PHPSecureSession\SecureHandler::decrypt PHP Method

SecureHandler Class Documentation Show file Open project: ezimuel/php-secure-session

decrypt() protected method

Authenticate and decrypt

protected decrypt ( string $data, string $key ) : string
$data	string
$key	string
return	string

    protected function decrypt($data, $key)
    {
        $hmac = mb_substr($data, 0, 32, '8bit');
        $iv = mb_substr($data, 32, 16, '8bit');
        $ciphertext = mb_substr($data, 48, null, '8bit');
        // Authentication
        $hmacNew = hash_hmac('SHA256', $iv . $ciphertext, mb_substr($key, 32, null, '8bit'), true);
        if (!$this->hash_equals($hmac, $hmacNew)) {
            throw new \RuntimeException('Authentication failed');
        }
        // Decrypt
        return openssl_decrypt($ciphertext, 'AES-256-CBC', mb_substr($key, 0, 32, '8bit'), OPENSSL_RAW_DATA, $iv);
    }

SecureHandler

__construct

decrypt

encrypt

getKey

hash_equals

open

read

write