Basic Understanding of Laravel Encryption

1 1,436

In this article, we will discuss Laravel Encryption in brief. Laravel provides an easy and simple way to work with Encryption. Laravel built-in encrypters use OpenSSL to provide two type of encryptions AES-256 and AES-128.

I’m recommending you to use Laravel built-in encryption. You don’t need to invest time to make your own encryption algorithms.

Prerequisites

We have to set a key option in our config/app.php file. But it’s not a good idea to set this key manually. You can use the artisan command to generate this key.

php artisan key:generate

Above mention, artisan command uses the PHP secure random bytes generator to create a key. After executing the command, this will update our “.env” file. If the key value is not properly set, then encrypted values by Laravel will be insecure.

Using the Encryption

I’m creating an example to show you, how to encrypt an integer value. After that, how to decrypt the encrypted value.

Encryption

Let’s start with creating a controller using the following artisan command.

php artisan make:controller EncryptController

In the newly created controller, we make a function to show you how to encrypt function work.

<?php

namespace App\Http\Controllers;

use Illuminate\Http\Request;

class EncryptController extends Controller
{
    public function showSecret(Request $request)
    {
        $random = encrypt(50);
        return view('test',compact('random'));
    }
}

Now time to make a view, where we print this encrypted value.

@extends('layouts.app')

@section('content')
<div class="container">
    <div class="row justify-content-center">
        <div class="col-md-8">
            <div class="card">
                <div class="card-header">Dashboard</div>

                <div class="card-body">

                    <p><b>Encrypted String:</b> {{ $random }}</p>

                </div>
            </div>
        </div>
    </div>
</div>
@endsection

Here’s the working result.

Laravel Encryption

Decryption

You can use decrypt() function to decrypting an  encrypted value. If MAC is invalid then the value cannot be decrypted properly. It will be thrown an “Illuminate\Contracts\Encryption\DecryptException” exception.

use Illuminate\Contracts\Encryption\DecryptException;

try {
    $encryptedValue = "eyJpdiI6IjU1WDUrZkNEU2xqNWJsUXg2NE5oclE9PSIsInZhbHVlIjoiY3VQWFBudjVBYUg3ekZYZVhLUVl4Zz09IiwibWFjIjoiNTQ5NGM5YzE0NzkwNGRiMzA4NjZiNmU5MDdkZGQ1NGFjNGRlODkyNWYzOTE2YjA1MjY1N2JhMWUxODZiZDk2MSJ9";
    $decrypted = decrypt($encryptedValue);
} catch (DecryptException $e) {
    //
}

Encrypting Without Serialization

All the encrypted values are passed through serializing during encryption, which allows for encryption of objects and arrays. Non PHP clients will need to unserialize the date when receiving encrypted values.

If we need to encrypt and decrypt values without serialization then we use the “encryptString” and “decryptString” methods of the “Crypt” facade.

use Illuminate\Support\Facades\Crypt;

// Encryptions
$encrypted = Crypt::encryptString('Hello world.');

// Decryption
$decrypted = Crypt::decryptString($encrypted);

Conclusion

In this article, we will discuss Laravel Encryption. I’m trying to explain you, how you can use Laravel Encryption in your Laravel application. You can also check the official documentation of Laravel Encryption. Please feel free to add the comment if any query.

Leave A Reply

Your email address will not be published.

1 Comment
  1. chhorvon says

    good post.