5 88-128 / 11-16 CBC, CFB, OFB, ECB
Andrey Andreev4b450652014-02-10 06:59:54 +0200159RC4 / ARCFour rc4 40-2048 / 5-256 Stream
160======================== ================== ============================ ===============================
161
162.. important:: Because of how MCrypt works, if you fail to provide a key
163 with the appropriate length, you might end up using a different
164 algorithm than the one configured, so be really careful with that!
165
166.. note:: In case it isn't clear from the above table, Blowfish, CAST5
167 and RC4 support variable length keys. That is, any number in the
168 shown ranges is valid, although in bit terms that only happens
169 in 8-bit increments.
170
171.. note:: Even though CAST5 supports key lengths lower than 128 bits
172 (16 bytes), in fact they will just be zero-padded to the
173 maximum length, as specified in `RFC 2144
174 <http://tools.ietf.org/rfc/rfc2144.txt>`_.
175
176.. note:: Blowfish supports key lengths as small as 32 bits (4 bytes), but
177 our tests have shown that only lengths of 128 bits (16 bytes) or
178 higher are properly supported by both MCrypt and OpenSSL. It is
179 also a bad practice to use such low-length keys anyway.
180
181Driver-specific ciphers
182-----------------------
183
184As noted above, MCrypt and OpenSSL support different sets of encryption
185ciphers. For portability reasons and because we haven't tested them
186properly, we do not advise you to use the ones that are driver-specific,
187but regardless, here's a list of most of them:
188
189
190============== ========= ============================== =========================================
191Cipher name Driver Key lengths (bits / bytes) Supported modes
192============== ========= ============================== =========================================
Andrey Andreevab9971f2014-07-02 19:09:08 +0300193AES-128 OpenSSL 128 / 16 CBC, CTR, CFB, CFB8, OFB, ECB, XTS
194AES-192 OpenSSL 192 / 24 CBC, CTR, CFB, CFB8, OFB, ECB, XTS
195AES-256 OpenSSL 256 / 32 CBC, CTR, CFB, CFB8, OFB, ECB, XTS
Andrey Andreev4b450652014-02-10 06:59:54 +0200196Rijndael-128 MCrypt 128 / 16, 192 / 24, 256 / 32 CBC, CTR, CFB, CFB8, OFB, OFB8, ECB
197Rijndael-192 MCrypt 128 / 16, 192 / 24, 256 / 32 CBC, CTR, CFB, CFB8, OFB, OFB8, ECB
198Rijndael-256 MCrypt 128 / 16, 192 / 24, 256 / 32 CBC, CTR, CFB, CFB8, OFB, OFB8, ECB
199GOST MCrypt 256 / 32 CBC, CTR, CFB, CFB8, OFB, OFB8, ECB
200Twofish MCrypt 128 / 16, 192 / 24, 256 / 32 CBC, CTR, CFB, CFB8, OFB, OFB8, ECB
Andrey Andreev18767e32014-03-04 22:21:35 +0200201CAST-128 MCrypt 40-128 / 5-16 CBC, CTR, CFB, CFB8, OFB, OFB8, ECB
Andrey Andreev4b450652014-02-10 06:59:54 +0200202CAST-256 MCrypt 128 / 16, 192 / 24, 256 / 32 CBC, CTR, CFB, CFB8, OFB, OFB8, ECB
203Loki97 MCrypt 128 / 16, 192 / 24, 256 / 32 CBC, CTR, CFB, CFB8, OFB, OFB8, ECB
204SaferPlus MCrypt 128 / 16, 192 / 24, 256 / 32 CBC, CTR, CFB, CFB8, OFB, OFB8, ECB
205Serpent MCrypt 128 / 16, 192 / 24, 256 / 32 CBC, CTR, CFB, CFB8, OFB, OFB8, ECB
206XTEA MCrypt 128 / 16 CBC, CTR, CFB, CFB8, OFB, OFB8, ECB
207RC2 MCrypt 8-1024 / 1-128 CBC, CTR, CFB, CFB8, OFB, OFB8, ECB
208RC2 OpenSSL 8-1024 / 1-128 CBC, CFB, OFB, ECB
209Camellia-128 OpenSSL 128 / 16 CBC, CFB, CFB8, OFB, ECB
210Camellia-192 OpenSSL 192 / 24 CBC, CFB, CFB8, OFB, ECB
211Camellia-256 OpenSSL 256 / 32 CBC, CFB, CFB8, OFB, ECB
212Seed OpenSSL 128 / 16 CBC, CFB, OFB, ECB
213============== ========= ============================== =========================================
214
215.. note:: If you wish to use one of those ciphers, you'd have to pass
216 its name in lower-case to the Encryption library.
