Laravel Encryption

しかしdocumentの量多いな
これlaravel開発者が作ってるんだろうか。まあ、関わってることは確かだな。そう思うとテンションがあがります。

Introduction
Laravel’s encrypter uses OpenSSL to provide AES-256 and AES-128 encryption. You are strongly encouraged to use Laravel’s built-in encryption facilities and not attempt to roll your own “home grown” encryption algorithms. All of Laravel’s encrypted values are signed using a message authentication code (MAC) so that their underlying value can not be modified once encrypted.
AES-256:AES(Advanced Encryption Standard)と呼ばれる暗号化方式のうち、256ビット長の暗号鍵を使用する方式
AES-128:Advanced Encryption Standard (AES) は、DESに代わる新しい標準暗号となる共通鍵暗号アルゴリズム

暗号化は少し勉強したけど、この分野、奥がすげー深いからな。片足踏み入れると抜け出せなくなる。

Configuration
Before using Laravel’s encrypter, you must set a key option in your config/app.php configuration file. You should use the php artisan key:generate command to generate this key since this Artisan command will use PHP’s secure random bytes generator to build your key. If this value is not properly set, all values encrypted by Laravel will be insecure.
linuxの公開鍵、秘密鍵の仕組みと似てる。

Using The Encrypter
Encrypting A Value
You may encrypt a value using the encrypt helper. All encrypted values are encrypted using OpenSSL and the AES-256-CBC cipher. Furthermore, all encrypted values are signed with a message authentication code (MAC) to detect any modifications to the encrypted string:

namespace App\Http\Controllers;

use App\User;
use Illuminate\Http\Request;
use App\Http\Controllers\Controller;

class UserController extends Controller
{
    /**
     * Store a secret message for the user.
     *
     * @param  Request  $request
     * @param  int  $id
     * @return Response
     */
    public function storeSecret(Request $request, $id)
    {
        $user = User::findOrFail($id);

        $user->fill([
            'secret' => encrypt($request->secret)
        ])->save();
    }
}

encrypt($request->secret)って関数があるから、encryptって作ってるんだろうな。凄い。

Encrypting Without Serialization
Encrypted values are passed through serialize during encryption, which allows for encryption of objects and arrays. Thus, non-PHP clients receiving encrypted values will need to unserialize the data. If you would like to encrypt and decrypt values without serialization, you may use the encryptString and decryptString methods of the Crypt facade:

use Illuminate\Support\Facades\Crypt;

$encrypted = Crypt::encryptString('Hello world.');
$decrypted = Crypt::decryptString($encrypted);

encryptとdecrptってなんだっけ。これ、encode, decodeみたいなもん?

Decrypting A Value
You may decrypt values using the decrypt helper. If the value can not be properly decrypted, such as when the MAC is invalid, an Illuminate\Contracts\Encryption\DecryptException will be thrown:

use Illuminate\Contracts\Encryption\DecryptException;

try {
    $decrypted = decrypt($encryptedValue);
} catch (DecryptException $e) {
    //
}

暗号化って、アプリケーションの中でどう使うかですな。
セキュアな通信に使いたいのはわかるが、アプリケーション内でdecrypt, cryptするイメージが湧かない。