Encryption

Configuration

Before using Lumens's encrypter, you should set the APP_KEY option of your .env file to a 32 character, random string. If this value is not properly set, all values encrypted by Lumen will be insecure.

Basic Usage

Encrypting A Value

You may encrypt a value using the Crypt facade. All encrypted values are encrypted using OpenSSL and the AES-256-CBC cipher. Furthermore, all encrypted values are signed with a message authentication code (MAC) to detect any modifications to the encrypted string.

For example, we may use the encrypt method to encrypt a secret and store it on an Eloquent model:

  1. <?php
  3. namespace App\Http\Controllers;
  5. use App\User;
  6. use Illuminate\Http\Request;
  7. use Illuminate\Support\Facades\Crypt;
  9. class UserController extends Controller
  10. {
  11.     /**
  12.      * Store a secret message for the user.
  13.      *
  14.      * @param  Request  $request
  15.      * @param  int  $id
  16.      * @return Response
  17.      */
  18.     public function storeSecret(Request $request, $id)
  19.     {
  20.         $user = User::findOrFail($id);
  22.         $user->fill([
  23.             'secret' => Crypt::encrypt($request->secret)
  24.         ])->save();
  25.     }
  26. }

Decrypting A Value

Of course, you may decrypt values using the decrypt method on the Crypt facade. If the value can not be properly decrypted, such as when the MAC is invalid, an Illuminate\Contracts\Encryption\DecryptException will be thrown:

  1. use Illuminate\Contracts\Encryption\DecryptException;
  3. try {
  4.     $decrypted = Crypt::decrypt($encryptedValue);
  5. } catch (DecryptException $e) {
  6.     //
  7. }