Encryption
Lithe offers a security module called Crypt that provides methods for encrypting and decrypting data using the AES-256-CBC algorithm. AES (Advanced Encryption Standard) is widely recognized for its security and efficiency in protecting sensitive data.
Configuration
To use the Crypt encryption module in Lithe, you must first set the APP_KEY environment variable in your .env file. The value of this variable must be a cryptographically secure key. You can generate this key by running the command php line key:generate, which will create a secure key for your application. The APP_KEY variable is essential for encryption and should be set during the Lithe installation or configured manually.
Warning: Changing the encryption key (
APP_KEY) invalidates all previous encryptions. Data encrypted with one key cannot be decrypted if the key is changed.
Using Crypt
The Lithe Crypt module provides methods to encrypt and decrypt data. Both methods use the AES-256-CBC encryption algorithm.
Encrypting a Value
To encrypt data, use the encrypt method of the Crypt module. The encrypted value is returned in base64 format.
use Lithe\Support\Security\Crypt;
use Lithe\Http\Request;
use Lithe\Http\Response;
use function Lithe\Orbs\Http\Router\{get, post};
post('/account/create', function (Request $req, Response $res) {
// Encrypting the 'name' field from the request body
$encryptedName = Crypt::encrypt($req->input('name'));
// ...
// Returning the response
return $res->send("Data encrypted successfully!");
});
Decrypting a Value
To decrypt data, use the decrypt method of the Crypt module. The decrypted value is returned as a string.
use Lithe\Support\Security\Crypt;
$decrypted = Crypt::decrypt($encryptedValue);
Possible Outcomes:
- Successful Decryption: If the decryption is successful, the
decryptmethod returns the decrypted data as a string. - Decryption Failure: If decryption fails, the method throws a
CryptException. This can occur due to an incorrect key, invalid IV, corrupted data, or other encryption-related issues.
To handle decryption failures, wrap the call to the decrypt method in a try-catch block to capture and manage exceptions.
use Lithe\Support\Security\Crypt;
use Lithe\Exceptions\Encryption\CryptException;
try {
$decrypted = Crypt::decrypt($encryptedValue);
} catch (CryptException $e) {
// Handle the exception here
echo 'Error decrypting data: ' . $e->getMessage();
}
Additional Notes
- Key Validation: Ensure that the
APP_KEYvariable is a valid base64 string with 32 bytes after decoding. - Key Maintenance: Keep the
APP_KEYsecure and avoid frequent changes to ensure that encrypted data can be correctly decrypted.