Crypto
class Crypto (View source)
Constants
| private HEADER |
Header tagging the authenticated (random-IV + HMAC) payload format. The ':' is not part of the base64 alphabet, so a value carrying this prefix can never be confused with a legacy (base64-only) ciphertext. |
| private MAC_LENGTH |
The authentication tag length in bytes (HMAC-SHA256). |
Methods
Set the key
Encrypt data.
Decrypt data.
Details
static void
setKey(string $key, string|null $cipher = null)
Set the key
static string
encrypt(string $data)
Encrypt data.
Produces an authenticated payload: a fresh random IV is used for every call (so identical plaintexts yield different ciphertexts) and an encrypt-then-MAC HMAC-SHA256 tag protects against tampering.
static string|bool
decrypt(string $data)
Decrypt data.
Authenticated payloads are verified before decryption and fail closed (return false) on a bad tag, truncation or wrong key. Values produced by the previous unauthenticated format are still readable for backward compatibility.