The encryption and decryption of yii2
- By Preneesh AV --
- 29-Oct-2019 --
- 171 Comments
In yii2, the library that manages encryption and decryption is called Security, which exists in the form of yii2 components, so you can obtain and use it through Yii:: $app – > security.
The source code location of the Security component is as follows
vendor/yiisoft/yii2/base/Security.phpThe Security component has 15 common methods related to encryption and decryption (& encoding), so let’s start with a list.
- encryptByPassword
- encryptByKey
- decryptByPassword
- decryptByKey
- hkdf
- pbkdf2
- hashData
- validateData
- generateRandomKey
- generateRandomString
- generatePasswordHash
- validatePassword
- compareString
- maskToken
- unmaskToken
I guess you haven’t seen some of them. That’s all right. Let’s get to know them.
generateRandomString
Why do you say it first?generateRandomStringBecause it’s the most commonly used, at least I do.
publicfunction generateRandomString($length =32){...}Generate a random string with the parameter $length representing the length of the string by default of 32 bits. It is worth noting that the value range of this string is [A-Za-z0-9_-].
generatePasswordHash & validatePassword
GeneePasswordHash & validatePassword is often used to encrypt user passwords and verify the correctness of passwords. Since MD5 may be collided, when we develop applications with yii2, the generatePasswordHash function is the preferred function to encrypt passwords. It calls crypt function.
The general usage is as follows
// Use generatePasswordHash to encrypt the user's password, $hash is stored in the library$hash =Yii::$app->getSecurity()->generatePasswordHash($password);// Validate passwords using validatePasswordif(Yii::$app->getSecurity()->validatePassword($password, $hash)){// Correct password}else{// Password error}generateRandomKey
andgenerateRandomStringSimilarly, a random string is generated with a length of 32 bits by default. The difference is thatgenerateRandomKeyThe ASCII is not generated.
To put it simplygenerateRandomStringAbout equal to base64_encode(generateRandomKey)。
encryptByPassword & decryptByPassword
The encoding and decoding function uses a secret key to encode the data, and then decodes the encoding data through the secret key.
Example
$dat =Yii::$app->security->encryptByPassword("hello","3166886");echo Yii::$app->security->encryptByPassword($dat,"3166886");// helloIt should be noted that the encoding data obtained above is not ASCII, and can be wrapped under the outer layer through base64_encode and base64_decode.
encryptByKey & decryptByKey
It’s also a set of coding and decoding functions that are faster than using passwords. The function is declared as
publicfunction encryptByKey($data, $inputKey, $info =null){}publicfunction decryptByKey($data, $inputKey, $info =null){}There is a third parameter in encryptByKey & decryptByKey, for example, we can pass the ID of the member, so this information will be used together with $inputKey as the key to encryption and decryption.
hkdf
The standard HKDF algorithm is used to derive a key from a given input key.The hash_hkdf method is used in PHP 7+, and the hash_hmac method is used in PHP 7+.
pbkdf2
The standard PBKDF2 algorithm is used to derive a key from a given password. This method can be used for cryptographic encryption, but yii2 has a better cryptographic schemegeneratePasswordHash。
HashData and validateData
Sometimes in order to prevent tampering with the content, we need to tag the data, hashData and validateData are the combination of this task.
hashDataUsed for raw dataAdd data prefixFor example, the following code
$result =Yii::$app->security->hashData("hello",'123456',false);// ac28d602c767424d0c809edebf73828bed5ce99ce1556f4df8e223faeec60eddhelloYou see an additional set of characters in front of hello, which will vary with the original data. So we made a special tamper-proof tag for the data, and then validateData came on.
Note: The third parameter of hashData represents whether the generated hash value is in the original binary format.falseA lower-case hexadecimal number is generated.
validateDataCheck the data that has been prefixed with the following code
