Skip to content

Latest commit

 

History

History
17 lines (13 loc) · 885 Bytes

encryption.md

File metadata and controls

17 lines (13 loc) · 885 Bytes

Configuring encryption providers

By default this module uses defuse/php-encryption as its encryption adapter for secret information that must be persisted to a data store, such as a TOTP secret.

You can add your own implementation if you would like to use something different, by implementing EncryptionAdapterInterface and configuring your service class with Injector. The interface is deliberately simple, and takes encrypt() and decrypt() methods with a payload and an encryption key argument.

SilverStripe\Core\Injector\Injector:
  SilverStripe\MFA\Service\EncryptionAdapterInterface:
    class: App\MFA\ReallyStrongEncryptionAdapter

Please note: this is different from the PasswordEncryptor API provided by silverstripe/framework because we need two-way encryption (as opposed to one-way hashing) for MFA.