blob: 6bb46b93ae42de5157f5939caf0b07f82a39fdb1 [file] [log] [blame]
adminb0dd10f2006-08-25 17:25:49 +00001<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
2<html>
3<head>
4
Derek Allard404e35d2007-08-07 01:00:45 +00005<title>CodeIgniter User Guide : Encryption Class</title>
adminb0dd10f2006-08-25 17:25:49 +00006
7<style type='text/css' media='all'>@import url('../userguide.css');</style>
8<link rel='stylesheet' type='text/css' media='all' href='../userguide.css' />
9
admin17a890d2006-09-27 20:42:42 +000010<script type="text/javascript" src="../nav/nav.js"></script>
admin2296fc32006-09-27 21:07:02 +000011<script type="text/javascript" src="../nav/prototype.lite.js"></script>
admin17a890d2006-09-27 20:42:42 +000012<script type="text/javascript" src="../nav/moo.fx.js"></script>
adminb0dd10f2006-08-25 17:25:49 +000013<script type="text/javascript">
14window.onload = function() {
admine334c472006-10-21 19:44:22 +000015 myHeight = new fx.Height('nav', {duration: 400});
adminb0dd10f2006-08-25 17:25:49 +000016 myHeight.hide();
17}
18</script>
19
20<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
21<meta http-equiv='expires' content='-1' />
22<meta http-equiv= 'pragma' content='no-cache' />
23<meta name='robots' content='all' />
24<meta name='author' content='Rick Ellis' />
Derek Allardd2df9bc2007-04-15 17:41:17 +000025<meta name='description' content='CodeIgniter User Guide' />
adminb0dd10f2006-08-25 17:25:49 +000026
27</head>
28<body>
29
30<!-- START NAVIGATION -->
31<div id="nav"><div id="nav_inner"><script type="text/javascript">create_menu('../');</script></div></div>
32<div id="nav2"><a name="top"></a><a href="javascript:void(0);" onclick="myHeight.toggle();"><img src="../images/nav_toggle.jpg" width="153" height="44" border="0" title="Toggle Table of Contents" alt="Toggle Table of Contents" /></a></div>
33<div id="masthead">
34<table cellpadding="0" cellspacing="0" border="0" style="width:100%">
35<tr>
Derek Allard60ca9b72007-07-12 19:53:27 +000036<td><h1>CodeIgniter User Guide Version 1.5.4</h1></td>
adminc0d5d522006-10-30 19:40:35 +000037<td id="breadcrumb_right"><a href="../toc.html">Table of Contents Page</a></td>
adminb0dd10f2006-08-25 17:25:49 +000038</tr>
39</table>
40</div>
41<!-- END NAVIGATION -->
42
43
44<!-- START BREADCRUMB -->
45<table cellpadding="0" cellspacing="0" border="0" style="width:100%">
46<tr>
47<td id="breadcrumb">
Derek Allardd2df9bc2007-04-15 17:41:17 +000048<a href="http://www.codeigniter.com/">CodeIgniter Home</a> &nbsp;&#8250;&nbsp;
adminb0dd10f2006-08-25 17:25:49 +000049<a href="../index.html">User Guide Home</a> &nbsp;&#8250;&nbsp;
admin10c3f412006-10-08 07:21:12 +000050Encryption Class
adminb0dd10f2006-08-25 17:25:49 +000051</td>
Derek Allardbc030912007-06-24 18:25:29 +000052<td id="searchbox"><form method="get" action="http://www.google.com/search"><input type="hidden" name="as_sitesearch" id="as_sitesearch" value="codeigniter.com/user_guide/" />Search User Guide&nbsp; <input type="text" class="input" style="width:200px;" name="q" id="q" size="31" maxlength="255" value="" />&nbsp;<input type="submit" class="submit" name="sa" value="Go" /></form></td>
adminb0dd10f2006-08-25 17:25:49 +000053</tr>
54</table>
55<!-- END BREADCRUMB -->
56
57<br clear="all" />
58
59
60<!-- START CONTENT -->
61<div id="content">
62
63
admin10c3f412006-10-08 07:21:12 +000064<h1>Encryption Class</h1>
adminb0dd10f2006-08-25 17:25:49 +000065
admin10c3f412006-10-08 07:21:12 +000066<p>The Encryption Class provides two-way data encryption. It uses a scheme that pre-compiles
adminb0dd10f2006-08-25 17:25:49 +000067the message using a randomly hashed bitwise XOR encoding scheme, which is then encrypted using
68the Mcrypt library. If Mcrypt is not available on your server the encoded message will
admine334c472006-10-21 19:44:22 +000069still provide a reasonable degree of security for encrypted sessions or other such "light" purposes.
