What’s this upcoming “Encryption” component of Symfony 6.1?
You may say it’s to encrypt data. Yes. But no. Let’s clarify.
Did you ever try to encrypt data with vanilla PHP? Well, I did (try), and I definitely don’t want to do it again. Let me explain.
One of the most famous library to do encryption with PHP is called OpenSSL. It does the job right, and it has been tried and tested for years, and even decades. The release date of this library is 1998, I was 2 years old at this time.
But here is the real deal, do you even know how to use properly? That’s the question I asked myself lately, because I had the need. Then I found the method
openssl_encrypt of PHP. But what a (bad) surprise. Just take a look at the signature of this function:
I won’t show you the description of the each argument because it wouldn’t bring anything. But you can definitely see this function is from another time.
Well, brace yourself, Encryption component is coming and it’s an abstraction layer to these things!
As the component is being developed at the time these lines are written, some things might change. But the whole purpose of the Encryption component should stay the same.
Alright, so first of all, let’s talk about the component’s name. It is still under discussion as it could bring some confusion and make one think this component implements algorithm to encrypt data. But once more, that’s not what’s this component is all about. It makes sense: powerful and robust libraries like Sodium, Halite, PHPSeclib and so on are already doing the job perfectly. We’re talking about security here, and developers from all around the world are going to rely on this for their applications.
The purpose of this component is to add an abstraction layer to this type of libraries cited before, allowing you to use easily an object model, interfaces and classes to perform these operations. And you should also note that if this component is part of the Symfony framework, as soon as its experimental status is removed, it will bring you Symfony’s backward compatibility promise as well.
The whole point is to offer to developers two interfaces they can rely on:
I love how it is simple and straightforward. And that’s how simple, in my opinion, we should be able to encrypt data nowadays.
The first interface defines a key. Depending on your implementation and the algorithm you’re using, it could contain a single private key, or a private and a public one. In the bundled implementation of the component, using Sodium as the encryption library, the final class SodiumKey is containing a private key, a public key and a secret (also called passphrase).
It only has one method to implement,
extractPublicKey, that returns a KeyInterface. For your information, it is possible with some encryption algorithms to extract the public key directly from the private key. We will use this interface in the second interface defined by this component: EncryptionInterface. Again, the component is bundled with an implementation of it, SodiumEncryption.
This interface gives us 4 methods:
generateKey, which allows you to define how you’re going to build your own KeyInterface. You can pass it an optional secret (again, also called passphrase) ;
encryptto simply encrypt your data with a given key. It will use the secret part of the key (which differs from the functions we’re going to see in a minute). You pass your data through the
$messageargument. Remember: even if its string typed, PHP allows you to easily define binary data in strings. This way, you can even encrypt unformatted data!
encryptForis used to encrypt data for somebody. It will use the public part of the key to encrypt data. This way, encrypted data can only be decrypted using the private key that is mathematically linked to this public key. Super useful if someone sent you their public key and you want to be sure only this person will be able to see your data.
decryptis used to… well, decrypt data. Simply give it your encrypted data, your key and if everything matches, it will return the decrypted message.
That’s it! And this is all we need to cover most of simple use cases.
As you can see, this component propose a simple solution to encrypt data.
It seems that the initial release of this component will only be bundled with the Sodium implementation. But it will definitely grow over time and I’m pretty sure this component will offer multiple libraries implementations out-of-the-box.
If you read the entire article, you can now understand why the name “Encryption” for this component car be misleading is currently under discussion at the time of writing.
One last question: when? Well, we can’t be sure. Looking at the pull-request, Fabien Potencier removed the
6.0 label and added label
6.1. From this, we can conclude the earliest we will see this feature on a stable release will be on May 2022. But as always, it will be released when it’s ready!