Solved: How to check if string is already encrypted in laravel
Laravel Encryption
In Laravel, We can encrypt a string using the "encryptString" method in the Crypt facade. All the characters in the string are encrypted using OpenSSL and AES-256-CBC Cipher. The encrypted string is also signed with MAC ( Message Authentication Code ).These combinations will make the encryption strong and very hard to crack. If you are interested in further knowing what is precisely executed during encryption then you may need to read this beautiful piece - Encryption and hashing for Laravel developers by Josip Crnković
Laravel Decryption
We can use "decryptString" method in the Crypt facade to decrypt a string, similar to the "encryptString" method which we used to encrypt. It's just that simple and Laravel takes care of the rest.But... how to check a string is already encrypted before you encrypt it? and also if you don't know whether a string is already encrypted or not, then chances are there to encrypt it twice. So how can we avoid these situations?
How to check a string is already encrypted or not?
In Laravel, there is no direct way exist to check whether a string is already encrypted or not, we have to rely on some other workaround. We can make use of the "DecryptException" as an option to identify whether the given string is encrypted or not. Let's look at this example:
<?php
namespace App\Console\Commands;
use Illuminate\Console\Command;
use Illuminate\Support\Facades\Crypt;
class EncryptionExample extends Command
{
public function handle(){
try{
$plainString = "<plain string>";
$encryptionResult = Crypt::decryptString($plainString);
}catch(\Illuminate\Contracts\Encryption\DecryptException $ex){
//DecryptException thrown by laravel, so we can assume this text is not encrypted.
}
}
}
In the above example, when you try to decrypt a string which is not encrypted, it will be captured in the "catch" block. So this way we can identify which are encrypted and which are plain strings and we can implement another try.. catch on top of this to continue encrypting.
Though the "DecryptException" is one way to identify a string is encrypted or not, Laravel throws same exeception in some other scenarios as well, for example, when the MAC value in the encrypted string is not correct then laravel throws this exception. The point is, still the given string is invalid, So check your use case and apply the solution.
The solution we discussed above looks okayish, but still it doesn't look good and not readable also confusing sometimes. So we have to use a much cleaner way to implement the same solution, that is, use a separate function to handle this scenario as shown below:
<?php
namespace App\Console\Commands;
use Illuminate\Console\Command;
use Illuminate\Support\Facades\Crypt;
class EncryptionExample extends Command
{
/**
* The name and signature of the console command.
*
* @var string
*/
protected $signature = 'Example:Encryption';
/**
* The console command description.
*
* @var string
*/
protected $description = 'Sample command to explain to check given string is encrypted or not.';
public function handle(){
$encryptedString = "<encrypted string>";
$encryptionStatus = $this->isEncrypted($encryptedString);
if($encryptionStatus === true){
//this string is encrypted
$this->info('this string is encrypted');
}elseif($encryptionStatus === -1){
//this string is NOT encrypted
$this->info('this string is NOT encrypted');
}elseif(!$encryptionStatus){
//some other error is occured
$this->info('Some other error occured during encryption check...');
}
}
protected function isEncrypted(string $encryptedString){
try{
$plainString = Crypt::decryptString($encryptedString);
return true;
}catch(\Illuminate\Contracts\Encryption\DecryptException $ex){
//DecryptException thrown by laravel, so we can assume this text is already encrypted.
return -1;
}catch(Exception $ex){
//some other error occured
return false;
}
return false;
}
}
So in the above example, when Laravel able to decrypt the string successfully without any issues, then we know that the given string is encrypted and "isEncrypted" function returns "true".
When the string is not encrypted then it returns "-1", In other cases, it will return "false".
Comments (0)