Encryption

Introduction

Laravel's encryption services provide a simple, convenient interface for encrypting and decrypting text via OpenSSL using AES-256 and AES-128 encryption. All of Laravel's encrypted values are signed using a message authentication code (MAC) so that their underlying value can not be modified or tampered with once encrypted.

Configuration

Before using Laravel's encrypter, you must set the key configuration option in your config/app.php configuration file. This configuration value is driven by the APP_KEY environment variable. You should use the php artisan key:generate command to generate this variable's value since the key:generate command will use PHP's secure random bytes generator to build a cryptographically secure key for your application. Typically, the value of the APP_KEY environment variable will be generated for you during Laravel's installation.

Using the Encrypter

Encrypting a Value

You may encrypt a value using the encryptString method provided by the Crypt facade. All encrypted values are encrypted using OpenSSL and the AES-256-CBC cipher. Furthermore, all encrypted values are signed with a message authentication code (MAC). The integrated message authentication code will prevent the decryption of any values that have been tampered with by malicious users:

1<?php
2 
3namespace App\Http\Controllers;
4 
5use Illuminate\Http\RedirectResponse;
6use Illuminate\Http\Request;
7use Illuminate\Support\Facades\Crypt;
8 
9class DigitalOceanTokenController extends Controller
10{
11 /**
12 * Store a DigitalOcean API token for the user.
13 */
14 public function store(Request $request): RedirectResponse
15 {
16 $request->user()->fill([
17 'token' => Crypt::encryptString($request->token),
18 ])->save();
19 
20 return redirect('/secrets');
21 }
22}
1<?php
2 
3namespace App\Http\Controllers;
4 
5use Illuminate\Http\RedirectResponse;
6use Illuminate\Http\Request;
7use Illuminate\Support\Facades\Crypt;
8 
9class DigitalOceanTokenController extends Controller
10{
11 /**
12 * Store a DigitalOcean API token for the user.
13 */
14 public function store(Request $request): RedirectResponse
15 {
16 $request->user()->fill([
17 'token' => Crypt::encryptString($request->token),
18 ])->save();
19 
20 return redirect('/secrets');
21 }
22}

Decrypting a Value

You may decrypt values using the decryptString method provided by the Crypt facade. If the value can not be properly decrypted, such as when the message authentication code is invalid, an Illuminate\Contracts\Encryption\DecryptException will be thrown:

1use Illuminate\Contracts\Encryption\DecryptException;
2use Illuminate\Support\Facades\Crypt;
3 
4try {
5 $decrypted = Crypt::decryptString($encryptedValue);
6} catch (DecryptException $e) {
7 // ...
8}
1use Illuminate\Contracts\Encryption\DecryptException;
2use Illuminate\Support\Facades\Crypt;
3 
4try {
5 $decrypted = Crypt::decryptString($encryptedValue);
6} catch (DecryptException $e) {
7 // ...
8}

Comments

No Comments Yet

“Laravel” is a Trademark of Taylor Otwell.
The source documentation is released under MIT license. See laravel/docs on GitHub for details.
The translated documentations are released under MIT license. See cornch/laravel-docs-l10n on GitHub for details.