eclipse>> encryption>> 返回
项目作者: jamielsharief

项目描述 :
This library supports both Asymmetric (using key pairs) and Symmetric (single key) encryption.
高级语言: PHP
项目地址: git://github.com/jamielsharief/encryption.git
创建时间: 2020-02-23T18:30:18Z
项目社区:https://github.com/jamielsharief/encryption
开源协议:MIT License
下载


Encryption

license
build
Coverage Status

This library supports both asymmetric (using key pairs) and symmetric (single key) encryption. There is also a Hybrid encryption which uses both asymmetric and symmetric. Both encrypted data and signatures are returned as a Base64 encoded string.

Asymmetric Encryption

Generating Keys

To generate a key pair

  1. use Encryption\KeyPair;
  2. $keyPair = KeyPair::generate();
  4. $publicKey = $keyPair->publicKey(); // this is used to encrypt data
  5. $privateKey = $keyPair->privateKey(); // this is to decrypt data
  6. $string = $keyPair->toString(); // combines both key into a single string

Generate accepts the following options:

  • size: default:4096 the size of the key
  • passphrase: a password to encrypt the key with

Working with Private Keys

To create a PrivateKey object using a private key string, pass this to the constructor

  1. use Encryption\PrivateKey;
  2. $privateKey = new PrivateKey($string);
  3. $privateKey = new PrivateKey($string, ['passphrase' => 'secret']));

To create a PrivateKey object by loading from a file

  1. use Encryption\PrivateKey;
  2. $privateKey = PrivateKey::load($path);
  3. $privateKey = PrivateKey::load($path, ['passphrase' => 'secret']);

Things you can do with the PrivateKey object

  1. $encrypted = $privateKey->encrypt($data);
  2. $decrypted = $privateKey->decrypt($encrypted); // decrypts data encrypted by public key
  3. $signature = $privateKey->sign($data);
  4. $publicKey = $privateKey->extractPublicKey();
  5. $bits = $privateKey->bits(); // 4096
  6. echo $privateKey->toString();

You can also generate a private key using the static method generate, this will return a new PrivateKey object.

  1. $privateKey = PrivateKey::generate();

Working with Public Keys

To create a PublicKey object using a public key string, pass this to the constructor

  1. use Encryption\PublicKey;
  2. $publicKey = new PublicKey($string);

To create a PublicKey object by loading from a file

  1. use Encryption\PublicKey;
  2. $publicKey = PublicKey::load($path);

Things you can do with the PublicKey object

  1. $encrypted = $publicKey->encrypt($data);
  2. $decrypted = $publicKey->decrypt($encrypted); // decrypts data encrypted by private key
  3. $signature = $publicKey->verify($data, $signature);
  4. $fingerprint = $publicKey->fingerprint(); // D52A E482 CBE7 BB75 0148 3851 93A3 910A 0719 994D
  5. $bits = $publicKey->bits(); // 4096
  6. echo $publicKey->toString();

Keychain

You can also manage keys with Keychain

  1. $keychain = new Keychain(__DIR__ . '/keys');

Creating keys and adding to the Key Chain

To create a private and public key pair and add this to the Keychain, you can pass an
email address, username, UUID or any other unique id.

  1. $keychain->create('jon@example.com');

You can also set an expiry date for the key

  1. $keychain->create('jon@example.com',[
  2.     'expires' => '+ 1 year'
  3. ]);

Adding

When you add a private key, the public key will be extracted and added to the same document.

To add a private or public key from a string.

  1. $keychain->add('user@example.com',(string) $privateKey);

Importing

When you add a private key, the public key will be extracted and added to the same document.

