Home > Article > PHP Framework > What is laravel's encryption method?
Laravel's encryption method: 1. Use Hash, syntax "bcrypt('Text that needs to be encrypted')" or "Hash::make('Text that needs to be encrypted')"; 2. Use Laravel's encryption The syntax is "encrypt('Text that needs to be encrypted')".
The operating environment of this tutorial: Windows 7 system, Laravel 6 version, DELL G3 computer.
Hash
##Laravel's Hash provides secure Bcrypt for storing user passwords and Argon2 hash algorithm. Note: Bcrypt is an excellent choice for hashing passwords because its "work factor" is adjustable, which means that as the hardware capabilities increase, the time spent generating the hash will also increase.Configuration
Apply the default hash driver configuration in the configuration file config/hashing.php. Currently, two drivers are supported: Bcrypt and Argon2. Note: The Argon2i driver requires PHP 7.2.0 or higher, and the Argon2id driver requires PHP 7.3.0 or higher.The first one
bcrypt('admin888')
The second one
use Illuminate\Support\Facades\Hash; $pwd = Hash::make('admin888'); //加密存储Verification method
if (Hash::check('qwe123456', $pwd)) { // 密码匹配... } public function login() { $credentials = request(['email', 'password']); if (! $token = auth('api')->attempt($credentials)) { return response()->json(['error' => 'Unauthorized'], 401); } return $this->respondWithToken($token); }
Encryption
Laravel's cipher uses OpenSSL to provide AES-256 and AES-128 encryption. It is strongly recommended to use Laravel's own encryption settings and do not try to introduce your own "homegrown" encryption algorithm. All Laravel encrypted values are signed using a Message Authorization Code (MAC) so that the underlying value cannot be modified once encrypted.Configuration
Before using Laravel's encryptor, the key option must be set to a 32-bit random string in the configuration file config/app.php. This key can be generated using the php artisan key:generate command, which uses PHP's secure random byte generator to construct the key's value. If this value is not set, all Laravel-encrypted values are insecure.Encryption
You can encrypt data using the helper function encrypt, all encrypted values are encrypted using OpenSSL and AES-256-CBC cipher. Additionally, all encrypted values are signed with a Message Authentication Code (MAC) to prevent any modification of the encrypted string.encrypt('密码')Encryption without serializationEncrypted values will be processed by the serialization function serialize during encryption, allowing encryption of objects and arrays. Therefore, encrypted data received by non-PHP clients needs to be unserialized. If you want to encrypt and decrypt data without serialization, you can use the encryptString and decryptString methods provided by the Crypt facade:
use Illuminate\Support\Facades\Crypt; $encrypted = Crypt::encryptString('Hello world.'); $decrypted = Crypt::decryptString($encrypted);
Decryption
You can use the auxiliary function decrypt to decrypt encrypted data. If the value cannot be decrypted, for example, the MAC is invalid, an Illuminate\Contracts\Encryption\DecryptException will be thrown:use Illuminate\Contracts\Encryption\DecryptException; try { $decrypted = decrypt($encryptedValue); } catch (DecryptException $e) { // }
Related recommendations:
The above is the detailed content of What is laravel's encryption method?. For more information, please follow other related articles on the PHP Chinese website!