Blame - user_guide/libraries/encryption.html - code-igniter-v3-giggi

blob: dac1db911cc09b9f445bedb652a64c03f1992c5f [file] [log] [blame]

Derek Allard	2067d1a	2008-11-13 22:59:24 +0000	[diff] [blame]	1	<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
				2	<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
				3	<head>
				4
				5	<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
				6	<title>Encryption Class : CodeIgniter User Guide</title>
				7
				8	<style type='text/css' media='all'>@import url('../userguide.css');</style>
				9	<link rel='stylesheet' type='text/css' media='all' href='../userguide.css' />
				10
				11	<script type="text/javascript" src="../nav/nav.js"></script>
				12	<script type="text/javascript" src="../nav/prototype.lite.js"></script>
				13	<script type="text/javascript" src="../nav/moo.fx.js"></script>
				14	<script type="text/javascript" src="../nav/user_guide_menu.js"></script>
				15
				16	<meta http-equiv='expires' content='-1' />
				17	<meta http-equiv= 'pragma' content='no-cache' />
				18	<meta name='robots' content='all' />
				19	<meta name='author' content='ExpressionEngine Dev Team' />
				20	<meta name='description' content='CodeIgniter User Guide' />
				21
				22	</head>
				23	<body>
				24
				25	<!-- START NAVIGATION -->
				26	<div id="nav"><div id="nav_inner"><script type="text/javascript">create_menu('../');</script></div></div>
				27	<div id="nav2"><a name="top"></a><a href="javascript:void(0);" onclick="myHeight.toggle();"><img src="../images/nav_toggle_darker.jpg" width="154" height="43" border="0" title="Toggle Table of Contents" alt="Toggle Table of Contents" /></a></div>
				28	<div id="masthead">
				29	<table cellpadding="0" cellspacing="0" border="0" style="width:100%">
				30	<tr>
Derek Jones	8917af7	2010-03-05 12:41:45 -0600	[diff] [blame]	31	<td><h1>CodeIgniter User Guide Version 2.0.0</h1></td>
Derek Allard	2067d1a	2008-11-13 22:59:24 +0000	[diff] [blame]	32	<td id="breadcrumb_right"><a href="../toc.html">Table of Contents Page</a></td>
				33	</tr>
				34	</table>
				35	</div>
				36	<!-- END NAVIGATION -->
				37
				38
				39	<!-- START BREADCRUMB -->
				40	<table cellpadding="0" cellspacing="0" border="0" style="width:100%">
				41	<tr>
				42	<td id="breadcrumb">
				43	<a href="http://codeigniter.com/">CodeIgniter Home</a>  ›
				44	<a href="../index.html">User Guide Home</a>  ›
				45	Encryption Class
				46	</td>
				47	<td id="searchbox"><form method="get" action="http://www.google.com/search"><input type="hidden" name="as_sitesearch" id="as_sitesearch" value="codeigniter.com/user_guide/" />Search User Guide  <input type="text" class="input" style="width:200px;" name="q" id="q" size="31" maxlength="255" value="" /> <input type="submit" class="submit" name="sa" value="Go" /></form></td>
				48	</tr>
				49	</table>
				50	<!-- END BREADCRUMB -->
				51
				52	<br clear="all" />
				53
				54
				55	<!-- START CONTENT -->
				56	<div id="content">
				57
				58
				59	<h1>Encryption Class</h1>
				60
				61	<p>The Encryption Class provides two-way data encryption. It uses a scheme that pre-compiles
				62	the message using a randomly hashed bitwise XOR encoding scheme, which is then encrypted using
				63	the Mcrypt library. If Mcrypt is not available on your server the encoded message will
				64	still provide a reasonable degree of security for encrypted sessions or other such "light" purposes.
				65	If Mcrypt is available, you'll effectively end up with a double-encrypted message string, which should
				66	provide a very high degree of security.</p>
				67
				68
				69	<h2>Setting your Key</h2>
				70
				71	<p>A <em>key</em> is a piece of information that controls the cryptographic process and permits an encrypted string to be decoded.
				72	In fact, the key you chose will provide the <strong>only</strong> means to decode data that was encrypted with that key,
				73	so not only must you choose the key carefully, you must never change it if you intend use it for persistent data.</p>
				74
				75	<p>It goes without saying that you should guard your key carefully.
				76	Should someone gain access to your key, the data will be easily decoded. If your server is not totally under your control
				77	it's impossible to ensure key security so you may want to think carefully before using it for anything
				78	that requires high security, like storing credit card numbers.</p>
				79
				80	<p>To take maximum advantage of the encryption algorithm, your key should be 32 characters in length (128 bits).
