1. class
  2. Joomla
  3. \
  4. CMS
  5. \
  6. Encrypt
  7. \
  8. AES
  9. \
  10. OpenSSL

OpenSSL

Since: 4.0.0

class OpenSSL extends AbstractAES implements AesInterface

OpenSSL encryption class

Properties

protected int $openSSLOptions

The OpenSSL options for encryption / decryption
protected string $method

The encryption method to use

Methods

null|string
resizeKey(string $key, int $size)

Trims or zero-pads a key / IV

from  AbstractAES
string
getZeroPadding(string $string, int $blockSize)

Returns null bytes to append to the string so that it's zero padded to the specified block size

from  AbstractAES
__construct()

Constructor for this class

mixed
setEncryptionMode(string $mode = 'cbc', int $strength = 128)

Sets the AES encryption mode.

string
encrypt(string $plainText, string $key, null|string $iv = null)

Encrypts a string. Returns the raw binary ciphertext.

string
decrypt(string $cipherText, string $key)

Decrypts a string. Returns the raw binary plaintext.

bool
isSupported()

Is this adapter supported?

int
getBlockSize()

Returns the encryption block size in bytes

Details

null|string resizeKey(string $key, int $size)

Trims or zero-pads a key / IV

Parameters

string $key

The key or IV to treat
int $size

The block size of the currently used algorithm

Return Value

null|string

Null if $key is null, treated string of $size byte length otherwise

protected string getZeroPadding(string $string, int $blockSize)

Returns null bytes to append to the string so that it's zero padded to the specified block size

Parameters

string $string

The binary string which will be zero padded
int $blockSize

The block size

Return Value

string

The zero bytes to append to the string to zero pad it to $blockSize

__construct()

Constructor for this class

mixed setEncryptionMode(string $mode = 'cbc', int $strength = 128)

Sets the AES encryption mode.

WARNING: The strength is deprecated as it has a different effect in MCrypt and OpenSSL. MCrypt was abandoned in 2003 before the Rijndael-128 algorithm was officially the Advanced Encryption Standard (AES). MCrypt also offered Rijndael-192 and Rijndael-256 algorithms with different block sizes. These are NOT used in AES. OpenSSL, however, implements AES correctly. It always uses a 128-bit (16 byte) block. The 192 and 256 bit strengths refer to the key size, not the block size. Therefore using different strengths in MCrypt and OpenSSL will result in different and incompatible ciphertexts.

TL;DR: Always use $strength = 128!

Parameters

string $mode

Choose between CBC (recommended) or ECB
int $strength

Bit strength of the key (128, 192 or 256 bits). DEPRECATED. READ NOTES ABOVE.

Return Value

mixed

string encrypt(string $plainText, string $key, null|string $iv = null)

Encrypts a string. Returns the raw binary ciphertext.

WARNING: The plaintext is zero-padded to the algorithm's block size. You are advised to store the size of the plaintext and trim the string to that length upon decryption.

Parameters

string $plainText

The plaintext to encrypt
string $key

The raw binary key (will be zero-padded or chopped if its size is different than the block size)
null|string $iv

The initialization vector (for CBC mode algorithms)

Return Value

string

The raw encrypted binary string.

string decrypt(string $cipherText, string $key)

Decrypts a string. Returns the raw binary plaintext.

$ciphertext MUST start with the IV followed by the ciphertext, even for EBC data (the first block of data is dropped in EBC mode since there is no concept of IV in EBC).

WARNING: The returned plaintext is zero-padded to the algorithm's block size during encryption. You are advised to trim the string to the original plaintext's length upon decryption. While rtrim($decrypted, "\0") sounds appealing it's NOT the correct approach for binary data (zero bytes may actually be part of your plaintext, not just padding!).

Parameters

string $cipherText

The ciphertext to encrypt
string $key

The raw binary key (will be zero-padded or chopped if its size is different than the block size)

Return Value

string

The raw unencrypted binary string.

bool isSupported()

Is this adapter supported?

Return Value

bool

int getBlockSize()

Returns the encryption block size in bytes

Return Value

int