How to use encryption, decryption, hashing (cryptography) in laravel

18. July 2016 Intermediate, Laravel 0
How to use encryption, decryption, hashing (cryptography) in laravel

Hello readers, am back with another tutorial, here we will see how to use cryptography – cryptographic functions like encryption,decryption for handling and managing sensitive data and hashing algorithms for storing and handling passwords in laravel applications.

We all know that when there is some sensitive data to be handled in a application we need to use some cryptography like encryption, decryption and for storing passwords, cryptography like hashing is used to handle them efficiently.

Encryption and Decryption Cryptography

By default laravel uses AES-256-CBC to encrypt all the values, it means that it uses Advanced Encryption Standard encryption with 256 bit key size and a CBC cipher mode. However, we can also set the cipher and mode using the following functions,

Crypt::setMode('ctr');

The following are the modes available,

  • cbc
  • cfb
  • ctr
  • ecb
  • ncfb
  • nofb
  • ofb
  • stream
Crypt::setCipher($cipher);

The following are the ciphers available,

  • cast-128
  • gost
  • rijndael-128
  • twofish
  • cast-256
  • loki97
  • rijndael-192
  • saferplus
  • wake
  • blowfish-compat
  • des
  • rijndael-256
  • serpent
  • xtea
  • blowfish
  • enigma
  • rc2
  • tripledes
  • arcfour

For encrypting a value, we use a function encrypt on Crypt facade,

Crypt::encrypt($value_to_be_encrypted);

For decrypting a value, we use a function decrypt on Crypt facade,

Crypt::decrypt($encrypted_value_to_be_decrypted);

If you want to use any encryption algorithm other than AES. You can do it so by creating own implementation of Illuminate\Contracts\Encryption\Encrypter  and also creating a new service provider or by extending Illuminate\Encryption\EncryptionServiceProvider

Hashing Cryptography

This cryptography technique hashing, is highly preferred while storing passwords because unlike encryption hashes cannot be dehashed, one can check whether the hash matches with the content provided, but it highly not possible to get the original content after hashing.

By default laravel uses bcrypt hashing,

We can hash a password using the following two ways,

  • Using laravel Hash facade 
    Hash::make($pasword_to_be_hashed);
  • Using bcrypt function call 
    bcrypt($pasword_to_be_hashed);

For verifying a password against a hash we use check method,

Hash::check('plain-text', $hashed_password);

Hope this post helped you to add some security to your laravel applications 😉

Feel free to browse previous tutorials on custom authentication, integrating bootgrid plugin, visuaization using highcharts and many more.


Leave a Reply