plenta / contao-encryption
A replacement service for the removed Contao encryption class.
Installs: 516
Dependents: 1
Suggesters: 0
Security: 0
Stars: 4
Watchers: 3
Forks: 0
Open Issues: 2
Type:contao-bundle
Requires
- php: ^7.4 || ^8.0
- contao/core-bundle: ^4.4
- phpseclib/phpseclib: ^3.0.14
Requires (Dev)
- contao/manager-bundle: ^4.4
- contao/test-case: ^4.0.0
- friendsofphp/php-cs-fixer: ^v3.4.0
- phpseclib/phpseclib2_compat: 1.0.4
- phpunit/phpunit: ^9.5.2
- squizlabs/php_codesniffer: ^3.5.4
- symfony/phpunit-bridge: ^4
Conflicts
- contao/manager-plugin: <2.0 || >=3.0
Replaces
- brkwsky/contao-encryption: 2.2.0
README
Contao Encryption
A replacement service for the deprecated Contao encryption class (Contao\Encryption).
Please set an encryption key before using the dca callbacks or encryption services.
Install using Contao Manager
Search for encryption and you will find this extension.
Install using Composer
composer require plenta/contao-encryption
Upgrade to 3.0.0 and above
The underlying phpseclib extension has been upgraded to version 3 since plenta/contao-encryption 3.0.0.
phpseclib 2 used to truncate the encryption key to 56 characters and phpseclib 3 does not truncate the encryption key.
There is a new parameter plenta_contao_encryption.truncate_encryption_key
to keep the extension backwards compatible. The default value is true
. This means the encryption still works like phpseclib2. If you want to use longer encryption keys you have to set the plenta_contao_encryption.truncate_encryption_key
parameter to false
.
If you set the plenta_contao_encryption.truncate_encryption_key
parameter to false
and you have already encrypted data with an encryption key longer then 56 characters on your system you will not be able to decrypt your data.
Encryption Key
Please read this thoroughly otherwise you might lose all your encrypted data!
This extension uses the standard encryption key %kernel.secret%
as default. Symfony recommends changing the %kernel.secret%
periodically. Therefore, it is highly recommended setting a dedicated encryption key for this extension.
Truncate encryption key
phpseclib 2 used to truncate the encryption key to 56 characters and phpseclib 3 does not truncate the encryption key.
The parameter plenta_contao_encryption.truncate_encryption_key
has been introduced in version 3.0.0 to keep the extension backwards compatible.
The default value is true
. This means the encryption still works like phpseclib2. If you want to use longer encryption keys you have to set the plenta_contao_encryption.truncate_encryption_key
parameter to false
.
If you set the plenta_contao_encryption.truncate_encryption_key
parameter to false
and you have already encrypted data with an encryption key longer then 56 characters on your system you will not be able to decrypt your data.
How to set a dedicated encryption key
The config parameter is called encryption_key
and it lives under the namespace plenta_contao_encryption
.
Its value should be a series of characters, numbers and symbols chosen randomly and the recommended length is around 32 characters.
Keep a backup of your encryption key. If you lose it you can not recover your data.
If you want to change the encryption key, you have to decrypt all your encrypted data with the old encryption key and then encrypt it with the new one.
# config/parameters.yaml or config/services.yaml plenta_contao_encryption: encryption_key: 'CharactersNumbersSymbolsAround32CharactersLong' truncate_encryption_key: true
You can also use environment variables.
# config/parameters.yaml or config/services.yaml plenta_contao_encryption: encryption_key: '%env(PLENTA_CONTAO_ENCRYPTION_KEY)%' truncate_encryption_key: true
# .env or .env.local PLENTA_CONTAO_ENCRYPTION_KEY="CharactersNumbersSymbolsAround32CharactersLong"
Example > DCA
// tl_member $GLOBALS['TL_DCA']['tl_member']['fields']['bank_iban'] = [ 'label' => &$GLOBALS['TL_LANG']['tl_member']['bank_iban'], 'exclude' => true, 'inputType' => 'text', 'eval' => [ 'mandatory' => false, 'maxlength' => 32, 'tl_class' => 'w50', 'feEditable' => true, 'feGroup' => 'bank' ], 'load_callback' => [ ['plenta.encryption', 'decrypt'] ], 'save_callback' => [ ['plenta.encryption', 'encrypt'] ], 'sql' => "varchar(32) NOT NULL default ''" ];
Example > Url parameter
$encryptionService = \Contao\System::getContainer()->get('plenta.encryption'); $urlParameter = $encryptionService->encryptUrlSafe('value'); $urlGetParameter = \Contao\Input::get('parameter'); $encryptionService->decryptUrlSafe($urlGetParameter);