Saturday
27
February
2010

New features for Zend_Filter_Encrypt

Hy folks,

today I added 2 new features for all who do encryption and decryption with Zend Framework.

* Compression
You can now automatically use compression within the encrypted content. This can become handy when you are encrypting very large content or files.

$filter = new Zend_Filter_Encrypt(array(
    'adapter'     => 'openssl',
    'private'     => '/path/to/mykey/private.pem',
    'public'      => '/public/key/path/public.pem',
    'compression' => 'bz2'
));

Internally it uses Zend_Filter_Compress to reduce the encrypted value.
You can also set other compression options when you define them as array like:

'compression' => array(
    'adapter' => 'zip',
    'target' => 'C:\temp\test.zip'
)

For decryption you must simply set the same compression options as for encryption.
This option works with both encryption adapters.

* Simplified usage
For Openssl I added a simplified usage.

You can now set the package option.
When it is set to true then the envelope keys will be packed to the encrypted values.

So the old usage was:

$filter = new Zend_Filter_Encrypt(array(
    'adapter' => 'openssl',
    'private' => '/path/to/mykey/private.pem',
    'public' => '/public/key/path/public.pem',
));
	
$encrypted = $filter->filter('text_to_be_encoded');
$envelope  = $filter->getEnvelopeKey();
	
---------------------------------
$filter = new Zend_Filter_Decrypt(array(
    'adapter' => 'openssl',
    'private' => '/path/to/mykey/private.pem',
    'public' => '/public/key/path/public.pem',
    'envelope' => $envelope
));
	
$content = $filter->filter($encrypted);

and now you can simplify this by omiting the envelope keys:

$filter = new Zend_Filter_Encrypt(array(
    'adapter' => 'openssl',
    'private' => '/path/to/mykey/private.pem',
    'public' => '/public/key/path/public.pem',
    'package' => true
));
	
$encrypted = $filter->filter('text_to_be_encoded');
	
---------------------------------
$filter = new Zend_Filter_Decrypt(array(
    'adapter' => 'openssl',
    'private' => '/path/to/mykey/private.pem',
    'public' => '/public/key/path/public.pem',
    'package' => true
));
	
$content = $filter->filter($encrypted);

So you need no longer to provide the envelope keys to be able to decrypt the content.
This simplifies the decryption.

Possible negative aspects of this behaviour are:
* A lowering of security by integrating the envelope key into the encrypted value
* The encrypted string will be longer as all envelope keys are integrated

I hope that you find both features usefull for your work.

Greetings
Thomas Weidner
I18N Team Leader, Zend Framework

Zend Framework Advisory Board Member
Zend Certified Engineer for Zend Framework

Back to top