Last update: Edit

1 Introduction

The Encryption module takes care of the encryption of strings (for example, passwords) using AES.

1.1 Typical Use Cases

The typical usage scenario is when a project/module consumes a service where a user name and password are required, you can store the password in an encrpyted way in the database. The key used for encrypting passwords is configured as a constant and remains on the application server.

1.2 Limitations

  • Encryption using AES only

2 Configuration

Set the EncryptionKey constant located in the Private - String en/de-cryption folder. Make sure the key consists of 16 characters.

Set the EncryptionPrefix constant located in the Private - String en/de-cryption folder. If you are using version 1.4.1 or above of this module, the value of this constant should be set to {AES2}.

In version 1.4.1, the AES algorithm used for encrypting/decrypting text was switched from CBC to GCM mode, because CBC mode was vulnerable to Oracle padding attacks. For backward compatibility, the module still supports decrypting texts encrypted using CBC mode in older versions of the module. It does not support encrypting strings using the legacy CBC mode. So, strings encrypted in versions below 1.4.1 in CBC mode have the prefix {AES}, while strings encrypted in GCM mode in version 1.4.1 have the prefix {AES2}. If the the EncryptionPrefix constant is set to {AES}, the module in version 1.4.1 or above will still encrypt the string using a new GCM mode. Then, when decrypting the string, the module will detect the prefix {AES} and try to decrypt it using the legacy CBC mode, which will fail because the string was encrypted using GCM mode (which is incompatible with CBC).

3 Read More