Encryption
Lithe offers a security module called Crypt that provides methods for encrypting and decrypting data using the AES-256-CBC algorithm. AES (Advanced Encryption Standard) is widely recognized for its security and efficiency in protecting sensitive data.
Configuration
To use the Crypt
encryption module in Lithe, you must first set the APP_KEY
environment variable in your .env
file. The value of this variable must be a cryptographically secure key. You can generate this key by running the command php line key:generate
, which will create a secure key for your application. The APP_KEY
variable is essential for encryption and should be set during the Lithe installation or configured manually.
Warning: Changing the encryption key (
APP_KEY
) invalidates all previous encryptions. Data encrypted with one key cannot be decrypted if the key is changed.
Using Crypt
The Lithe Crypt
module provides methods to encrypt and decrypt data. Both methods use the AES-256-CBC encryption algorithm.
Encrypting a Value
To encrypt data, use the encrypt
method of the Crypt
module. The encrypted value is returned in base64 format.
use Lithe\Support\Security\Crypt;
use Lithe\Http\Request;
use Lithe\Http\Response;
use function Lithe\Orbs\Http\Router\{get, post};
post('/account/create', function (Request $req, Response $res) {
// Encrypting the 'name' field from the request body
$encryptedName = Crypt::encrypt($req->input('name'));
// ...
// Returning the response
return $res->send("Data encrypted successfully!");
});
Decrypting a Value
To decrypt data, use the decrypt
method of the Crypt
module. The decrypted value is returned as a string.
use Lithe\Support\Security\Crypt;
$decrypted = Crypt::decrypt($encryptedValue);
Possible Outcomes:
- Successful Decryption: If the decryption is successful, the
decrypt
method returns the decrypted data as a string. - Decryption Failure: If decryption fails, the method throws a
CryptException
. This can occur due to an incorrect key, invalid IV, corrupted data, or other encryption-related issues.
To handle decryption failures, wrap the call to the decrypt
method in a try-catch
block to capture and manage exceptions.
use Lithe\Support\Security\Crypt;
use Lithe\Exceptions\Encryption\CryptException;
try {
$decrypted = Crypt::decrypt($encryptedValue);
} catch (CryptException $e) {
// Handle the exception here
echo 'Error decrypting data: ' . $e->getMessage();
}
Additional Notes
- Key Validation: Ensure that the
APP_KEY
variable is a valid base64 string with 32 bytes after decoding. - Key Maintenance: Keep the
APP_KEY
secure and avoid frequent changes to ensure that encrypted data can be correctly decrypted.