co-stack/reversible-halite

提供基于 paragonie/halite 的可逆加密函数,paragonie/halite 是一个高级安全库

维护者

详情

gitlab.com/co-stack.com/co-stack.com/php-packages/reversible-halite

主页

源码

问题

安装次数: 2,411

依赖: 0

建议者: 0

安全: 0

星标: 0

分支: 0

v1.1.0 2023-12-22 13:48 UTC

Requires

Requires (Dev)

MIT ada98847a2954dc2bfed023afaebb0f9e44fe44d

  • Oliver Eglseder <oliver.eglseder.woop@co-stack.com>

securityencryptionundoreversiblereversible queuereversible functions

This package is auto-updated.

Last update: 2024-09-22 15:26:24 UTC

README

pipeline status coverage report

什么是可逆函数?

请参见 co-stack/reversible 了解更多关于可逆函数的信息。

关于

本包是 co-stack/reversible 的扩展。它包含了一些用于加密/解密和签名/验证消息的可逆函数。本包中的所有可逆函数都是基于 paragonie/halite,一个由 libsodium 驱动的“高级加密接口”。

示例

简单的混合加密

  1. 编码并发送消息
$localPrivateKey = \ParagonIE\Halite\KeyFactory::loadEncryptionSecretKey('/path/to/local/private.key');
$foreignPublicKey = \ParagonIE\Halite\KeyFactory::loadEncryptionPublicKey('/path/to/foreign/key.pub');

$superSecretMessage = 'Foo bar baz! Beng? Baz baz. Bada boom. Multipass!';

$reversible = new \CoStack\ReversibleHalite\Operation\Encryption\AuthenticatedAsymmetricEncryption(
    $localPrivateKey->getRawKeyMaterial(),
    $foreignPublicKey->getRawKeyMaterial()
);

$encryptedMessage = $reversible->execute($superSecretMessage);

// Send the $encryptedMessage to the receiver. You can send this per HTTP or Telnet, it is securely encrypted with the
// receivers public key and authenticated by your private key.
send($encryptedMessage);
  1. 接收并解密消息
$encryptedMessage = receive();

$localPrivateKey = \ParagonIE\Halite\KeyFactory::loadEncryptionSecretKey('/path/to/foreign/private.key');
$foreignPublicKey = \ParagonIE\Halite\KeyFactory::loadEncryptionPublicKey('/path/to/local/key.pub');

$reversible = new \CoStack\ReversibleHalite\Operation\Encryption\AuthenticatedAsymmetricEncryption(
    $localPrivateKey->getRawKeyMaterial(),
    $foreignPublicKey->getRawKeyMaterial()
);

try {
    $superSecretMessage = $reversible->reverse($encryptedMessage);
} catch (\CoStack\Reversible\Exception\DecryptionFailedException $exception) {
    echo 'The message was altered or was not sent by a trusted source!';
    exit(1);
}

等待。示例中提到“混合加密”,但代码使用的是 AuthenticatedAsymmetricEncryption?是的,这是正确的。非对称加密有一些缺点,如加密信息的最大长度和非常慢的执行速度。为了绕过这些限制,halite 根据加密和解密密钥生成一个共享密钥。然后,使用共享密钥以高性能加密消息。

在管道中

co-stack/reversible 的真正力量在于其可移植性和函数的链式操作。您可以将一组函数组合成一个管道,它可以像单个可逆函数一样执行和反转。

$signingPrivateKey = \ParagonIE\Halite\KeyFactory::loadEncryptionSecretKey('/path/to/local/private.key');
$encryptionPublicKey = \ParagonIE\Halite\KeyFactory::loadEncryptionPublicKey('/path/to/foreign/key.pub');

$pipe = new \CoStack\Reversible\Applicable\ReversiblePipe();
$pipe->enqueue(new \CoStack\ReversibleHalite\Operation\Encryption\SignedAsymmetricEncryption($signingPrivateKey, $encryptionPublicKey));
$pipe->enqueue(new \CoStack\Reversible\Operation\Compression\GzipCompression());
$pipe->enqueue(new \CoStack\Reversible\Operation\Encoding\UrlEncode());

$myValue = 'foo bar baz';

$secretEncodedEncryptedSigned = $pipe->execute($myValue);

// Transfer

$decryptionPrivateKey = \ParagonIE\Halite\KeyFactory::loadEncryptionSecretKey('/path/to/foreign/private.key');
$validationPublicKey = \ParagonIE\Halite\KeyFactory::loadEncryptionPublicKey('/path/to/local/key.pub');

$pipe = new \CoStack\Reversible\Applicable\ReversiblePipe();
$pipe->enqueue(new \CoStack\ReversibleHalite\Operation\Encryption\SignedAsymmetricEncryption($decryptionPrivateKey, $validationPublicKey));
$pipe->enqueue(new \CoStack\Reversible\Operation\Compression\GzipCompression());
$pipe->enqueue(new \CoStack\Reversible\Operation\Encoding\UrlEncode());

try {
    $myOriginalValue = $pipe->reverse($secretEncodedEncryptedSigned);
} catch (\Throwable $exception) {
    echo 'The message was altered or was not sent by a trusted source!';
    exit(1);
}
$myValue === $myOriginalValue; // true