Mfrhtyj

I'm working on a manufacturer extension. I added a password field to the form in admin side. How to encrypt that password to save it to the DB.

In Magento 1 we encrypt it this way:

Mage::getModel('core/encryption')->encrypt($data['password'])

How to do the same on Magento 2?

Firstly my usual comment would be, do not encrypt a password!

• Encryption = A two-way process, scrambling and then unscrambling data at a later date.


• Hashing = A one-way process, create an encrypted looking string from a given input.

Hashing is not encryption, once you have something hashed it cannot be unhashed. Think of it like this you can md5 hash the entire contents of "Harry Potter and the Philosopher's Stone" and end up with a 32 character string, there is no way to get from that 32 characters back to the full book.

Hashing is usually preferable when storing passwords as it means you don't actually ever store the password but merely the result of its hash meaning if you're ever compromised your users can feel a little safer about the whole ordeal.

Anyway, to encrypt data

use MagentoFrameworkEncryptionEncryptorInterface

$encrypt = $this->encryptor->encrypt($data);

$decrypt = $this->encryptor->decrypt($data);

To hash a password

use MagentoFrameworkEncryptionEncryptorInterface

$hash = $this->encryptor->hash($password);



#Hash is persisted in the database when you next login use 

#provided password variable and compare with stored hash



$bool = $this->encryptor->validateHash($password, $hash);

For more thorough example usage of password, hashing have a look a

• MagentoCustomerModelCustomer::setPassword


• MagentoCustomerModelCustomer::validatePassword

I searched a little and found out that magento2 uses EncryptorInterface class to encrypt and decrypt the password.

You can use it this way:

use MagentoFrameworkEncryptionEncryptorInterface as Encryptor;

in the construct function :

$this->encryptor = $encryptor;

then call encrypt function to encrypt:

$encrypt = $this->encryptor->encrypt($password);

and to decrypt:

$decrypt = $this->encryptor->decrypt($password);

Here is my working script, creating hashed and/or encrypted passwords from cleartext passwords:

<?php

// create a "tools" directory inside the "pub" directory and copy this script into pub/tools

require '../../app/bootstrap.php';



if (php_sapi_name() !== 'cli' && isset($_GET['pass'])) {

    define('PASS', $_GET['pass']);

} elseif (php_sapi_name() !== 'cli') {

    die('Please add the password you want to hash / encrypt as a pass parameter (?pass=myB1rthDate)');

} elseif (!isset($argv[1])) {

    die('Please add the password you want to hash / encrypt enclosed IN DOUBLE QUOTES as a parameter.' . PHP_EOL);

} else {

    define('PASS', $argv[1]);

}



class MyEncryptor extends MagentoFrameworkAppHttp implements MagentoFrameworkAppInterface

{

    private $encryptor;

    public function __construct(

        MagentoFrameworkAppState $state,

        MagentoFrameworkEncryptionEncryptorInterface $encryptor,

        MagentoFrameworkAppResponseHttp $response

    ) {

        $this->_response = $response;

        $this->encryptor = $encryptor;

        $state->setAreaCode('adminhtml');

    }



    function launch()

    {

        echo 'Hashed value:    ' . $this->encryptor->hash(PASS) . PHP_EOL;

        echo 'Encrypted value: ' . $this->encryptor->encrypt(PASS) . PHP_EOL;

        return $this->_response;

    }

}



$bootstrap = MagentoFrameworkAppBootstrap::create(BP, $_SERVER);

$app = $bootstrap->createApplication('MyEncryptor');

$bootstrap->run($app);

Run it like this from the cli:

php ./encryptPassword.php "myCleartextPassword"

This script should not be used on a server, because it requires the password as a command line argument, which is then stored in the cli history.

I want to use it for writing credentials directly encrypted into the magento database during deployments.