				81	The key should be as random a string as you can concoct, with numbers and uppercase and lowercase letters.
				82	Your key should <strong>not</strong> be a simple text string. In order to be cryptographically secure it
				83	needs to be as random as possible.</p>
				84
				85	<p>Your key can be either stored in your <dfn>application/config/config.php</dfn>, or you can design your own
				86	storage mechanism and pass the key dynamically when encoding/decoding.</p>
				87
				88	<p>To save your key to your <dfn>application/config/config.php</dfn>, open the file and set:</p>
				89	<code>$config['encryption_key'] = "YOUR KEY";</code>
				90
				91
				92	<h2>Message Length</h2>
				93
				94	<p>It's important for you to know that the encoded messages the encryption function generates will be approximately 2.6 times longer than the original
				95	message. For example, if you encrypt the string "my super secret data", which is 21 characters in length, you'll end up
				96	with an encoded string that is roughly 55 characters (we say "roughly" because the encoded string length increments in
				97	64 bit clusters, so it's not exactly linear). Keep this information in mind when selecting your data storage mechanism. Cookies,
				98	for example, can only hold 4K of information.</p>
				99
				100
				101	<h2>Initializing the Class</h2>
				102
				103	<p>Like most other classes in CodeIgniter, the Encryption class is initialized in your controller using the <dfn>$this->load->library</dfn> function:</p>
				104
				105	<code>$this->load->library('encrypt');</code>
				106	<p>Once loaded, the Encrypt library object will be available using: <dfn>$this->encrypt</dfn></p>
				107
				108
				109	<h2>$this->encrypt->encode()</h2>
				110
				111	<p>Performs the data encryption and returns it as a string. Example:</p>
				112	<code>
				113	$msg = 'My secret message';<br />
				114	<br />
				115	$encrypted_string = $this->encrypt->encode($msg);</code>
				116
				117	<p>You can optionally pass your encryption key via the second parameter if you don't want to use the one in your config file:</p>
				118
				119	<code>
				120	$msg = 'My secret message';<br />
				121	$key = 'super-secret-key';<br />
				122	<br />
				123	$encrypted_string = $this->encrypt->encode($msg, $key);</code>
				124
				125
				126	<h2>$this->encrypt->decode()</h2>
				127
				128	<p>Decrypts an encoded string. Example:</p>
				129
				130	<code>
				131	$encrypted_string = 'APANtByIGI1BpVXZTJgcsAG8GZl8pdwwa84';<br />
				132	<br />
				133	$plaintext_string = $this->encrypt->decode($encrypted_string);</code>
				134
Derek Allard	2aab785	2009-09-18 05:27:19 +0000	[diff] [blame]	135	<p>You can optionally pass your encryption key via the second parameter if you don't want to use the one in your config file:</p>
				136
				137	<code>
				138	$msg = 'My secret message';<br />
				139	$key = 'super-secret-key';<br />
				140	<br />
				141	$encrypted_string = $this->encrypt->decode($msg, $key);</code>
				142
Derek Allard	2067d1a	2008-11-13 22:59:24 +0000	[diff] [blame]	143
				144	<h2>$this->encrypt->set_cipher();</h2>
				145
				146	<p>Permits you to set an Mcrypt cipher. By default it uses <samp>MCRYPT_RIJNDAEL_256</samp>. Example:</p>
				147	<code>$this->encrypt->set_cipher(MCRYPT_BLOWFISH);</code>
				148	<p>Please visit php.net for a list of <a href="http://php.net/mcrypt">available ciphers</a>.</p>
				149
				150	<p>If you'd like to manually test whether your server supports Mcrypt you can use:</p>
				151	<code>echo ( ! function_exists('mcrypt_encrypt')) ? 'Nope' : 'Yup';</code>
				152
				153
				154	<h2>$this->encrypt->set_mode();</h2>
				155
				156	<p>Permits you to set an Mcrypt mode. By default it uses <samp>MCRYPT_MODE_ECB</samp>. Example:</p>
				157	<code>$this->encrypt->set_mode(MCRYPT_MODE_CFB);</code>
				158	<p>Please visit php.net for a list of <a href="http://php.net/mcrypt">available modes</a>.</p>
				159
				160
				161	<h2>$this->encrypt->sha1();</h2>
				162	<p>SHA1 encoding function. Provide a string and it will return a 160 bit one way hash. Note: SHA1, just like MD5 is non-decodable. Example:</p>
				163	<code>$hash = $this->encrypt->sha1('Some string');</code>
				164
				165	<p>Many PHP installations have SHA1 support by default so if all you need is to encode a hash it's simpler to use the native
				166	function:</p>
				167
				168	<code>$hash = sha1('Some string');</code>
				169
				170	<p>If your server does not support SHA1 you can use the provided function.</p>
				171
				172
				173
				174	</div>
				175	<!-- END CONTENT -->
				176
				177
				178	<div id="footer">
				179	<p>
				180	Previous Topic:  <a href="email.html">Email Class</a>
				181	·
				182	<a href="#top">Top of Page</a>   ·
				183	<a href="../index.html">User Guide Home</a>   ·
				184	Next Topic:  <a href="file_uploading.html">File Uploading Class</a>
				185	</p>
Derek Jones	d6d70e3	2010-03-29 10:10:27 -0500	[diff] [blame^]	186	<p><a href="http://codeigniter.com">CodeIgniter</a>  ·  Copyright © 2006-2010  ·  <a href="http://ellislab.com/">EllisLab, Inc.</a></p>
Derek Allard	2067d1a	2008-11-13 22:59:24 +0000	[diff] [blame]	187	</div>
				188
				189	</body>
admin	b0dd10f	2006-08-25 17:25:49 +0000	[diff] [blame]	190	</html>