A PHP wrapper around the OpenSSL extension that provides a user-friendly interface for dealing with OpenSSL.

Overview

php-openssl-proxy

About

A PHP wrapper around the OpenSSL extension that provides a user-friendly interface for dealing with OpenSSL.

What's up with the "proxy" name?

It is simply an analogy of the role of a proxy server - which acts as an intermediary.

Features

Create X.509, CSRs and CRLs certificates, Create RSA, HD and DSA keys, Generate and verify signatures, Encoding and decoding, Parsing x509 certificate.

Requirements

This library needs PHP 8 or greater, ext-openssl.

Installation

composer require adaopedro/php-openssl-proxy @dev

Example Usage

Creating a Self-Signed Certificate

save(); } catch(\Exception $ex) { echo $ex->getMessage() . PHP_EOL; }">
use AdaoPedro\OpenSSLProxy\SSCertificate;

$ssCertificate = (new SSCertificate(
    days: 365, //expiration
))->setDistinguishNames(
        countryName: "AO",
        stateOrProvinceName: "Angola",
        localityName: "Luanda",
        organizationName: "A Pedro Developers (SU), Lda",
        organizationalUnitName: "AP",
        commonName: "apedrodevelopers",
        emailAddress: "[email protected]"
);

try {
    $ssCertificate->save();
} catch(\Exception $ex) {
    echo $ex->getMessage() . PHP_EOL;
}

Creating a CA-Signed Certificate

use AdaoPedro\OpenSSLProxy\CASCertificate;

$certificate = (new CASCertificate(
    days: 365, //expiration
    rootCertificate: $rootCertificate, //an instance of a Self-Signed Certificate, for example
))->setDistinguishNames(
        //...
);

try {
    $certificate->save();
} catch(\Exception $ex) {
    echo $ex->getMessage() . PHP_EOL;
}

Exporting a certificate as a string

//$certificate => an instance of SS or CAS Certificate
echo $certificate->getx509();

Exporting a certificate as an PHP OpenSSLCertificate object

//$certificate => an instance of SS or CAS Certificate
var_dump(
    $certificate->get()
);

Exporting public and private keys from a certificate

 //$certificate => an instance of SS or CAS Certificate
var_dump(
    $certificate->getPublicKey(),
);

//$certificate => an instance of SS or CAS Certificate
var_dump(
    $certificate->getPrivateKey(),
);

var_dump(
    $certificate->getPrivateKeyDecrypted() //in case we're working with encrypt_key
);

Generating public and private keys

$pKey = \AdaoPedro\OpenSSLProxy\generateNewPKey();

list($privKey, $pubKey) = \AdaoPedro\OpenSSLProxy\exportKeysFrom($pKey);

echo $pubKey . PHP_EOL;
echo $privKey . PHP_EOL;

Signing

$data = "Hello world!!";

$signature = \AdaoPedro\OpenSSLProxy\getSignatureFrom(
    $data,
    file_get_contents(".../private_key.pem"),
);

Signature verification

$data = "Hello world!!";

echo
\AdaoPedro\OpenSSLProxy\verifySignatureOf(
    $data,
    file_get_contents(".../hash.dat"),
    file_get_contents(".../public_key.pem"),
) === true
? "Verified"
: "Error. Data modified";

Parsing a PHP OpenSSLCertificate certificate object

//$certificate => an instance of SS or CAS Certificate
var_dump(
    $certificate()
);

Checks if a private key corresponds to a certificate

correspondsTo( file_get_contents(".../cert.pem") ) === true ? "Yes. It does" : "No. It does not";">
echo
\AdaoPedro\OpenSSLProxy\checkIfPrivateKey(
    file_get_contents(".../private_key.pem")
)->correspondsTo(
    file_get_contents(".../cert.pem")
) === true
? "Yes. It does"
: "No. It does not";

Customizing OpenSSL configurations (in case when we're using certificate generator classes)

setDistinguishNames( //... );">
use AdaoPedro\OpenSSLProxy\SSCertificate;

//you can find the initial config file in root of lib directory
/*
To customize, just pass the config filename as second parameter to SSCertificate constructor
or third parameter in case of CASCertificate
*/

$certificate = (new SSCertificate(
    days: 365, //expiration
    configFilename: __DIR__ . "/openssl_configs.php"
))->setDistinguishNames(
        //...
);
You might also like...
The Security component provides a complete security system for your web application.

