/**
* Hash a password for storage using PBKDF2 and the configured parameters.
* Will use a combination of a random dynamic salt and the given static salt.
*
* @param string $password Cleartext password that should be hashed
* @param string $staticSalt Static salt that will be appended to the random dynamic salt
* @return string A Base64 encoded string with the derived key (hashed password) and dynamic salt
*/
public function hashPassword($password, $staticSalt = NULL)
{
$dynamicSalt = \TYPO3\FLOW3\Utility\Algorithms::generateRandomBytes($this->dynamicSaltLength);
$result = \TYPO3\FLOW3\Security\Cryptography\Algorithms::pbkdf2($password, $dynamicSalt . $staticSalt, $this->iterationCount, $this->derivedKeyLength, $this->algorithm);
return base64_encode($dynamicSalt) . ',' . base64_encode($result);
}
/**
* @return string The configured encryption key stored in Data/Persistent/EncryptionKey
* @throws \TYPO3\FLOW3\Security\Exception\MissingConfigurationException
*/
protected function getEncryptionKey()
{
if ($this->encryptionKey === NULL) {
if (!file_exists(FLOW3_PATH_DATA . 'Persistent/EncryptionKey')) {
file_put_contents(FLOW3_PATH_DATA . 'Persistent/EncryptionKey', bin2hex(\TYPO3\FLOW3\Utility\Algorithms::generateRandomBytes(96)));
}
$this->encryptionKey = file_get_contents(FLOW3_PATH_DATA . 'Persistent/EncryptionKey');
if ($this->encryptionKey === FALSE || $this->encryptionKey === '') {
throw new \TYPO3\FLOW3\Security\Exception\MissingConfigurationException('No encryption key for the HashService was found and none could be created at "' . FLOW3_PATH_DATA . 'Persistent/EncryptionKey"', 1258991855);
}
}
return $this->encryptionKey;
}
