ICrypto

interface OCP\Security\ICrypto
Class Crypto provides a high-level encryption layer using AES-CBC. If no key has been provided
it will use the secret defined in config.php as key. Additionally the message will be HMAC’d.
Usage:
$encryptWithDefaultPassword = \OC::$server->getCrypto()->encrypt(‘EncryptedText’);
$encryptWithCustomPassword = \OC::$server->getCrypto()->encrypt(‘EncryptedText’, ‘password’);
Implemented by:OC\Security\Crypto
Source:lib/public/Security/ICrypto.php#40

Methods

public OCP\Security\ICrypto::calculateHMAC($message, $password="")
Source:

lib/public/Security/ICrypto.php#48

Parameters:
  • $message (string) The message to authenticate
  • $password (string) Password to use (defaults to secret in config.php)
Returns:

string Calculated HMAC

Since:

8.0.0

public OCP\Security\ICrypto::encrypt($plaintext, $password="")
Encrypts a value and adds an HMAC (Encrypt-Then-MAC)
Source:

lib/public/Security/ICrypto.php#57

Parameters:
  • $plaintext (string)
  • $password (string) Password to encrypt, if not specified the secret from config.php will be taken
Returns:

string Authenticated ciphertext

Since:

8.0.0

public OCP\Security\ICrypto::decrypt($authenticatedCiphertext, $password="")
Decrypts a value and verifies the HMAC (Encrypt-Then-Mac)
Source:

lib/public/Security/ICrypto.php#68

Parameters:
  • $authenticatedCiphertext (string)
  • $password (string) Password to encrypt, if not specified the secret from config.php will be taken
Returns:

string plaintext

Throws:

\Exception If the HMAC does not match

Throws:

\Exception If the decryption failed

Throws:

\Exception If the HMAC does not match

Throws:

\Exception If the decryption failed

Since:

8.0.0