Moodle APIs 4.3
Moodle 4.3.6 (Build: 20240812)
core\encryption Class Reference

Class used to encrypt or decrypt data. More...

Static Public Member Functions

static create_key (?string $method=null, bool $chmod=true)
 Creates a key for the server.
 
static decrypt (string $data)
 Decrypts data using the server's key.
 
static encrypt (string $data, ?string $method=null)
 Encrypts data using the server's key.
 
static get_key_file (?string $method=null)
 Gets the file path used to store the secret key.
 
static is_sodium_installed ()
 Checks if Sodium is installed.
 
static key_exists (?string $method=null)
 Checks if there is a key file.
 

Public Attributes

string const METHOD_OPENSSL = 'openssl-aes-256-ctr'
 Encryption method: hand-coded OpenSSL (less safe)
 
string const METHOD_SODIUM = 'sodium'
 Encryption method: Sodium.
 
string const OPENSSL_CIPHER = 'AES-256-CTR'
 OpenSSL cipher method.
 

Static Protected Member Functions

static get_encryption_method ()
 Gets the encryption method to use.
 
static get_iv_length (string $method)
 Gets the length in bytes of the initial values data required.
 
static get_key (?string $method=null)
 Gets the current key, automatically creating it if there isn't one yet.
 
static get_key_folder ()
 Gets the folder used to store the secret key.
 

Detailed Description

Class used to encrypt or decrypt data.

License
http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later

Member Function Documentation

◆ create_key()

static core\encryption::create_key ( ?string $method = null,
bool $chmod = true )
static

Creates a key for the server.

Note we currently retain support for all methods, in order to decrypt legacy {

See also
METHOD_OPENSSL} content
Parameters
string | null$methodEncryption method (only if you want to create a non-default key)
bool$chmodIf true, restricts the file access of the key
Exceptions
moodle_exceptionIf the server already has a key, or there is an error

◆ decrypt()

static core\encryption::decrypt ( string $data)
static

Decrypts data using the server's key.

The decryption works with either supported method.

Note currently we retain support for all methods, in order to decrypt legacy {

See also
METHOD_OPENSSL} content
Parameters
string$dataData to decrypt
Return values
stringDecrypted data

◆ encrypt()

static core\encryption::encrypt ( string $data,
?string $method = null )
static

Encrypts data using the server's key.

Note there is a special case - the empty string is not encrypted.

Parameters
string$dataData to encrypt, or empty string for no data
string | null$methodEncryption method (only if you want to use a non-default method)
Return values
stringEncrypted data, or empty string for no data
Exceptions
moodle_exceptionIf the key doesn't exist, or the string is too long

◆ get_encryption_method()

static core\encryption::get_encryption_method ( )
staticprotected

Gets the encryption method to use.

Return values
stringCurrent encryption method

◆ get_iv_length()

static core\encryption::get_iv_length ( string $method)
staticprotected

Gets the length in bytes of the initial values data required.

Note we currently retain support for all methods, in order to decrypt legacy {

See also
METHOD_OPENSSL} content
Parameters
string$methodCrypto method
Return values
intLength in bytes

◆ get_key()

static core\encryption::get_key ( ?string $method = null)
staticprotected

Gets the current key, automatically creating it if there isn't one yet.

Parameters
string | null$methodEncryption method (only if you want to get a non-default key)
Return values
stringThe key (binary)
Exceptions
moodle_exceptionIf there isn't one already (and creation is disabled)

◆ get_key_file()

static core\encryption::get_key_file ( ?string $method = null)
static

Gets the file path used to store the secret key.

The filename contains the cipher method, so that if necessary to transition in future it would be possible to have multiple.

Parameters
string | null$methodEncryption method (only if you want to get a non-default key)
Return values
stringFull path to file

◆ get_key_folder()

static core\encryption::get_key_folder ( )
staticprotected

Gets the folder used to store the secret key.

Return values
stringFolder path

◆ is_sodium_installed()

static core\encryption::is_sodium_installed ( )
static

Checks if Sodium is installed.

Return values
boolTrue if the Sodium extension is available
Deprecated
since Moodle 4.3 Sodium is always present

◆ key_exists()

static core\encryption::key_exists ( ?string $method = null)
static

Checks if there is a key file.

Parameters
string | null$methodEncryption method (only if you want to check a non-default key)
Return values
boolTrue if there is a key file

Member Data Documentation

◆ METHOD_OPENSSL

string const core\encryption::METHOD_OPENSSL = 'openssl-aes-256-ctr'

Encryption method: hand-coded OpenSSL (less safe)

Deprecated

◆ OPENSSL_CIPHER

string const core\encryption::OPENSSL_CIPHER = 'AES-256-CTR'

OpenSSL cipher method.

Deprecated

The documentation for this class was generated from the following file: