GitHub

Hashing and Encryption

TinyMVC provides robust security utilities for hashing, password management, and encryption through the Hash class.

Configuration

Set your application key in env.php:

// Security settings
'app_key' => 'e32e4a35fce965947481cdad2db2a4e4', // 32+ character key
Important: Generate a new application key if not set: 
php spark key:generate

Basic Hashing

// Create a hash
$hash = hashing()->make('plain-text');

// Validate a hash
if (hashing()->validate('plain-text', $storedHash)) {
    // Hashes match
}

Password Management

// Hash a password (uses Argon2id)
$hashedPassword = hashing()->hashPassword('user-password');

// Verify password
if (hashing()->validatePassword('input-password', $storedHash)) {
    // Password correct
}

Encryption/Decryption

// Encrypt sensitive data
$encrypted = hashing()->encrypt('sensitive-data');

// Decrypt data
try {
    $decrypted = hashing()->decrypt($encrypted);
} catch (DecryptionFailedException $e) {
    // Handle decryption failure
}

Dependency Injection

// Inject Hash class
public function __construct(Hash $hash)
{
    $this->hash = $hash;
}

public function storeData($data)
{
    $encrypted = $this->hash->encrypt($data);
    // ...
}

Security Best Practices

  • Always use the provided methods rather than raw PHP functions
  • Never store encryption keys in version control
  • Rotate your application key periodically
  • Use different keys for different environments
  • Always catch encryption/decryption exceptions

Advanced Usage

Custom Hashing Algorithms

// Use SHA-512 instead of default SHA-256
$hash = hashing()->make('data', 'sha512');

Password Hash Options

// Custom Argon2 parameters (in service provider)
$container->singleton(Hash::class, function() {
    $hash = new Hash(config('app_key'));
    $hash->setPasswordOptions([
        'memory_cost' => 131072,  // 128MB
        'time_cost' => 6,         // 6 iterations
        'threads' => 3            // 3 threads
    ]);
    $hash->setPasswordAlgorithm(PASSWORD_ARGON2ID);
    return $hash;
});

Full Examples

User Registration

public function register(Request $request)
{
    $user = User::create([
        'name' => $request->name,
        'email' => $request->email,
        'password' => hashing()->hashPassword($request->password),
        'api_token' => hashing()->encrypt(random_bytes(32))
    ]);
    
    return response()->json($user);
}

Data Encryption Workflow

// Store encrypted data
$creditCard = [
    'number' => hashing()->encrypt($request->number),
    'expiry' => hashing()->encrypt($request->expiry),
    'cvv' => hashing()->encrypt($request->cvv)
];
PaymentMethod::create($creditCard);

// Retrieve and decrypt
$method = PaymentMethod::find(1);
try {
    $cardNumber = hashing()->decrypt($method->number);
} catch (DecryptionFailedException $e) {
    abort(500);
}

Troubleshooting

# Common issues:
# - "Encryption key not provided" → Set app_key in env.php
# - "Invalid encrypted data format" → Corrupted encrypted data
# - "Decryption failed" → Wrong key or corrupted data