Collections functions
General functions
Node functions
Render functions
Theme permission functions
User functions
Resource functions

rsEncrypt()

Parameters

ColumnTypeDefaultDescription
$data
$key

Location

include/encryption_functions.php lines 14 to 50

Definition

 
function rsEncrypt($data$key)
    {
    global 
$scramble_key;

    
/*
    Encrypt-then-MAC (EtM)
    ======================
    PlainText
        |
    Encryption <-- Key
        |_________   |
        |         |  |
        |      HashFunction
        |           |
    --------------------
    | Ciphertext | MAC |
    --------------------
    The plaintext is first encrypted, then a MAC is produced based on the resulting ciphertext.  The ciphertext and its 
    MAC are sent together.
    */
    
$method  "AES-128-CTR";
    
$options OPENSSL_RAW_DATA;
    
$nonce   generateSecureKey(128);

    
// Get 2 derived subkeys, one for message authentication code (MAC) and the other one for encryption/ decryption.
    
$mac_key hash_hmac("sha256""mac_key"$scramble_keytrue);
    
$enc_key hash_hmac("sha256""enc_key"$scramble_keytrue);

    
// Synthetic Initialization Vector (SIV)
    
$siv substr(hash_hmac("sha256""{$nonce}{$scramble_key}{$key}"$mac_keytrue), 016);

    
$cyphertext bin2hex(openssl_encrypt($data$method$enc_key$options$siv));

    
$mac hash_hmac("sha256""{$cyphertext}{$nonce}{$scramble_key}"$mac_key);

    return 
"{$nonce}@@{$cyphertext}@@{$mac}";
    }

This article was last updated 19th March 2024 11:05 Europe/London time based on the source file dated 23rd February 2024 17:00 Europe/London time.