I have some questions about the Encrypt class from Laravel. I am hoping somebody could answer them.
It's mostly about the encrypt method on line 70 here:
public function encrypt($value)
{
$iv = random_bytes(16);
$value = \openssl_encrypt(
serialize($value), $this->cipher, $this->key, 0, $iv
);
if ($value === false) {
throw new EncryptException('Could not encrypt the data.');
}
$mac = $this->hash($iv = base64_encode($iv), $value);
$json = json_encode(compact('iv', 'value', 'mac'));
if (! is_string($json)) {
throw new EncryptException('Could not encrypt the data.');
}
return base64_encode($json);
}
I have learned about openssl_encrypt and it seems like a good fit for a personal use case. I have made encrypt and decrypt methods using it.
The Laravel does a whole lot more than simply encrypting though.
-
Why does laravel serialize the value on encryption? If it's always a string that this method takes what is the advantages of serializing the data?
-
Why is base64_encode being used here?
-
Why are the values json_encoded? Is this used to keep a clean array or for other intents as well? Currently in my class's
encrypt()method I simply concat the encrypted$valueand$iv(Initialization vector). On decrypt I break them apart again. -
Won't the openssl_encrypt throw already throw an exception when it can not encrypt data? Why is the return value checked if this is the case?
If somebody could take a minute to take a look at the github repo on the specified line I would be really happy.
Cheers!
via Chebli Mohamed
Aucun commentaire:
Enregistrer un commentaire