What is CodeIgniter 4's Encryption class?
Why Interviewers Ask This
Mid-level CodeIgniter roles require deep understanding of this topic. Interviewers ask this to separate candidates who truly understand the mechanics from those who only know surface-level concepts.
Answer
CodeIgniter 4's Encryption service provides authenticated symmetric encryption using OpenSSL (AES-256-CTR with HMAC-SHA512). Configure the key in app/Config/Encryption.php or generate one: php spark key:generate (stored in .env as encryption.key). Get the service: $encrypter = service("encrypter"). Encrypt: $encrypted = $encrypter->encrypt("sensitive data") — returns a base64-encoded string. Decrypt: $original = $encrypter->decrypt($encrypted). The encryption includes authentication (HMAC) — if the data is tampered with, decryption will fail. Use cases: encrypting sensitive data before storing in a database, securing cookies, or protecting config values. Do not use CI4's Encryption for passwords — use password_hash() and password_verify() instead.
Pro Tip
Demonstrate both theoretical understanding and practical experience. Say what it is, then give an example of how you actually used it in a CodeIgniter codebase.
Previous
What is CI4's Content Negotiation?
Next
What is the difference between redirect() and header() in CI4?