Bug: Encrypter->decrypt issue?

[Valkhan]

Describe the bug
I've set an Encryption key, and i'm testing the decryption process, when not passing the 2nd argument everything looks fine, but when I encrypt with a different key as follow i've came across what could be a critical problem:

CodeIgniter 4 version
4.0.3

Affected module(s)
\Config\Services::encrypter()

Expected behavior, and steps to reproduce if appropriate

$crypt = \Config\Services::encrypter();

$userKey = base64_encode($crypt->key . 'usermail@gmail.com');  //creating unique key for user

$userData = $crypt->encrypt('user sensitive data', $userKey); 

// Allright here, passed user key and it passes and decrypts as intended
echo "<h3>Decrypted + correct userkey: ", $crypt->decrypt($userData,$userKey), "</h3>";

// here passing a wrong key it throws an error as intended
echo "<h3>Decrypted + wrong userkey: ", $crypt->decrypt($userData, 'wrongkey'), "</h3>";

// !!! BUG HERE!!!
//  I believe that when i'm not passing 2nd arg, it is using the default key ($crypt->key), it SHOULD throw an error, but instead it decrypts correctly
echo "<h3>Decrypted - without userkey: ", $crypt->decrypt($userData), "</h3>";

Context

• OS: debian
• Web server Apache 2.4
• PHP version 7.4

[lonnieezell]

Reading through the docs that Jim wrote, it looks to me that is not a bug - but the intended way it should work. It is designed so that you shouldn't have to pass a key at all, which would mean that it would use the key set in the config file by default.