Class craft\services\Security
- Inheritance
- craft\services\Security » yii\base\Security » yii\base\Component » yii\base\BaseObject
- Implements
- yii\base\Configurable
- Available since version
- 3.0
- Source Code
- https://github.com/craftcms/cms/blob/master/src/services/Security.php
Security component.
An instance of the Security component is globally accessible in Craft via craft\base\ApplicationTrait::getSecurity().
| Property | Type | Description | Defined By |
|---|---|---|---|
$allowedCiphers |
array[] | Look-up table of block sizes and key sizes for each supported OpenSSL cipher. | yii\base\Security |
$authKeyInfo |
string | HKDF info value for derivation of message authentication key. | yii\base\Security |
$cipher |
string | The cipher to use for encryption and decryption. | yii\base\Security |
$derivationIterations |
integer | Derivation iterations count. | yii\base\Security |
$kdfHash |
string | Hash algorithm for key derivation. | yii\base\Security |
$macHash |
string | Hash algorithm for message authentication. | yii\base\Security |
$passwordHashCost |
integer | Default cost used for password hashing. | yii\base\Security |
$passwordHashStrategy |
string | Strategy, which should be used to generate password hash. | yii\base\Security |
$sensitiveKeywords |
string[] | Keywords used to reference sensitive data | craft\services\Security |
| Method | Description | Defined By |
|---|---|---|
__call() |
Calls the named method which is not a class method. | yii\base\BaseObject |
__clone() |
This method is called after the object is created by cloning an existing one. | yii\base\Component |
__construct() |
Constructor. | yii\base\BaseObject |
__get() |
Returns the value of an object property. | yii\base\BaseObject |
__isset() |
Checks if a property is set, i.e. defined and not null. | yii\base\BaseObject |
__set() |
Sets value of an object property. | yii\base\BaseObject |
__unset() |
Sets an object property to null. | yii\base\BaseObject |
attachBehavior() |
Attaches a behavior to this component. | yii\base\Component |
attachBehaviors() |
Attaches a list of behaviors to the component. | yii\base\Component |
behaviors() |
Returns a list of behaviors that this component should behave as. | yii\base\Component |
canGetProperty() |
Returns a value indicating whether a property can be read. | yii\base\BaseObject |
canSetProperty() |
Returns a value indicating whether a property can be set. | yii\base\BaseObject |
className() |
Returns the fully qualified name of this class. | yii\base\BaseObject |
compareString() |
Performs string comparison using timing attack resistant approach. | yii\base\Security |
decryptByKey() |
Verifies and decrypts data encrypted with encryptByKey(). | craft\services\Security |
decryptByPassword() |
Verifies and decrypts data encrypted with encryptByPassword(). | yii\base\Security |
detachBehavior() |
Detaches a behavior from the component. | yii\base\Component |
detachBehaviors() |
Detaches all behaviors from the component. | yii\base\Component |
encryptByKey() |
Encrypts data using a cryptographic key. | craft\services\Security |
encryptByPassword() |
Encrypts data using a password. | yii\base\Security |
ensureBehaviors() |
Makes sure that the behaviors declared in behaviors() are attached to this component. | yii\base\Component |
generatePasswordHash() |
Generates a secure hash from a password and a random salt. | yii\base\Security |
generateRandomKey() |
Generates specified number of random bytes. | yii\base\Security |
generateRandomString() |
Generates a random string of specified length. | yii\base\Security |
getBehavior() |
Returns the named behavior object. | yii\base\Component |
getBehaviors() |
Returns all behaviors attached to this component. | yii\base\Component |
getMinimumPasswordLength() |
craft\services\Security | |
getValidationKey() |
Deprecated wrapper for Craft::$app->config->general->securityKey. | craft\services\Security |
hasEventHandlers() |
Returns a value indicating whether there is any handler attached to the named event. | yii\base\Component |
hasMethod() |
Returns a value indicating whether a method is defined. | yii\base\BaseObject |
hasProperty() |
Returns a value indicating whether a property is defined. | yii\base\BaseObject |
hashData() |
Prefixes data with a keyed hash value so that it can later be detected if it is tampered. | craft\services\Security |
hashPassword() |
Hashes a given password with the bcrypt blowfish encryption algorithm. | craft\services\Security |
hkdf() |
Derives a key from the given input key using the standard HKDF algorithm. | yii\base\Security |
init() |
craft\services\Security | |
maskToken() |
Masks a token to make it uncompressible. | yii\base\Security |
off() |
Detaches an existing event handler from this component. | yii\base\Component |
on() |
Attaches an event handler to an event. | yii\base\Component |
pbkdf2() |
Derives a key from the given password using the standard PBKDF2 algorithm. | yii\base\Security |
redactIfSensitive() |
Checks the given key to see if it looks like it contains sensitive info, and if so, redacts the given value. | craft\services\Security |
trigger() |
Triggers an event. | yii\base\Component |
unmaskToken() |
Unmasks a token previously masked by maskToken. |
yii\base\Security |
validateData() |
Validates if the given data is tampered. | craft\services\Security |
validatePassword() |
Verifies a password against a hash. | yii\base\Security |
| Method | Description | Defined By |
|---|---|---|
decrypt() |
Decrypts data. | yii\base\Security |
encrypt() |
Encrypts data. | yii\base\Security |
generateSalt() |
Generates a salt that can be used to generate a password hash. | yii\base\Security |
Property Details
$sensitiveKeywords
public property
#
Keywords used to reference sensitive data
See also redactIfSensitive().
