:: DOWNLOAD
:: ABOUT
:: LICENSING
:: DONATE
CRNRSTN v2.0.0 :: DOCUMENTATION
paramTunnelEncrypt() ::
Application security and data hygiene can be significantly enhanced with the basic and consistent (only as strong as the weakest link) utilization of the CRNRSTN Suite v2.0.0 and its encryption tunneling protocols. Sending data safely server to server (e.g. SOAP) and between the server and client can be achieved with minimal effort and maximum data integrity through the strategic application of this functionality across all data touch points within your application(s). I have some apps where all data contained within hidden form fields is encrypted. When I have foreign keys appended to a link that will go directly into the hidden fields of a form...and then directly into my database!!..I will NOT spend additional server resources to confirm their accuracy before the MySQL INSERT by racking up extra and peripheral MySQL database hits. If the data is corrupted in the link, paramTunnelDecrypt() will throw an exception that can be handled with grace before the face of the end user (which could be my boss), and the database will only receive bona fide clean data.
Note ::
There are many encryption algorithms available...even version to version (or configuration) of PHP...and they have different requirements as far as the processing resources (memory) needed for them to execute. Before globally applying a layer of encryption to a high traffic application, it is recommended that some baseline performance metrics be established and that at least some load testing be performed to ensure that the chosen encrypt/decrypt algorithm will not cause debilitating (e.g. leading to significant site response lag or crash) spikes in the resource requirements of the overall application.
Technical specifications ::
- Currently tested on an Ubuntu Server 18.04 running PHP 7.0.22/MySQLi 5.0.12 and CentOS 7 Linux (a 100% compatible rebuild of the Red Hat Enterprise Linux) running PHP 5.6.32/MySQLi 5.5.58.
- It is recommended that you upgrade to the latest official release of PHP to take advantage of gains in security and processing efficiency together with the latest features and functionality.
- Some hash_algos() returned methods will NOT be compatible with hash_hmac() which CRNRSTN Suite :: v2.0.0 uses in validating its decryption. And certain openssl encryption cipher / hash_algos algorithm combinations will not be compatible. Please test the compatibility of your desired combination of encryption cipher and hmac algoritm for each environment...especially before releasing to production code base.
Invoking class ::
crnrstn_user
Method definition ::
paramTunnelEncrypt($data=NULL, $cipher_override=NULL, $secret_key_override=NULL)
Method parameter definitions ::
$data (Required)
The data that is to be encrypted. Please note, only string, integer, double, float, int data types will be successfully processed. All other data types will return NULL.
$secret_key (Optional)
If it is desired to override the environmentally specific and globally applied openssl-encryption-key passed into initTunnelEncryption(), this parameter will be used in place of the openssl encryption key provided there in the CRNRSTN Suite :: configuration file for all of the environments within which the application code base will be running.
Returned value ::
The raw data in an encrypted format or NULL on error...i.e. if the data is not able to be encrypted.
Example 1 ::
Send data to hidden fields of a form or append variables to a link after 1) passing the raw data through paramTunnelEncrypt() and 2) receiving in return a unique and encrypted string that can be used in the form or link and then taken to point of insertion and decrypted at that location before..for example...a MySQL database INSERT. Be creative to save time and your effort; you can even append several sensitive parameters together (delimited by pipe, comma, ampersand, etc.), encrypt the entire string, and send it to where you need it before decryption and further processing to conclusion. For just one second, imagine ALL links in your site...apparently...having only one (1) variable (the name of which never changes) at the end. ;) Please note, objects and arrays are a couple of data structures that CANNOT BE ENCRYPTED (but...who puts an object in a hidden text input field of a form anyways, right?).
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
<?php
/*
// J5
// Code is Poetry */
require('_crnrstn.root.inc.php');
include_once($CRNRSTN_ROOT . '/_crnrstn.config.inc.php');
//
// HERE IS SOME DATA THAT IS TO BE INJECTED INTO A COUPLE OF
// HIDDEN FIELDS IN A FORM (POST) OR APPENDED TO A LINK ON THE
// RETURNED PAGE (GET), AND WHICH *WE DO NOT WANT TO GO ACROSS
// AS CLEAR TEXT*.
$six_figure_bank_account_number = '1234567890';
$personal_preference = 'pink panties';
//
// PLEASE NOTE, THE TUNNEL ENCRYPT KEY IS TO BE MANAGED GLOBALLY
// IN THE CRNRSTN CONFIG FILE FOR THE ENTIRE APPLICATION BUT CAN
// ALSO BE OVERRIDDEN LOCALLY AT FUNCTION CALL ACCORDING TO THE
// NEED OF THE APPLICATION.
$accnt_num_ENCRYPTED = $oCRNRSTN_USR->paramTunnelEncrypt($bank_account_number,'encrypt_key_local_override');
$personal_pref_ENCRYPTED = $oCRNRSTN_USR->paramTunnelEncrypt($personal_preference);
//
// DON'T WORRY, YOUR INFORMATION IS UNREADABLE. ALSO, ANY
// CHANGE TO THE FOLLOWING OUTPUT STRINGS WILL CAUSE THE
// DECRYPTION ALGORITHM AT THE RECEIVING SERVER (ALSO
// RUNNING ON TOP OF CRNRSTN :: ;) ) TO THROW AN EXCEPTION.
echo $accnt_num_ENCRYPTED;
echo '<br>= = =<br>';
echo $personal_pref_ENCRYPTED;
?>
Example 1 Output ::
= = =
W%2B9JDZ55pNA1t%2F4uGh9KX1DhIsHJLQ0UYMoYfX3XyuO0K0SHT%2FMgkwkcD6kF5hjkwSKpXvJaXGfJSSNV
http://v2.crnrstn.jony5.com/
0:00:00
OFF
12345