Encryption

Introduction
Configuration
Using The Encrypter

Introduction

Laravel's encrypter uses OpenSSL to provide AES-256 and AES-128 encryption. You are strongly encouraged to use Laravel's built-in encryption facilities and not attempt to roll your own "home grown" encryption algorithms. All of Laravel's encrypted values are signed using a message authentication code (MAC) so that their underlying value can not be modified once encrypted.

Configuration

Before using Laravel's encrypter, you must set a key option in your config/app.php configuration file. You should use the php artisan key:generate command to generate this key since this Artisan command will use PHP's secure random bytes generator to build your key. If this value is not properly set, all values encrypted by Laravel will be insecure.

Using The Encrypter

Encrypting A Value

You may encrypt a value using the encrypt helper. All encrypted values are encrypted using OpenSSL and the AES-256-CBC cipher. Furthermore, all encrypted values are signed with a message authentication code (MAC) to detect any modifications to the encrypted string:

 1<?php
 2 
 3namespace App\Http\Controllers;
 4 
 5use App\User;
 6use Illuminate\Http\Request;
 7use App\Http\Controllers\Controller;
 8 
 9class UserController extends Controller
10{
11    /**
12     * Store a secret message for the user.
13     *
14     * @param  Request  $request
15     * @param  int  $id
16     * @return Response
17     */
18    public function storeSecret(Request $request, $id)
19    {
20        $user = User::findOrFail($id);
21 
22        $user->fill([
23            'secret' => encrypt($request->secret)
24        ])->save();
25    }
26}

<?php

namespace App\Http\Controllers;

use App\User;
use Illuminate\Http\Request;
use App\Http\Controllers\Controller;

class UserController extends Controller
{
    /**
     * Store a secret message for the user.
     *
     * @param  Request  $request
     * @param  int  $id
     * @return Response
     */
    public function storeSecret(Request $request, $id)
    {
        $user = User::findOrFail($id);

        $user->fill([
            'secret' => encrypt($request->secret)
        ])->save();
    }
}

Encrypting Without Serialization

Encrypted values are passed through serialize during encryption, which allows for encryption of objects and arrays. Thus, non-PHP clients receiving encrypted values will need to unserialize the data. If you would like to encrypt and decrypt values without serialization, you may use the encryptString and decryptString methods of the Crypt facade:

1use Illuminate\Support\Facades\Crypt;
2 
3$encrypted = Crypt::encryptString('Hello world.');
4 
5$decrypted = Crypt::decryptString($encrypted);

use Illuminate\Support\Facades\Crypt;

$encrypted = Crypt::encryptString('Hello world.');

$decrypted = Crypt::decryptString($encrypted);

Decrypting A Value

You may decrypt values using the decrypt helper. If the value can not be properly decrypted, such as when the MAC is invalid, an Illuminate\Contracts\Encryption\DecryptException will be thrown:

1use Illuminate\Contracts\Encryption\DecryptException;
2 
3try {
4    $decrypted = decrypt($encryptedValue);
5} catch (DecryptException $e) {
6    //
7}

use Illuminate\Contracts\Encryption\DecryptException;

try {
    $decrypted = decrypt($encryptedValue);
} catch (DecryptException $e) {
    //
}

Prologue

Getting Started

Architecture Concepts

The Basics

Frontend

Security

Digging Deeper

Database

Eloquent ORM

Testing

Official Packages

Encryption

Introduction

Configuration

Using The Encrypter

Encrypting A Value

Encrypting Without Serialization

Decrypting A Value

On this page

Products

Packages

Resources

Partners