public string[] $sensitiveKeywords = ['key', 'pass', 'password', 'pw', 'secret', 'tok', 'token']Method Details
decryptByKey()
public method
#
Verifies and decrypts data encrypted with encryptByKey().
See also encryptByKey().
public boolean, string decryptByKey ( $data, $inputKey = null, $info = null )$data |
string | The encrypted data to decrypt |
$inputKey |
string, null | The input to use for encryption and authentication |
$info |
string | Optional context and application specific information, see hkdf() |
| return | boolean, string | The decrypted data or false on authentication failure |
|---|
encryptByKey()
public method
#
Encrypts data using a cryptographic key.
Derives keys for encryption and authentication from the input key using HKDF and a random salt, which is very fast relative to encryptByPassword(). The input key must be properly random -- use generateRandomKey() to generate keys. The encrypted data includes a keyed message authentication code (MAC) so there is no need to hash input or output data.
See also:
public string encryptByKey ( $data, $inputKey = null, $info = null )$data |
string | The data to encrypt |
$inputKey |
string, null | The input to use for encryption and authentication |
$info |
string | Optional context and application specific information, see hkdf() |
| return | string | The encrypted data |
|---|
getMinimumPasswordLength()
public method
#
public integer getMinimumPasswordLength ( )
getValidationKey()
public method
#
Deprecated in 3.0.0-beta.27. Use Craft::$app->config->general->securityKey instead.
Deprecated wrapper for Craft::$app->config->general->securityKey.
public string getValidationKey ( )
hashData()
public method
#
Prefixes data with a keyed hash value so that it can later be detected if it is tampered.
There is no need to hash inputs or outputs of encryptByKey() or encryptByPassword() as those methods perform the task.
See also:
public string hashData ( $data, $key = null, $rawHash = false )$data |
string | The data to be protected |
$key |
string, null | The secret key to be used for generating hash. Should be a secure cryptographic key. |
$rawHash |
boolean | Whether the generated hash value is in raw binary format. If false, lowercase hex digits will be generated. |
| return | string | The data prefixed with the keyed hash |
|---|---|---|
| throws | yii\base\Exception | if the validation key could not be written |
| throws | yii\base\InvalidConfigException | when HMAC generation fails. |
hashPassword()
public method
#
Hashes a given password with the bcrypt blowfish encryption algorithm.
public string hashPassword ( \craft\services\string $password, \craft\services\bool $validateHash = false )$password |
string | The string to hash |
$validateHash |
boolean | If you want to validate the just generated hash. Will throw an exception if validation fails. |
| return | string | The hash. |
|---|
init()
public method
#
public void init ( )
redactIfSensitive()
public method
#
Checks the given key to see if it looks like it contains sensitive info, and if so, redacts the given value.
public string, array redactIfSensitive ( \craft\services\string $name, $value )$name |
string | |
$value |
string, array | |
| return | string, array | The possibly-redacted value |
|---|
validateData()
public method
#
Validates if the given data is tampered.
See also hashData().
public string validateData ( $data, $key = null, $rawHash = false )$data |
string | The data to be validated. The data must be previously generated by hashData(). |
$key |
string, null | The secret key that was previously used to generate the hash for the data in hashData(). function to see the supported hashing algorithms on your system. This must be the same as the value passed to hashData() when generating the hash for the data. |
$rawHash |
boolean | This should take the same value as when you generate the data using hashData(). It indicates whether the hash value in the data is in binary format. If false, it means the hash value consists of lowercase hex digits only. hex digits will be generated. |
| return | string | The real data with the hash stripped off. False if the data is tampered. |
|---|---|---|
| throws | yii\base\Exception | if the validation key could not be written |
| throws | yii\base\InvalidConfigException | when HMAC generation fails. |