All geek questions in one place

Where to encrypt / decrypt my data?

I am using Symfony 2 with Doctrine 2.

I need to encrypt a field in my object using an encryption service, and I wonder where I should put this logic.

I am using the controller architecture> Services> Repository.

I was wondering if the listener would be a good idea, my main problem is that if my object is stored in encrypted form, if I decrypt it on the fly, its state will be changed, and I'm not sure if this is a good idea.

How do you implement this?

+6
source share
3 answers

To extend the answers to rich and targeted answers, one way to inject a dependency (e.g. cypto-service) into Doctrine's own mapping type might be to use a static property and setter:

// MyBundle/Util/Crypto/Types/EncryptedString.php class EncryptedString extends StringType { /** @var \MyBundle\Util\Crypto */ protected static $crypto; public static function setCrypto(Crypto $crypto) { static::$crypto = $crypto; } public function convertToDatabaseValue($value, AbstractPlatform $platform) { $value = parent::convertToDatabaseValue($value, $platform); return static::$crypto->encrypt($value); } public function convertToPHPValue($value, AbstractPlatform $platform) { $value = parent::convertToPHPValue($value, $platform); return static::$crypto->decrypt($value); } public function getName() { return 'encrypted_string'; } }

The configuration will look like this:

 // MyBundle/MyBundle.php class MyBundle extends Bundle { public function boot() { /** @var \MyBundle\Util\Crypto $crypto */ $crypto = $this->container->get('mybundle.util.crypto'); EncryptedString::setCrypto($crypto); } } # app/Resources/config.yml doctrine: dbal: types: encrypted_string: MyBundle\Util\Crypto\Types\EncryptedString # MyBundle/Resources/config/services.yml services: mybundle.util.crypto: class: MyBundle\Util\Crypto arguments: [ %key% ]
+17
source

I don't know if this is correct, but I implemented this recently by creating a custom mapping type according to the Doctrine docs. Something like the following:

 class EncryptedStringType extends TextType { const MYTYPE = 'encryptedstring'; // modify to match your type name public function convertToPHPValue($value, AbstractPlatform $platform) { return base64_decode($value); } public function convertToDatabaseValue($value, AbstractPlatform $platform) { return base64_encode($value); } public function getName() { return self::MYTYPE; } }

I registered this type in the package class:

 class MyOwnBundle extends Bundle { public function boot() { $em = $this->container->get("doctrine.orm.entity_manager"); try { Type::addType("encryptedstring", "My\OwnBundle\Type\EncryptedStringType"); $em-> getConnection()-> getDatabasePlatform()-> registerDoctrineTypeMapping("encryptedstring", "encryptedstring"); } catch (\Doctrine\DBAL\DBALException $e) { // For some reason this exception gets thrown during // the clearing of the cache. I didn't have time to // find out why :-) } } }

and then I was able to refer to it when creating my objects, for example:

 /** * @ORM\Column(type="encryptedstring") * @Assert\NotBlank() */ protected $name;

It was a quick implementation, so I would be interested to know the correct way to do it. I also assume that your encryption service is something accessible from the container; I don't know how much it is possible / possible to pass services to user types this way: ...) -

+14
source

The richsage answer was pretty good, except that I would not register the user type in the package class file. He recommended using config.yml as follows:

 # ./app/config/confi doctrine: dbal: driver: "%database_driver%" {{ etc, etc }} types: encrypted_string: MyCompany\MyBundle\Type\EncryptedStringType

Then just make sure that in your EncryptedStringType class you specify the getName function to return encrypted_string.

Now in the definition of the model (or annotation) you can use the type encrypted_string.

+8
source

Source: https://habr.com/ru/post/903041/

More articles:


All Articles