To import an existing public key or private/public key pair

  1. $keychain->import('user-1979', __DIR__ .'/privateKey');

You can also set an expiry date for the key

  1. $keychain->import('user-1979', __DIR__ .'/publicKey',[
  2.     'expires' => '+ 1 year'
  3. ]);

Get

To get a key and data

  1. $key = $keychain->get('jon@example.com');
  2. /*
  3. DocumentStore\Document Object
  4. (
  5.     [id] => 784e148db03ac07ff34ae57c29b01549
  6.     [name] => user@example.com
  7.     [privateKey] => -----BEGIN PRIVATE KEY-----
  8. MIIBVAIBADANBgkqhkiG9w0BAQEFAASCAT4wggE6AgEAAkEA0BaIweRiLW1Uunxw
  9. NrPr9GaNWtnr+FbzsY8DNf894yI4n6q47s7yTPCFmHuIDzKaYx0xdS3L2XcY3HYg
  10. ctPUNQIDAQABAkAMQ/fFrgeXc+VVpLYck1hqLI1SeJvvJHjy02I2EZh9RdDcBKi9
  11. +MOuP+TzkVL0w1QAFgB8nPGblPjUB6FMhkwVAiEA9VmWwKxlTevev7XcOUYSOabv
  12. qHeqab6aY8H1+o9+e3MCIQDZHuDTTizUW4frKhvtKiBkwAV4YdErVM9LNFC+TFTX
  13. twIhAL8o/FJGf+/EVRtdoKZnOA//Rz8lbXtSbIxJNVPxtYSNAiBhI5CA2WPzKnRY
  14. AUH3TLarfMG1x0W29j28Ls7FJQ98ZwIgH5Esr246hK1bSGO4R2Z6yFCcBfo1Sgib
  15. bjupP+8HbUs=
  16. -----END PRIVATE KEY-----
  17.     [publicKey] => -----BEGIN PUBLIC KEY-----
  18. MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANAWiMHkYi1tVLp8cDaz6/RmjVrZ6/hW
  19. 87GPAzX/PeMiOJ+quO7O8kzwhZh7iA8ymmMdMXUty9l3GNx2IHLT1DUCAwEAAQ==
  20. -----END PUBLIC KEY-----
  22.     [fingerprint] => E010 6888 BE78 1571 D35A D3CC 22C7 62D3 6025 E288
  23.     [expires] => 2050-01-01 12:00:00
  24.     [type] => key-pair
  25.     [comment] => foo
  26.     [created] => 2020-11-20 17:07:41
  27. )
  28. */

Delete

To delete a key and data

  1. $keychain->delete('jon@example.com');

List

To get a list of keys

  1. $keychain->list();

Symmetric Encryption

First you will need to generate a key that is 256 bit/32 bytes

  1. $crypto = new SymmetricEncryption();
  2. $key = $crypto->generateKey(); // 3LSpUJL4s0HNLun4T1KcheGjrVtCjaQ7

To encrypt a string

  1. $crypto = new SymmetricEncryption();
  2. $encrypted = $crypto->encrypt($text, $key);

To decrypt a string

  1. $crypto = new SymmetricEncryption();
  2. $decrypted = $crypto->decrypt($text, $key);

Hybrid Encryption

This can only decrypt data encrypted with the Hybrid Encryption class

Hybrid encryption uses both asymmetric and symmetric encryption. With hybrid encryption there is no limit on message size.

  1. $publicKey = PublicKey::load($pathToPublicKey);
  2. $privateKey = PrivateKey::load($pathToPrivateKey);
  4. $crypto = new HybridEncryption();
  6. $encrypted = $crypto->encrypt($data, $publicKey);
  7. echo $crypto->decrypt($encrypted, $privateKey);

By default encrypted/signed data is wrapped in a ENCRYPTED DATA or SIGNATURE boundary, however this can be disabled when encrypting or signing data. For example

  1. -----BEGIN ENCRYPTED DATA-----
  2. eGrjYfLFQI/gVWfpZeEA05q7Swb9gaKRalZnBZ788mGXiOhj1+f+a2RLJxDu24FE1HnFd70YcPAAdWme1Lu0yQ==
  3. -----END ENCRYPTED DATA-----

Decryption and signature verification will remove boundaries automatically if they are found present in the data.