Use an actual 16 byte long IV
The previous IV was actually 12 byte extended to 16 byte using base64. As the encrypted file should be fine with containing binary data as well we can simply remove the encoding like that here.
This commit is contained in:
parent
d25b8dacb3
commit
59ebad0b53
1 changed files with 2 additions and 17 deletions
|
@ -156,7 +156,7 @@ class Crypt {
|
|||
* @param string $plainContent
|
||||
* @param string $passPhrase
|
||||
* @return false|string
|
||||
* @throws GenericEncryptionException
|
||||
* @throws EncryptionFailedException
|
||||
*/
|
||||
public function symmetricEncryptFileContent($plainContent, $passPhrase) {
|
||||
|
||||
|
@ -512,22 +512,7 @@ class Crypt {
|
|||
* @throws GenericEncryptionException
|
||||
*/
|
||||
private function generateIv() {
|
||||
$random = openssl_random_pseudo_bytes(12, $strong);
|
||||
if ($random) {
|
||||
if (!$strong) {
|
||||
// If OpenSSL indicates randomness is insecure log error
|
||||
$this->logger->error('Encryption Library: Insecure symmetric key was generated using openssl_random_psudo_bytes()',
|
||||
['app' => 'encryption']);
|
||||
}
|
||||
|
||||
/*
|
||||
* We encode the iv purely for string manipulation
|
||||
* purposes -it gets decoded before use
|
||||
*/
|
||||
return base64_encode($random);
|
||||
}
|
||||
// If we ever get here we've failed anyway no need for an else
|
||||
throw new GenericEncryptionException('Generating IV Failed');
|
||||
return random_bytes(16);
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
Loading…
Reference in a new issue