use full 256 bytes for selection of random keys... support base64 encoded keys.

taylorotwell · taylorotwell · commit 370ae34d4136 · 2016-03-24T19:35:27.000-05:00
diff --git a/src/Illuminate/Encryption/Encrypter.php b/src/Illuminate/Encryption/Encrypter.php
@@ -3,6 +3,7 @@
 namespace Illuminate\Encryption;
 
 use RuntimeException;
+use Illuminate\Support\Str;
 use Illuminate\Contracts\Encryption\DecryptException;
 use Illuminate\Contracts\Encryption\EncryptException;
 use Illuminate\Contracts\Encryption\Encrypter as EncrypterContract;
@@ -29,6 +30,10 @@ public function __construct($key, $cipher = 'AES-128-CBC')
     {
         $key = (string) $key;
 
+        if (Str::startsWith($key, 'base64:')) {
+            $key = base64_decode(substr($key, 7));
+        }
+
         if (static::supported($key, $cipher)) {
             $this->key = $key;
             $this->cipher = $cipher;
diff --git a/src/Illuminate/Foundation/Application.php b/src/Illuminate/Foundation/Application.php
@@ -441,6 +441,16 @@ public function environmentFile()
         return $this->environmentFile ?: '.env';
     }
 
+    /**
+     * Get the fully qualified path to the environment file.
+     *
+     * @return string
+     */
+    public function environmentFilePath()
+    {
+        return $this->environmentPath().'/'.$this->environmentFile();
+    }
+
     /**
      * Get or check the current application environment.
      *
diff --git a/src/Illuminate/Foundation/Console/KeyGenerateCommand.php b/src/Illuminate/Foundation/Console/KeyGenerateCommand.php
@@ -4,16 +4,15 @@
 
 use Illuminate\Support\Str;
 use Illuminate\Console\Command;
-use Symfony\Component\Console\Input\InputOption;
 
 class KeyGenerateCommand extends Command
 {
     /**
-     * The console command name.
+     * The name and signature of the console command.
      *
      * @var string
      */
-    protected $name = 'key:generate';
+    protected $signature = 'key:generate {--show : Display the key instead of modifying files}';
 
     /**
      * The console command description.
@@ -29,55 +28,46 @@ class KeyGenerateCommand extends Command
      */
     public function fire()
     {
-        $app = $this->laravel;
-
-        $key = $this->getRandomKey($app['config']['app.cipher']);
+        $key = $this->generateRandomKey();
 
         if ($this->option('show')) {
             return $this->line('<comment>'.$key.'</comment>');
         }
 
-        $path = $app->environmentPath().'/'.$app->environmentFile();
-
-        if (file_exists($path)) {
-            $content = str_replace('APP_KEY='.$app['config']['app.key'], 'APP_KEY='.$key, file_get_contents($path));
-
-            if (! Str::contains($content, 'APP_KEY')) {
-                $content = sprintf("%s\nAPP_KEY=%s\n", $content, $key);
-            }
+        // Next, we will replace the application key in the environment file so it is
+        // automatically setup for this developer. This key gets generated using a
+        // secure random byte generator and is later base64 encoded for storage.
+        $this->setKeyInEnvironmentFile($key);
 
-            file_put_contents($path, $content);
-        }
-
-        $app['config']['app.key'] = $key;
+        $this->laravel['config']['app.key'] = $key;
 
         $this->info("Application key [$key] set successfully.");
     }
 
     /**
-     * Generate a random key for the application.
+     * Set the environmeny key in the environment file.
      *
-     * @param  string  $cipher
-     * @return string
+     * @param  string  $key
+     * @return void
      */
-    protected function getRandomKey($cipher)
+    protected function setKeyInEnvironmentFile($key)
     {
-        if ($cipher === 'AES-128-CBC') {
-            return Str::random(16);
-        }
-
-        return Str::random(32);
+        file_put_contents($this->laravel->environmentFilePath(), str_replace(
+            'APP_KEY='.$this->laravel['config']['app.key'],
+            'APP_KEY='.$key,
+            file_get_contents($this->laravel->environmentFilePath())
+        ));
     }
 
     /**
-     * Get the console command options.
+     * Generate a random key for the application.
      *
-     * @return array
+     * @return string
      */
-    protected function getOptions()
+    protected function generateRandomKey()
     {
-        return [
-            ['show', null, InputOption::VALUE_NONE, 'Simply display the key instead of modifying files.'],
-        ];
+        return 'base64:'.base64_encode(random_bytes(
+            $this->laravel['config']['app.cipher'] == 'AES-128-CBC' ? 16 : 32
+        ));
     }
 }
diff --git a/tests/Encryption/EncrypterTest.php b/tests/Encryption/EncrypterTest.php
@@ -13,12 +13,25 @@ public function testEncryption()
         $this->assertEquals('foo', $e->decrypt($encrypted));
     }
 
+    public function testEncryptionUsingBase64EncodedKey()
+    {
+        $e = new Encrypter('base64:'.base64_encode(random_bytes(16)));
+        $encrypted = $e->encrypt('foo');
+        $this->assertNotEquals('foo', $encrypted);
+        $this->assertEquals('foo', $e->decrypt($encrypted));
+    }
+
     public function testWithCustomCipher()
     {
         $e = new Encrypter(str_repeat('b', 32), 'AES-256-CBC');
         $encrypted = $e->encrypt('bar');
         $this->assertNotEquals('bar', $encrypted);
         $this->assertEquals('bar', $e->decrypt($encrypted));
+
+        $e = new Encrypter('base64:'.base64_encode(random_bytes(32)), 'AES-256-CBC');
+        $encrypted = $e->encrypt('foo');
+        $this->assertNotEquals('foo', $encrypted);
+        $this->assertEquals('foo', $e->decrypt($encrypted));
     }
 
     /**
