\apex\app\sysencrypt

Encryption Library

Service: apex\services\utils\encrypt

Handles all encryption within Apex including user based two-way AES256 encryption to multiple recipients, basic insecure encryption, RSA key-pair generation, PGP encryption and key management, etc.

This class is available within the services container, meaning its methods can be accessed statically via the service singleton as shown below.

PHP Example

</php

namespace apex;

use apex\app; use apex\services\utils\encrypt;

// Basic encrypt $encrypted = encrypt::encrypt_basic('some plain text', 'mypassword');

// Basic decrypt $text = encrypt::decrypt_basic($encrypted, 'mypassword');

Summary

Methods
Properties
Constants
generate_rsa_keypair()
change_rsa_password()
get_key()
encrypt_user()
decrypt_user()
encrypt_basic()
decrypt_basic()
import_pgp_key()
encrypt_pgp()
get_pgp_key()
reimport_all_pgp_keys()
No public properties found
No constants found
No protected methods found
No protected properties found
N/A
No private methods found
No private properties found
N/A

Methods

generate_rsa_keypair()

generate_rsa_keypair(integer  $userid, string  $type = 'user', string  $password = '') : integer

Generate new RSA key-pair

Parameters

integer $userid

The ID# of the user / admin to create a keypair for.

string $type

The type of user, defaults to 'user'

string $password

The encryption password for the private key. Generally should be the user's login password.

Returns

integer —

The ID# of the encryption key

change_rsa_password()

change_rsa_password(integer  $userid, string  $type, string  $old_password, string  $password) 

Change user RSA password

Change user's RSA password. This will decrypt the user's current RSA private key, and encrypt it again with the new password.

Parameters

integer $userid

The ID# of the user / admin

string $type

The type of user, either 'user' or 'admin'

string $old_password

The old / current password

string $password

The new password

get_key()

get_key(integer  $userid, string  $type = 'user',   $key_type = 'public', string  $password = '') 

Get public / private key from the database

Parameters

integer $userid

The ID# of the user / admin

string $type

The type of user, either 'user' or ad'min, defults to 'user'

$key_type

The type of key to retrieve, either 'public' or 'private', defaults to 'public'

string $password

Only required if $key_type is 'private', and is the password the key is encrypted with

encrypt_user()

encrypt_user(string  $data, array  $recipients) : integer

Encrypt text to one or more users

Parameters

string $data

The data to encrypt

array $recipients

An array of recipients to encrypt the data to (eg. admin:1, user:46, etc.)

Returns

integer —

The ID# of the encrypted data

decrypt_user()

decrypt_user(integer  $data_id, string  $password = '') : string

Decrypt data using ID# of data and key, plus encryption password

Parameters

integer $data_id

The ID# of the data to decrypt

string $password

The decryption password, generally the user's password.

Returns

string —

The decrypted data, or false if not successful.

encrypt_basic()

encrypt_basic(string  $data, string  $password = '') : string

Very basic encryption.

NOTE: Very insecure, and please treat virtually the same as plain text, albiet a tiny fraction better.

Parameters

string $data

The plain text data to encrypt.

string $password

Optional encryption password to use.

Returns

string —

The encrypted text

decrypt_basic()

decrypt_basic(string  $data, string  $password = '') 

Decrypts data that was encrypted via the encrypt_basic() function

Parameters

string $data

The encrypted data to decrypt

string $password

Optional decrypption password that was used to encrypt the data.

import_pgp_key()

import_pgp_key(string  $type, \apex\app\sys\ing  $userid, string  $public_key) : mixed

Import public PGP key

Parameters

string $type

The user type (user / admin).

\apex\app\sys\ing $userid

The ID# of the user.

string $public_key

The public PGP key

Returns

mixed —

If unsuccessful, return false. Otherwise, returns the fingerprint of the PGP key.

encrypt_pgp()

encrypt_pgp(string  $message, array  $recipients) : string

Encrypt a PGP message to one or more recipients

Parameters

string $message

The plain text message to encrypt.

array $recipients

The recipients to engry message to, formatted in standard Apex format (eg. user:54, admin:1, etc.)

Returns

string —

The encrypted PGP message

get_pgp_key()

get_pgp_key(string  $type, integer  $userid, string  $key_type = 'fingerprint') : string

Get a PGP key from the database

Parameters

string $type

The type of user (user / admin)

integer $userid

The ID# of the user

string $key_type

The type of key to return (fingerprint or public_key)

Returns

string —

The fingerprint or full PGP key of the user

reimport_all_pgp_keys()

reimport_all_pgp_keys() 

Reimport all PGP keys

Reimport all PGP keys from the database into gnupg on the server. This is used when transferring the system to a new server, as all PGP keys in the database must be imported into gnupg to encrypt messages to them.