aware/doctrine-encrypt-bundle

Encrypted symfony entity's by verified and standardized libraries

Installs: 103

Dependents: 0

Suggesters: 0

Security: 0

Type:symfony-bundle

5.1.1 2020-02-12 09:24 UTC

README

This is an fork from the original bundle created by ambta which can be found here:

michaeldegroot/doctrine-encrypt-bundle

ambta/DoctrineEncryptBundle

This bundle has updated security by not rolling it's own encryption and using verified standardized library's from the field.

ambta/DoctrineEncryptBundle is not secured, It uses old crypto functions and programming mistakes like supplying a IV in ECB mode (which does nothing)

Using Halite

All deps are already installed with this package

// Config.yml
ambta_doctrine_encrypt:
    encryptor_class: Halite

Using Defuse

You will need to require Defuse yourself

composer require "defuse/php-encryption ^2.0"

// Config.yml
ambta_doctrine_encrypt:
    encryptor_class: Defuse

Using AES128

No IV = less secure

// Config.yml
ambta_doctrine_encrypt:
    encryptor_class: SSL

Secret key

Secret key is generated if there is no key found. This is automatically generated and stored in the folder defined in the configuration

// Config.yml
ambta_doctrine_encrypt:
    secret_directory_path: '%kernel.project_dir%'   # Default value

Filename example: .DefuseEncryptor.key or .HaliteEncryptor.key or .SSL.key

Do not forget to add these files to your .gitignore file, you do not want this on your repository!

Documentation