通过 
搜索
搜索paragonie / paserk
PASERK (Platform Agnostic SERialized Keys) 的 PHP 实现,是 PASETO 的扩展。
v2.3.0
2024-04-28 09:59 UTC
Requires
- php: ^8.1
- ext-gmp: *
- ext-json: *
- ext-openssl: *
- paragonie/easy-ecc: ^1.1
- paragonie/hidden-string: ^1|^2
- paragonie/paseto: ^3.1
Requires (Dev)
- phpunit/phpunit: ^9
- vimeo/psalm: ^4
README
平台无关的序列化密钥。 需要 PHP 7.1 或更高版本。
PASERK 规范
PASERK 规范可以在 此存储库 中找到。
安装
composer require paragonie/paserk
PASERK 库版本
- PASERK PHP 版本 2
- 需要 PHP 8.1+
- PASETO 版本:
v3、v4- 这意味着只实现了相应的
k3和k4模式。
- 这意味着只实现了相应的
- PASERK PHP 版本 1
- 需要 PHP 7.1+
- PASETO 版本:
v1、v2、v3、v4- 这提供了一个对 PASERK 规范的稳定参考实现。
文档
有关文档,请参阅 此目录。
示例:公钥加密
包装
<?php use ParagonIE\Paseto\Builder; use ParagonIE\Paseto\Keys\SymmetricKey; use ParagonIE\Paseto\Protocol\Version4; use ParagonIE\Paserk\Operations\Key\SealingPublicKey; use ParagonIE\Paserk\Types\Seal; $version = new Version4(); // First, you need a sealing keypair. // $sealingSecret = ParagonIE\Paserk\Operations\Key\SealingSecretKey::generate(); // $sealingPublic = $sealingSecret->getPublicKey(); // var_dump($sealingSecret->encode(), $sealingPublic->encode()); $sealingPublic = SealingPublicKey::fromEncodedString( "vdd1m2Eri8ggYYR5YtnmEninoiCxH1eguGNKe4pes3g", $version ); $sealer = new Seal($sealingPublic); // Generate a random one-time key, which will be encrypted with the public key: $key = SymmetricKey::generate($version); // Seal means "public key encryption": $paserk = $sealer->encode($key); // Now let's associate this PASERK with a PASETO that uses the local key: $paseto = Builder::getLocal($key, $version) ->with('test', 'readme') ->withExpiration( (new DateTime('NOW')) ->add(new DateInterval('P01D')) ) ->withFooterArray(['kid' => $sealer->id($key)]) ->toString(); var_dump($paserk, $paseto);
解包
<?php use ParagonIE\Paseto\Protocol\Version4; use ParagonIE\Paserk\Operations\Key\SealingSecretKey; use ParagonIE\Paserk\Types\Lid; use ParagonIE\Paserk\Types\Seal; use ParagonIE\Paseto\Parser as PasetoParser; use ParagonIE\Paseto\ProtocolCollection; $version = new Version4(); // From previous example: $paserk = "k4.seal.F2qE4x0JfqT7JYhOB7S12SikvLaRuEpxRkgxxHfh4hVpE1JfwIDnreuhs9v5gjoBl3WTVjdIz6NkwQdqRoS2EDc3yGvdf_Da4K1xUSJ8IVTn4HQeol5ruYwjQlA_Ph4N"; $paseto = "v4.local.hYG-BfpTTM3bb-xZ-q5-w77XGayS4WA8kA5R5ZL85u3nzgrWba5NdqgIouFn71CJyGAff1eloirzz3sWRdVXnDeSIYxXDIerNkbLI5ALn24JehhSLKrv8R2-yhfo_XZF9XEASXtwrOyMNjeEAan5kqO6Dg.eyJraWQiOiJrNC5saWQueDAycGJDRmhxU1Q4endnbEJyR3VqWE9LYU5kRkJjY1dsTFFRN0pzcGlZM18ifQ"; // Keys for unsealing: $sealingSecret = SealingSecretKey::fromEncodedString( "j043XiZTuGLleB0kAy8f3Tz-lEePK_ynEWPp4OyB-lS913WbYSuLyCBhhHli2eYSeKeiILEfV6C4Y0p7il6zeA", $version ); $sealingPublic = $sealingSecret->getPublicKey(); // Unwrap the sytmmetric key for `v4.local.` tokens. $sealer = new Seal($sealingPublic, $sealingSecret); $unwrapped = $sealer->decode($paserk); // Parse the PASETO $parsed = PasetoParser::getLocal($unwrapped, ProtocolCollection::v4()) ->parse($paseto); // Get the claims from the parsed and validated token: var_dump($parsed->getClaims()); /* array(2) { ["test"]=> string(6) "readme" ["exp"]=> string(25) "2038-01-19T03:14:08+00:00" } */ // Observe the Key ID is the same as the value stored in the footer. var_dump(Lid::encode($version, $paserk)); var_dump($parsed->getFooterArray()['kid']); /* string(51) "k4.lid.x02pbCFhqST8zwglBrGujXOKaNdFBccWlLQQ7JspiY3_" string(51) "k4.lid.x02pbCFhqST8zwglBrGujXOKaNdFBccWlLQQ7JspiY3_" */