217
218.. note:: You've probably noticed that all AES cipers (and Rijndael-128)
219 are also listed in the portable ciphers list. This is because
220 drivers support different modes for these ciphers. Also, it is
221 important to note that AES-128 and Rijndael-128 are actually
222 the same cipher, but **only** when used with a 128-bit key.
223
Andrey Andreev18767e32014-03-04 22:21:35 +0200224.. note:: CAST-128 / CAST-5 is also listed in both the portable and
225 driver-specific ciphers list. This is because OpenSSL's
226 implementation doesn't appear to be working correctly with
227 key sizes of 80 bits and lower.
228
Andrey Andreev4b450652014-02-10 06:59:54 +0200229.. note:: RC2 is listed as supported by both MCrypt and OpenSSL.
230 However, both drivers implement them differently and they
231 are not portable. It is probably worth noting that we only
232 found one obscure source confirming that it is MCrypt that
233 is not properly implementing it.
234
235.. _encryption-modes:
236
237Encryption modes
238----------------
239
240Different modes of encryption have different characteristics and serve
241for different purposes. Some are stronger than others, some are faster
242and some offer extra features.
243We are not going in depth into that here, we'll leave that to the
244cryptography experts. The table below is to provide brief informational
245reference to our more experienced users. If you are a beginner, just
246stick to the CBC mode - it is widely accepted as strong and secure for
247general purposes.
248
249=========== ================== ================= ===================================================================================================================================================
250Mode name CodeIgniter name Driver support Additional info
251=========== ================== ================= ===================================================================================================================================================
252CBC cbc MCrypt, OpenSSL A safe default choice
253CTR ctr MCrypt, OpenSSL Considered as theoretically better than CBC, but not as widely available
254CFB cfb MCrypt, OpenSSL N/A
255CFB8 cfb8 MCrypt, OpenSSL Same as CFB, but operates in 8-bit mode (not recommended).
256OFB ofb MCrypt, OpenSSL N/A
257OFB8 ofb8 MCrypt Same as OFB, but operates in 8-bit mode (not recommended).
258ECB ecb MCrypt, OpenSSL Ignores IV (not recommended).
Andrey Andreev4b450652014-02-10 06:59:54 +0200259XTS xts OpenSSL Usually used for encrypting random access data such as RAM or hard-disk storage.
260Stream stream MCrypt, OpenSSL This is not actually a mode, it just says that a stream cipher is being used. Required because of the general cipher+mode initialization process.
261=========== ================== ================= ===================================================================================================================================================
262
263Message Length
264==============
265
266It's probably important for you to know that an encrypted string is usually
267longer than the original, plain-text string (depending on the cipher).
268
269This is influenced by the cipher algorithm itself, the IV prepended to the
Andrey Andreevab9971f2014-07-02 19:09:08 +0300270cipher-text and the HMAC authentication message that is also prepended.
271Furthermore, the encrypted message is also Base64-encoded so that it is safe
272for storage and transmission, regardless of a possible character set in use.
Andrey Andreev4b450652014-02-10 06:59:54 +0200273
274Keep this information in mind when selecting your data storage mechanism.
275Cookies, for example, can only hold 4K of information.
276
277.. _configuration:
278
279Configuring the library
280=======================
281
282For usability, performance, but also historical reasons tied to our old
283:doc:`Encrypt Class <encrypt>`, the Encryption library is designed to
284use repeatedly the same driver, encryption cipher, mode and key.
285
286As noted in the "Default behavior" section above, this means using an
287auto-detected driver (OpenSSL has a higher priority), the AES-128 ciper
288in CBC mode, and your ``$config['encryption_key']`` value.
289
290If you wish to change that however, you need to use the ``initialize()``
291method. It accepts an associative array of parameters, all of which are
292optional:
293
294======== ===============================================
295Option Possible values
296======== ===============================================
297driver 'mcrypt', 'openssl'
298cipher Cipher name (see :ref:`ciphers-and-modes`)
299mode Encryption mode (see :ref:`encryption-modes`)
300key Encryption key
301======== ===============================================
302
303For example, if you were to change the encryption algorithm and
304mode to AES-256 in CTR mode, this is what you should do::
305
306 $this->encryption->initialize(
307 array(
308 'cipher' => 'aes-256',
309 'mode' => 'ctr',
310 'key' => '<a 32-character random string>'
311 )
312 );
313
314Note that we only mentioned that you want to change the ciper and mode,
315but we also included a key in the example. As previously noted, it is
316important that you choose a key with a proper size for the used algorithm.
317
318There's also the ability to change the driver, if for some reason you
319have both, but want to use MCrypt instead of OpenSSL::
320
321 // Switch to the MCrypt driver
322 $this->encryption->initialize(array('driver' => 'mcrypt'));
323
324 // Switch back to the OpenSSL driver
325 $this->encryption->initialize(array('driver' => 'openssl'));
326
327Encrypting and decrypting data
328==============================
329
330Encrypting and decrypting data with the already configured library
331settings is simple. As simple as just passing the string to the
332``encrypt()`` and/or ``decrypt()`` methods::
333
334 $plain_text = 'This is a plain-text message!';
335 $ciphertext = $this->encryption->encrypt($plain_text);
336
337 // Outputs: This is a plain-text message!
338 echo $this->encryption->decrypt($ciphertext);
339
340And that's it! The Encryption library will do everything necessary
341for the whole process to be cryptographically secure out-of-the-box.
342You don't need to worry about it.
343
344.. important:: Both methods will return FALSE in case of an error.
345 While for ``encrypt()`` this can only mean incorrect
346 configuration, you should always check the return value
347 of ``decrypt()`` in production code.
348
349How it works
350------------
351
352If you must know how the process works, here's what happens under
353the hood:
354
355- ``$this->encryption->encrypt($plain_text)``
356
357 #. Derive an encryption key and a HMAC key from your configured
358 *encryption_key* via HKDF, using the SHA-512 digest algorithm.
359
360 #. Generate a random initialization vector (IV).
361
362 #. Encrypt the data via AES-128 in CBC mode (or another previously
363 configured cipher and mode), using the above-mentioned derived
364 encryption key and IV.
365
366 #. Prepend said IV to the resulting cipher-text.
367
368 #. Base64-encode the resulting string, so that it can be safely
369 stored or transferred without worrying about character sets.
370
371 #. Create a SHA-512 HMAC authentication message using the derived
372 HMAC key to ensure data integrity and prepend it to the Base64
373 string.
374
375- ``$this->encryption->decrypt($ciphertext)``
376
377 #. Derive an encryption key and a HMAC key from your configured
378 *encryption_key* via HKDF, using the SHA-512 digest algorithm.
379 Because your configured *encryption_key* is the same, this
380 will produce the same result as in the ``encrypt()`` method
381 above - otherwise you won't be able to decrypt it.
382
383 #. Check if the string is long enough, separate the HMAC out of
384 it and validate if it is correct (this is done in a way that
Andrey Andreev71d8f722017-01-17 12:01:00 +0200385 prevents timing attacks against it). Return FALSE if either of
Andrey Andreev4b450652014-02-10 06:59:54 +0200386 the checks fails.
387
388 #. Base64-decode the string.
389
390 #. Separate the IV out of the cipher-text and decrypt the said
391 cipher-text using that IV and the derived encryption key.
392
393.. _custom-parameters:
394
395Using custom parameters
396-----------------------
397
398Let's say you have to interact with another system that is out
399of your control and uses another method to encrypt data. A
400method that will most certainly not match the above-described
401sequence and probably not use all of the steps either.
402
403The Encryption library allows you to change how its encryption
404and decryption processes work, so that you can easily tailor a
405custom solution for such situations.
406
407.. note:: It is possible to use the library in this way, without
408 setting an *encryption_key* in your configuration file.
409
410All you have to do is to pass an associative array with a few
411parameters to either the ``encrypt()`` or ``decrypt()`` method.
412Here's an example::
413
414 // Assume that we have $ciphertext, $key and $hmac_key
415 // from on outside source
416
417 $message = $this->encryption->decrypt(
418 $ciphertext,
419 array(
420 'cipher' => 'blowfish',
421 'mode' => 'cbc',
422 'key' => $key,
423 'hmac_digest' => 'sha256',
424 'hmac_key' => $hmac_key
425 )
426 );
427
428In the above example, we are decrypting a message that was encrypted
429using the Blowfish cipher in CBC mode and authenticated via a SHA-256
430HMAC.
431
432.. important:: Note that both 'key' and 'hmac_key' are used in this
433 example. When using custom parameters, encryption and HMAC keys
434 are not derived like the default behavior of the library is.
435
436Below is a list of the available options.
437
438However, unless you really need to and you know what you are doing,
439we advise you to not change the encryption process as this could
440impact security, so please do so with caution.
441
442============= =============== ============================= ======================================================
443Option Default value Mandatory / Optional Description
444============= =============== ============================= ======================================================
445cipher N/A Yes Encryption algorithm (see :ref:`ciphers-and-modes`).
446mode N/A Yes Encryption mode (see :ref:`encryption-modes`).
447key N/A Yes Encryption key.
Andrey Andreev4b450652014-02-10 06:59:54 +0200448hmac TRUE No Whether to use a HMAC.
449 Boolean. If set to FALSE, then *hmac_digest* and
450 *hmac_key* will be ignored.
451hmac_digest sha512 No HMAC message digest algorithm (see :ref:`digests`).
452hmac_key N/A Yes, unless *hmac* is FALSE HMAC key.
453raw_data FALSE No Whether the cipher-text should be raw.
454 Boolean. If set to TRUE, then Base64 encoding and
455 decoding will not be performed and HMAC will not
456 be a hexadecimal string.
457============= =============== ============================= ======================================================
458
459.. important:: ``encrypt()`` and ``decrypt()`` will return FALSE if
460 a mandatory parameter is not provided or if a provided
461 value is incorrect. This includes *hmac_key*, unless *hmac*
462 is set to FALSE.
463
Andrey Andreev4b450652014-02-10 06:59:54 +0200464.. _digests:
465
466Supported HMAC authentication algorithms
467----------------------------------------
468
469For HMAC message authentication, the Encryption library supports
470usage of the SHA-2 family of algorithms:
471
472=========== ==================== ============================
473Algorithm Raw length (bytes) Hex-encoded length (bytes)
474=========== ==================== ============================
475sha512 64 128
476sha384 48 96
477sha256 32 64
478sha224 28 56
479=========== ==================== ============================
480
481The reason for not including other popular algorithms, such as
482MD5 or SHA1 is that they are no longer considered secure enough
483and as such, we don't want to encourage their usage.
484If you absolutely need to use them, it is easy to do so via PHP's
Master Yodabd2a7e42015-03-25 02:36:31 -0700485native `hash_hmac() <http://php.net/manual/en/function.hash-hmac.php>`_ function.
Andrey Andreev4b450652014-02-10 06:59:54 +0200486
487Stronger algorithms of course will be added in the future as they
488appear and become widely available.
489
490***************
491Class Reference
492***************
493
Andrey Andreevcd3d9db2015-02-02 13:41:01 +0200494.. php:class:: CI_Encryption
Andrey Andreev4b450652014-02-10 06:59:54 +0200495
Andrey Andreevcd3d9db2015-02-02 13:41:01 +0200496 .. php:method:: initialize($params)
Andrey Andreev4b450652014-02-10 06:59:54 +0200497
498 :param array $params: Configuration parameters
499 :returns: CI_Encryption instance (method chaining)
500 :rtype: CI_Encryption
501
502 Initializes (configures) the library to use a different
503 driver, cipher, mode or key.
504
505 Example::
506
507 $this->encryption->initialize(
508 array('mode' => 'ctr')
509 );
510
511 Please refer to the :ref:`configuration` section for detailed info.
512
Andrey Andreevcd3d9db2015-02-02 13:41:01 +0200513 .. php:method:: encrypt($data[, $params = NULL])
Andrey Andreev4b450652014-02-10 06:59:54 +0200514
515 :param string $data: Data to encrypt
516 :param array $params: Optional parameters
517 :returns: Encrypted data or FALSE on failure
518 :rtype: string
519
520 Encrypts the input data and returns its ciphertext.
521
522 Example::
523
524 $ciphertext = $this->encryption->encrypt('My secret message');
525
526 Please refer to the :ref:`custom-parameters` section for information
527 on the optional parameters.
528
Andrey Andreevcd3d9db2015-02-02 13:41:01 +0200529 .. php:method:: decrypt($data[, $params = NULL])
Andrey Andreev4b450652014-02-10 06:59:54 +0200530
531 :param string $data: Data to decrypt
532 :param array $params: Optional parameters
533 :returns: Decrypted data or FALSE on failure
534 :rtype: string
535
536 Decrypts the input data and returns it in plain-text.
537
538 Example::
539
540 echo $this->encryption->decrypt($ciphertext);
541
542 Please refer to the :ref:`custom-parameters` secrion for information
543 on the optional parameters.
544
Andrey Andreeve7a30962015-03-08 22:15:57 +0200545 .. php:method:: create_key($length)
546
547 :param int $length: Output length
548 :returns: A pseudo-random cryptographic key with the specified length, or FALSE on failure
549 :rtype: string
550
551 Creates a cryptographic key by fetching random data from
552 the operating system's sources (i.e. /dev/urandom).
553
Andrey Andreevcd3d9db2015-02-02 13:41:01 +0200554 .. php:method:: hkdf($key[, $digest = 'sha512'[, $salt = NULL[, $length = NULL[, $info = '']]]])
Andrey Andreev4b450652014-02-10 06:59:54 +0200555
556 :param string $key: Input key material
557 :param string $digest: A SHA-2 family digest algorithm
558 :param string $salt: Optional salt
559 :param int $length: Optional output length
560 :param string $info: Optional context/application-specific info
561 :returns: A pseudo-random key or FALSE on failure
Andrey Andreevb9061492014-12-04 16:33:24 +0200562 :rtype: string
Andrey Andreev4b450652014-02-10 06:59:54 +0200563
564 Derives a key from another, presumably weaker key.
565
566 This method is used internally to derive an encryption and HMAC key
567 from your configured *encryption_key*.
568
569 It is publicly available due to its otherwise general purpose. It is
570 described in `RFC 5869 <https://tools.ietf.org/rfc/rfc5869.txt>`_.
571
572 However, as opposed to the description in RFC 5869, this implementation
573 doesn't support SHA1.
574
575 Example::
576
577 $hmac_key = $this->encryption->hkdf(
578 $key,
579 'sha512',
580 NULL,
581 NULL,
582 'authentication'
583 );
584
585 // $hmac_key is a pseudo-random key with a length of 64 bytes