37 lines
1.1 KiB
PHP
37 lines
1.1 KiB
PHP
<?php
|
|
declare(strict_types=1);
|
|
|
|
namespace Cf7stg;
|
|
|
|
final class Crypto
|
|
{
|
|
private const CIPHER = 'AES-256-CBC';
|
|
|
|
public static function encrypt(string $plaintext): string
|
|
{
|
|
if ($plaintext === '') return '';
|
|
$key = self::key();
|
|
$iv = random_bytes(16);
|
|
$enc = openssl_encrypt($plaintext, self::CIPHER, $key, OPENSSL_RAW_DATA, $iv);
|
|
if ($enc === false) return '';
|
|
return base64_encode($iv . $enc);
|
|
}
|
|
|
|
public static function decrypt(string $encoded): ?string
|
|
{
|
|
if ($encoded === '') return '';
|
|
$raw = base64_decode($encoded, true);
|
|
if ($raw === false || strlen($raw) < 17) return null;
|
|
$iv = substr($raw, 0, 16);
|
|
$enc = substr($raw, 16);
|
|
$plain = openssl_decrypt($enc, self::CIPHER, self::key(), OPENSSL_RAW_DATA, $iv);
|
|
return $plain === false ? null : $plain;
|
|
}
|
|
|
|
private static function key(): string
|
|
{
|
|
$seed = defined('AUTH_KEY') ? AUTH_KEY : 'cf7stg-fallback-seed';
|
|
return hash_hmac('sha256', 'cf7stg_token', $seed, true);
|
|
}
|
|
}
|