wtframework / security
What the Framework?! security
Requires
- php: ^8.2
- wtframework/config: ^0.1
Requires (Dev)
- pestphp/pest: ^2.29
README
Installation
composer require wtframework/security
Documentation
Configuration
Use the Config library to set the security configuration settings.
use WTFramework\Config\Config; Config::set([ 'security' => [ 'encryption_key' => 'ec5964323dc239ab63417a0f98ff1eef', // openssl rand -hex 16 'hash_salt' => 'f93101e3a5f4f09f8c1a9ac0f9301c6e', // openssl rand -hex 16 'password_pepper' => '2429fc585eef890c13e2c5307dcb02f23d8d83ea86740d864a6e79e2a7613cd1a95efd42', // openssl rand -hex 36 ], ]);
Settings:
security
The root security setting.
security.password_pepper
The application wide salt to append to every password.
security.password_algorithm
The password_hash
algorithm. The default is PASSWORD_DEFAULT
.
security.password_options
The password_hash
options. The default is ['cost' => 12]
.
security.encryption_key
The openssl_encrypt
passphrase.
security.encryption_algorithm
The openssl_encrypt
cipher method. The default is aes-128-gcm
.
security.encryption_options
The openssl_encrypt
options. The default is 0
.
security.hash_salt
The hash_pbkdf2
salt.
security.hash_algorithm
The hash_pbkdf2
hashing algorithm. The default is sha3-512
.
security.hash_iterations
The hash_pbkdf2
iterations. The default is 10000
.
WTFramework\Security\Password
Hash a password:
use WTFramework\Security\Password; $hash = Password::hash('password');
Verify a hashed password:
if (Password::verify('password', $hash)) { // ... }
Check to see if the password needs to be rehashed:
if (Password::needsRehash($hash)) { // ... }
WTFramework\Security\Crypt
Encrypt text:
use WTFramework\Security\Crypt; $encrypted = Crypt::encrypt('text');
Decrypt text:
$text = Crypt::decrypt($encrypted);
Hash text:
$hashed = Crypt::hash('text');
Generate a version 4 UUID:
$uuid = Crypt::uuid();