Coding standards
Security in ResourceSpace
Developer reference
Database
Action functions
Admin functions
Ajax functions
Annotation functions
API functions
Collections functions
Comment functions
Config functions
CSV export functions
Dash functions
Debug functions
Encryption functions
Facial recognition functions
File functions
General functions
Language functions
Log functions
Login functions
Message functions
Migration functions
Node functions
PDF functions
Plugin functions
Render functions
Reporting functions
Request functions
Research functions
Slideshow functions
Theme permission functions
User functions
Video functions
Database functions
Metadata functions
Resource functions
Search functions
Map functions
Job functions
Tab functions
Test functions

rsEncrypt()

Parameters

ColumnTypeDefaultDescription
$data
$key
$keylength 128

Location

include/encryption_functions.php lines 15 to 51

Definition

 
function rsEncrypt($data$key$keylength=128)
    {
    global 
$scramble_key;

    
/*
    Encrypt-then-MAC (EtM)
    ======================
    PlainText
        |
    Encryption <-- Key
        |_________   |
        |         |  |
        |      HashFunction
        |           |
    --------------------
    | Ciphertext | MAC |
    --------------------
    The plaintext is first encrypted, then a MAC is produced based on the resulting ciphertext.  The ciphertext and its 
    MAC are sent together.
    */
    
$method  "AES-128-CTR";
    
$options OPENSSL_RAW_DATA;
    
$nonce   generateSecureKey($keylength);

    
// Get 2 derived subkeys, one for message authentication code (MAC) and the other one for encryption/ decryption.
    
$mac_key hash_hmac("sha256""mac_key"$scramble_keytrue);
    
$enc_key hash_hmac("sha256""enc_key"$scramble_keytrue);

    
// Synthetic Initialization Vector (SIV)
    
$siv substr(hash_hmac("sha256""{$nonce}{$scramble_key}{$key}"$mac_keytrue), 016);

    
$cyphertext bin2hex(openssl_encrypt($data$method$enc_key$options$siv));

    
$mac hash_hmac("sha256""{$cyphertext}{$nonce}{$scramble_key}"$mac_key);

    return 
"{$nonce}@@{$cyphertext}@@{$mac}";
    }

This article was last updated 11th December 2024 20:35 Europe/London time based on the source file dated 1st October 2024 08:15 Europe/London time.