feat(crypto): AES-256-CBC token encryption via AUTH_KEY
This commit is contained in:
@@ -0,0 +1,36 @@
|
||||
<?php
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace Cf7stg;
|
||||
|
||||
final class Crypto
|
||||
{
|
||||
private const CIPHER = 'AES-256-CBC';
|
||||
|
||||
public static function encrypt(string $plaintext): string
|
||||
{
|
||||
if ($plaintext === '') return '';
|
||||
$key = self::key();
|
||||
$iv = random_bytes(16);
|
||||
$enc = openssl_encrypt($plaintext, self::CIPHER, $key, OPENSSL_RAW_DATA, $iv);
|
||||
if ($enc === false) return '';
|
||||
return base64_encode($iv . $enc);
|
||||
}
|
||||
|
||||
public static function decrypt(string $encoded): ?string
|
||||
{
|
||||
if ($encoded === '') return '';
|
||||
$raw = base64_decode($encoded, true);
|
||||
if ($raw === false || strlen($raw) < 17) return null;
|
||||
$iv = substr($raw, 0, 16);
|
||||
$enc = substr($raw, 16);
|
||||
$plain = openssl_decrypt($enc, self::CIPHER, self::key(), OPENSSL_RAW_DATA, $iv);
|
||||
return $plain === false ? null : $plain;
|
||||
}
|
||||
|
||||
private static function key(): string
|
||||
{
|
||||
$seed = defined('AUTH_KEY') ? AUTH_KEY : 'cf7stg-fallback-seed';
|
||||
return hash_hmac('sha256', 'cf7stg_token', $seed, true);
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user