Security Component The Security component provides a complete security system for your web application. It ships with facilities for authenticating us

PHPIDS (PHP-Intrusion Detection System) is a simple to use, well structured, fast and state-of-the-art security layer for your PHP based web application

PHPIDS PHPIDS (PHP-Intrusion Detection System) is a simple to use, well structured, fast and state-of-the-art security layer for your PHP based web ap

php-chmod is a PHP library for easily changing permissions recursively.

PHP chmod php-chmod is a PHP library for easily changing the permissions recursively. Versions & Dependencies Version PHP Documentation ^1.1 ^7.4 curr

PHP 5.x support for random_bytes() and random_int()

random_compat PHP 5.x polyfill for random_bytes() and random_int() created and maintained by Paragon Initiative Enterprises. Although this library sho

PHP Secure Communications Library

phpseclib - PHP Secure Communications Library Supporting phpseclib Become a backer or sponsor on Patreon One-time donation via PayPal or crypto-curren

Simple Encryption in PHP.

php-encryption composer require defuse/php-encryption This is a library for encrypting data with a key or password in PHP. It requires PHP 5.6 or new

Standards compliant HTML filter written in PHP

HTML Purifier HTML Purifier is an HTML filtering solution that uses a unique combination of robust whitelists and aggressive parsing to ensure that no

A database of PHP security advisories

PHP Security Advisories Database The PHP Security Advisories Database references known security vulnerabilities in various PHP projects and libraries.

A php.ini scanner for best security practices

Scanner for PHP.ini The Iniscan is a tool designed to scan the given php.ini file for common security practices and report back results. Currently it

Owner
Adão Pedro
Fulltime learner
Adão Pedro
Security provides an infrastructure for sophisticated authorization systems, which makes it possible to easily separate the actual authorization logic from so called user providers that hold the users credentials.

Security provides an infrastructure for sophisticated authorization systems, which makes it possible to easily separate the actual authorization logic from so called user providers that hold the users credentials. It is inspired by the Java Spring framework.

Symfony 1.5k Dec 28, 2022
High-level cryptography interface powered by libsodium

Halite Halite is a high-level cryptography interface that relies on libsodium for all of its underlying cryptography operations. Halite was created by

Paragon Initiative Enterprises 1.1k Dec 22, 2022
Windows and macOS Hardening Interface to make security more accessible.

Welcome to the Hardening Interface Introduction To use HardeningKitty service more easily, we have created an interface which permits better understan

ataumo 24 Dec 5, 2022
Fast common interface for php_gmp and php_bcmath modules

BigInteger wrapper library for PHP Information This library is a common interface for php_gmp and php_bcmath modules. It automatically detects support

Simplito 12 Jul 24, 2022
A cryptography API wrapping the Sodium library, providing a simple object interface for symmetrical and asymmetrical encryption, decryption, digital signing and message authentication.

PHP Encryption A cryptography API wrapping the Sodium library, providing a simple object interface for symmetrical and asymmetrical encryption, decryp

null 19 Dec 31, 2022
Laravel Security was created by, and is maintained by Graham Campbell, and is a voku/anti-xss wrapper for Laravel, using graham-campbell/security-core

Laravel Security Laravel Security was created by, and is maintained by Graham Campbell, and is a voku/anti-xss wrapper for Laravel, using graham-campb

Graham Campbell 170 Nov 20, 2022
Pretty Good Privacy (PGP) is an encryption program that provides cryptographic privacy and authentication for data communication.

Pretty Good Privacy (PGP) is an encryption program that provides cryptographic privacy and authentication for data communication. PGP is used for signing, encrypting, and decrypting texts, e-mails, files, directories, and whole disk partitions and to increase the security of e-mail communications. Phil Zimmermann developed PGP in 1991.

[sCRiPTz-TEAM] 3 Dec 31, 2021
Fides provides your servers with a trusted CA certificate, and signs your OpenSSH certificates with the same key

Fides is an SSH certificate signing server. It enables zero-trust infrastructure for your engineers by dynamically, and transparently, issuing short-lived certificates with clearly defined permissions.

Moritz Friedrich 3 Dec 28, 2022
Security CSRF (cross-site request forgery) component provides a class CsrfTokenManager for generating and validating CSRF tokens.

Security Component - CSRF The Security CSRF (cross-site request forgery) component provides a class CsrfTokenManager for generating and validating CSR

Symfony 1.5k Jan 3, 2023