CakePHP 3 behavior to allow (a)symmetric encryption/decryption of data by the ORM.
Special thanks to security experts @ircmaxell & @voodooKobra for reviewing the work.
USE AT YOUR OWN RISK.
Using Composer:
composer require muffin/crypt
You then need to load the plugin. You can use the shell command:
bin/cake plugin load Muffin/Crypt
or by manually adding statement shown below to bootstrap.php:
Plugin::load('Muffin/Crypt');By default, the behavior will use the Cake\Utility\Security and not decrypt every find operation. Both configuration
could be overridden when setting up the behavior:
$this->addBehavior('Muffin/Crypt.Crypt', [
'fields' => ['cc_number', 'cc_cvv'],
'strategy' => '\Muffin\Crypt\Model\Behavior\Strategy\AsymmetricStrategy',
'implementedEvents' => [
'Model.beforeSave' => 'beforeSave',
'Model.beforeFind' => 'beforeFind',
]
]);If the fields you are encrypting are of a specific type (i.e. POINT), and if specified when configuring the behavior,
the behavior will take care of transforming the data back and forth. If using a custom type, make sure it is added to
your table.
$this->addBehavior('Muffin/Crypt.Crypt', [
'fields' => ['location' => 'point'],
]);- Fork
- Mod, fix
- Test - this is important, so it's not unintentionally broken
- Commit - do not mess with license, todo, version, etc. (if you do change any, bump them into commits of their own that I can ignore when I pull)
- Pull request - bonus point for topic branches
To ensure your PRs are considered for upstream, you MUST follow the CakePHP coding standards.
http://github.com/usemuffin/crypt/issues
Copyright (c) 2017, Use Muffin and licensed under The MIT License.