feat(encryption): Change previousKeys to a comma-separated string for fallback decryption

Author: patel-vansh

app/Config/Encryption.php

@@ -39,7 +39,7 @@ class Encryption extends BaseConfig
      * If you want to enable decryption using previous keys, set them here.
      * See the user guide for more info.
      */
-    public array $previousKeys = [];
+    public string $previousKeys = '';
 
     /**
      * --------------------------------------------------------------------------

system/Config/BaseConfig.php

@@ -137,10 +137,12 @@ public function __construct()
                     // previousKeysFallbackEnabled must be boolean
                     $this->{$property} = (bool) $this->{$property};
                 } elseif ($property === 'previousKeys') {
-                    // previousKeys must be an array
-                    if (is_string($this->{$property})) {
-                        $this->{$property} = array_map(fn ($item): string => $this->parseEncryptionKey($item), explode(',', $this->{$property}));
+                    $keysArray      = array_map('trim', explode(',', $this->{$property}));
+                    $parsedKeys     = [];
+                    foreach ($keysArray as $key) {
+                        $parsedKeys[] = $this->parseEncryptionKey($key);
                     }
+                    $this->{$property} = implode(',', $parsedKeys);
                 }
             }
         }

system/Encryption/Encryption.php

@@ -59,11 +59,11 @@ class Encryption
     protected bool $previousKeysFallbackEnabled = false;
 
     /**
-     * List of previous keys for fallback decryption.
+     * Comma-separated list of previous keys for fallback decryption.
      *
-     * @var list<string>
+     * @var string
      */
-    protected array $previousKeys = [];
+    protected string $previousKeys = '';
 
     /**
      * The derived HMAC key
@@ -132,7 +132,7 @@ public function initialize(?EncryptionConfig $config = null)
         if ($config instanceof EncryptionConfig) {
             $this->key                         = $config->key;
             $this->previousKeysFallbackEnabled = $config->previousKeysFallbackEnabled ?? false;
-            $this->previousKeys                = $config->previousKeys ?? [];
+            $this->previousKeys                = $config->previousKeys ?? '';
             $this->driver                      = $config->driver;
             $this->digest                      = $config->digest ?? 'SHA512';
         }

system/Encryption/Handlers/OpenSSLHandler.php

@@ -63,9 +63,9 @@ class OpenSSLHandler extends BaseHandler
     /**
      * List of previous keys for fallback decryption.
      *
-     * @var list<string>
+     * @var string
      */
-    protected array $previousKeys = [];
+    protected string $previousKeys = '';
 
     /**
      * Whether the cipher-text should be raw. If set to false, then it will be base64 encoded.
@@ -138,15 +138,16 @@ public function decrypt($data, $params = null)
             throw EncryptionException::forNeedsStarterKey();
         }
 
+        $result = false;
+
         try {
             $result = $this->decryptWithKey($data, $this->key);
         } catch (EncryptionException $e) {
-            $result    = false;
             $exception = $e;
         }
 
-        if ($result === false && $this->previousKeysFallbackEnabled && $this->previousKeys !== []) {
-            foreach ($this->previousKeys as $previousKey) {
+        if ($result === false && $this->previousKeysFallbackEnabled && $this->previousKeys !== '') {
+            foreach (explode(',', $this->previousKeys) as $previousKey) {
                 try {
                     $result = $this->decryptWithKey($data, $previousKey);
                     if ($result !== false) {

system/Encryption/Handlers/SodiumHandler.php

@@ -38,9 +38,9 @@ class SodiumHandler extends BaseHandler
     /**
      * List of previous keys for fallback decryption.
      *
-     * @var list<string>
+     * @var string
      */
-    protected array $previousKeys = [];
+    protected string $previousKeys = '';
 
     /**
      * Block size for padding message.
@@ -91,17 +91,18 @@ public function decrypt($data, $params = null)
             throw EncryptionException::forNeedsStarterKey();
         }
 
+        $result = false;
+
         try {
             $result = $this->decryptWithKey($data, $this->key);
             sodium_memzero($this->key);
         } catch (EncryptionException $e) {
-            $result    = false;
             $exception = $e;
             sodium_memzero($this->key);
         }
 
-        if ($result === false && $this->previousKeysFallbackEnabled && $this->previousKeys !== []) {
-            foreach ($this->previousKeys as $previousKey) {
+        if ($result === false && $this->previousKeysFallbackEnabled && $this->previousKeys !== '') {
+            foreach (explode(',', $this->previousKeys) as $previousKey) {
                 try {
                     $result = $this->decryptWithKey($data, $previousKey);
                     if (isset($result)) {