adminb0dd10f2006-08-25 17:25:49 +000070If Mcrypt is available, you'll effectively end up with a double-encrypted message string, which should
71provide a very high degree of security.</p>
72
73
74<h2>Setting your Key</h2>
75
admine334c472006-10-21 19:44:22 +000076<p>A <em>key</em> is a piece of information that controls the cryptographic process and permits an encrypted string to be decoded.
adminb0dd10f2006-08-25 17:25:49 +000077In fact, the key you chose will provide the <strong>only</strong> means to decode data that was encrypted with that key,
admine7e1dcd2006-10-21 18:04:01 +000078so not only must you chose the key carefully, you must never change it if you intend use it for persistent data.</p>
adminb0dd10f2006-08-25 17:25:49 +000079
80<p>It goes without saying that you should guard your key carefully.
81Should someone gain access to your key, the data will be easily decoded. If your server is not totally under your control
82it's impossible to ensure key security so you may want to think carefully before using it for anything
83that requires high security, like storing credit card numbers.</p>
84
admine334c472006-10-21 19:44:22 +000085<p>To take maximum advantage of the encryption algorithm, your key should be 32 characters in length (128 bits).
86The key should be as random a string as you can concoct, with numbers and uppercase and lowercase letters.
87Your key should <strong>not</strong> be a simple text string. In order to be cryptographically secure it
adminb0dd10f2006-08-25 17:25:49 +000088needs to be as random as possible.</p>
89
admine334c472006-10-21 19:44:22 +000090<p>Your key can be either stored in your <dfn>application/config/config.php</dfn>, or you can design your own
adminb0dd10f2006-08-25 17:25:49 +000091storage mechanism and pass the key dynamically when encoding/decoding.</p>
92
93<p>To save your key to your <dfn>application/config/config.php</dfn>, open the file and set:</p>
94<code>$config['encryption_key'] = "YOUR KEY";</code>
95
96
97<h2>Message Length</h2>
98
admine334c472006-10-21 19:44:22 +000099<p>It's important for you to know that the encoded messages the encryption function generates will be approximately 2.6 times longer than the original
adminb0dd10f2006-08-25 17:25:49 +0000100message. For example, if you encrypt the string "my super secret data", which is 21 characters in length, you'll end up
101with an encoded string that is roughly 55 characters (we say "roughly" because the encoded string length increments in
10264 bit clusters, so it's not exactly linear). Keep this information in mind when selecting your data storage mechanism. Cookies,
103for example, can only hold 4K of information.</p>
104
105
106<h2>Initializing the Class</h2>
107
Derek Allardd2df9bc2007-04-15 17:41:17 +0000108<p>Like most other classes in CodeIgniter, the Encryption class is initialized in your controller using the <dfn>$this->load->library</dfn> function:</p>
adminb0dd10f2006-08-25 17:25:49 +0000109
110<code>$this->load->library('encrypt');</code>
111<p>Once loaded, the Encrypt library object will be available using: <dfn>$this->encrypt</dfn></p>
112
adminb0dd10f2006-08-25 17:25:49 +0000113
114<h2>$this->encrypt->encode()</h2>
115
116<p>Performs the data encryption and returns it as a string. Example:</p>
117<code>
118$msg = 'My secret message';<br />
119<br />
120$encrypted_string = $this->encrypt->encode($msg);</code>
121
122<p>You can optionally pass your encryption key via the second parameter if you don't want to use the one in your config file:</p>
123
124<code>
125$msg = 'My secret message';<br />
126$key = 'super-secret-key';<br />
127<br />
128$encrypted_string = $this->encrypt->encode($msg, $key);</code>
129
130
131<h2>$this->encrypt->decode()</h2>
132
133<p>Decrypts an encoded string. Example:</p>
134
135<code>
136$encrypted_string = 'APANtByIGI1BpVXZTJgcsAG8GZl8pdwwa84';<br />
137<br />
138$plaintext_string = $this->encrypt->decode($encrypted_string);</code>
139
140
admin9fa00372006-10-12 18:20:13 +0000141<h2>$this->encrypt->set_cipher();</h2>
adminb0dd10f2006-08-25 17:25:49 +0000142
Derek Allardc6441282007-07-04 23:54:32 +0000143<p>Permits you to set an Mcrypt cipher. By default it uses <samp>MCRYPT_RIJNDAEL_256</samp>. Example:</p>
Derek Allard5a94ae52007-06-18 00:14:57 +0000144<code>$this->encrypt->set_cipher(MCRYPT_BLOWFISH);</code>
admin9fa00372006-10-12 18:20:13 +0000145<p>Please visit php.net for a list of <a href="http://php.net/mcrypt">available ciphers</a>.</p>
adminb0dd10f2006-08-25 17:25:49 +0000146
147<p>If you'd like to manually test whether your server supports Mcrypt you can use:</p>
148<code>echo ( ! function_exists('mcrypt_encrypt')) ? 'Nope' : 'Yup';</code>
149
150
151<h2>$this->encrypt->set_mode();</h2>
152
Derek Allardc6441282007-07-04 23:54:32 +0000153<p>Permits you to set an Mcrypt mode. By default it uses <samp>MCRYPT_MODE_ECB</samp>. Example:</p>
Derek Allard5a94ae52007-06-18 00:14:57 +0000154<code>$this->encrypt->set_mode(MCRYPT_MODE_CFB);</code>
adminb0dd10f2006-08-25 17:25:49 +0000155<p>Please visit php.net for a list of <a href="http://php.net/mcrypt">available modes</a>.</p>
156
157
158<h2>$this->encrypt->sha1();</h2>
159<p>SHA1 encoding function. Provide a string and it will return a 160 bit one way hash. Note: SHA1, just like MD5 is non-decodable. Example:</p>
160<code>$hash = $this->encrypt->sha1('Some string');</code>
161
162<p>Many PHP installations have SHA1 support by default so if all you need is to encode a hash it's simpler to use the native
163function:</p>
164
165<code>$hash = sha1('Some string');</code>
166
167<p>If your server does not support SHA1 you can use the provided function.</p>
168
169
170
171</div>
172<!-- END CONTENT -->
173
174
175<div id="footer">
176<p>
177Previous Topic:&nbsp;&nbsp;<a href="email.html">Email Class</a>
178&nbsp;&nbsp;&nbsp;&middot;&nbsp;&nbsp;
179<a href="#top">Top of Page</a>&nbsp;&nbsp;&nbsp;&middot;&nbsp;&nbsp;
180<a href="../index.html">User Guide Home</a>&nbsp;&nbsp;&nbsp;&middot;&nbsp;&nbsp;
181Next Topic:&nbsp;&nbsp;<a href="file_uploading.html">File Uploading Class</a>
Derek Allardc6441282007-07-04 23:54:32 +0000182</p>
Derek Allardd2df9bc2007-04-15 17:41:17 +0000183<p><a href="http://www.codeigniter.com">CodeIgniter</a> &nbsp;&middot;&nbsp; Copyright &#169; 2007 &nbsp;&middot;&nbsp; <a href="http://ellislab.com/">Ellislab, Inc.</a></p>
adminb0dd10f2006-08-25 17:25:49 +0000184</div>
185
186</body>
187</html>