Crypt
Lithe provides a security module called Crypt that offers methods for encrypting and decrypting data using the AES-256-CBC algorithm. AES (Advanced Encryption Standard) is widely recognized for its security and efficiency in protecting sensitive data.
Installation
To install the lithemod/crypt package, run:
composer require lithemod/crypt
The source code for the Crypt module is available at github.com/lithemod/crypt.
Configuration
To use the Crypt encryption module in Lithe, you must first set the APP_KEY environment variable in your .env file. The value of this variable should be a cryptographically secure key. You can generate this key using the command php line key:generate, which will create a secure key for your application. The APP_KEY variable is essential for encryption and should be set during Lithe installation or configured manually.
Warning: Changing the encryption key (
APP_KEY) invalidates all previous encryptions. Data encrypted with one key cannot be decrypted if the key is changed.
Using Crypt
The Crypt module in Lithe provides methods for encrypting and decrypting data. Both methods use the AES-256-CBC encryption algorithm.
Encrypting a Value
To encrypt data, use the encrypt method from the Crypt module. The encrypted value is returned in base64 format.
use Lithe\Support\Security\Crypt;
$app->post('/account/create', function ($req, $res) {
// Encrypting the 'name' field from the request body
$encryptedName = Crypt::encrypt($req->input('name'));
// ...
// Returning the response
return $res->send("Data encrypted successfully!");
});
Decrypting a Value
To decrypt data, use the decrypt method from the Crypt module. The decrypted value is returned as a string.
use Lithe\Support\Security\Crypt;
$decrypted = Crypt::decrypt($encryptedValue);
Possible Returns:
- Successful Decryption: If decryption is successful, the
decryptmethod returns the decrypted data as a string. - Decryption Failure: If decryption fails, the method will throw a
CryptException. This may occur due to an incorrect key, invalid IV, corrupted data, or other encryption-related issues.
To handle decryption failures, wrap the call to the decrypt method in a try-catch block to capture and handle exceptions.
use Lithe\Support\Security\Crypt;
use Lithe\Exceptions\Encryption\CryptException;
try {
$decrypted = Crypt::decrypt($encryptedValue);
} catch (CryptException $e) {
// Handle the exception here
echo 'Error decrypting data: ' . $e->getMessage();
}
Additional Notes
- Key Validation: Ensure that the
APP_KEYvariable is a valid base64 string with 32 bytes after decoding. - Key Maintenance: Keep the
APP_KEYsecure and avoid frequent changes to ensure that encrypted data can be correctly decrypted.