Skip to content

Instantly share code, notes, and snippets.

@iamdtang

iamdtang/overview.md

Last active April 27, 2020 06:33
Show Gist options
  • Save iamdtang/8511e967a234cbaea9fdfcfe29348cfb to your computer and use it in GitHub Desktop.
Save iamdtang/8511e967a234cbaea9fdfcfe29348cfb to your computer and use it in GitHub Desktop.
Download ZIP
Hashing, Encryption, Digital Signatures
Raw
overview.md

Hashing

You want to store something securely and don't care about getting the original value back (like passwords).

Hash::make($request->input('password')); // $2y$10$Kk0JK7CZ2rMFVf.uMysZHu2U4/7B4/XjydFJrs5ayiFMvyMWJyF2W

Encryption

Use encryption if you want to get the original value back.

$encrypted = encrypt('hello'); // eyJpdiI6InNjTmxONXgxbjdDdDFzQnI2c1RCTFE9PSIsInZhbHVlIjoibjdtZjRuUmNxd285RkdSNlBycUtBZz09IiwibWFjIjoiN2MzZDU1ZGRhZmU4N2I1YmI4NTlmNTgzYzg1NjA5ZmRlMDQ4MWE0NTg2YWYzZmNmNzZlMzM3YzI4YjQwYWNlMCJ9
decrypt($enrypted) === 'hello'; // true

Digital Signatures

Use digital signatures to guarantee a message is authentic (like a token hasn't been tampered with).

Hash a message which becomes a signature for a message.

A JWT has 3 parts: a header, a payload, and a signature.

Example JWT

The signature is a hash of the header and payload combined. When clients send the token to the server, the server can verify if the JWT is authentic (hasn't been tampered with) by checking if the signature matches a hash of the header and payload.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment