Cryptographic component from Zend Framework

Related tags

Security zend-crypt
Overview

zend-crypt

Repository abandoned 2019-12-31

This repository has moved to laminas/laminas-crypt.

Build Status Coverage Status

Zend\Crypt provides support of some cryptographic tools. Some of the available features are:

  • encrypt-then-authenticate using symmetric ciphers (the authentication step is provided using HMAC);
  • encrypt/decrypt using symmetric and public key algorithm (e.g. RSA algorithm);
  • encrypt/decrypt using hybrid mode (OpenPGP like);
  • generate digital sign using public key algorithm (e.g. RSA algorithm);
  • key exchange using the Diffie-Hellman method;
  • key derivation function (e.g. using PBKDF2 algorithm);
  • secure password hash (e.g. using Bcrypt algorithm);
  • generate Hash values;
  • generate HMAC values;

The main scope of this component is to offer an easy and secure way to protect and authenticate sensitive data in PHP.

Comments
  • Will Zend\Crypt\Password\Bcrypt be deprecated in ZF3?

    Will Zend\Crypt\Password\Bcrypt be deprecated in ZF3?

    ZF3 will move to PHP 5.5 and we have a native password_verify() and password_hash() there.

    Will Zend\Crypt\Password\Bcrypt be deprecated or even removed from ZF3? Or has Zend\Crypt\Password\Bcrypt any advantage over the native PHP implementation?

    opened by RalfEggert 8
  • GCM and CCM encryption modes for PHP 7.1

    GCM and CCM encryption modes for PHP 7.1

    This PR adds the GCM and CCM authenticated encryption mode for OpenSSL for PHP 7.1. This is a new feature of PHP 7.1 proposed in PHP RFC: OpenSSL AEAD support. Read this blog post for more information about the usage of these encryption modes in PHP. I've updated the Zend\Crypt\BlockCipher documentation for this new feature.

    Note: I opened this bug #73478 on bugs.php.net. I fixed the zend-crypt code to prevent this issue.

    enhancement 
    opened by ezimuel 7
  • Add the hybrid cryptosystem support

    Add the hybrid cryptosystem support

    This PR adds the hybrid cryptosystem support (OpenPGP like). It allows also multiple encryptions using a keyrings of public/private keys. This can be useful in multi users scenarios to encrypt data only for specific users.

    enhancement 
    opened by ezimuel 7
  • Binary data + mbstring.func_overload = boom

    Binary data + mbstring.func_overload = boom

    php -dmbstring.func_overload=7 test.php

    <?php
    var_dump(strlen("\xF0\x9D\xA5\xB3"));
    // int(1)
    

    Using strlen() and substr() for crypto can be dangerous, especially since you work with raw binary.

    enhancement 
    opened by paragonie-scott 7
  • Argon2 Support

    Argon2 Support

    Support for Argon2 is apparently coming in PHP 7.1 and will be the default in PHP 7.2. It would be ideal if we could utilize this via Zend as well.

    Not sure how multi-hashing functionality should be supported, perhaps that should be another ticket?

    opened by indolering 4
  • New OpenSSL symmetric adapter + bcrypt refactor for PHP 5.5+

    New OpenSSL symmetric adapter + bcrypt refactor for PHP 5.5+

    This PR contains the new OpenSSL symmetric adapter for zend-crypt ver. 3.0. We used this new adapter instead of Mcrypt in FileCipher and we suggested to use it in the documentation for all the other encryption needs. Mcrypt is an outdated extension and it will be deprecated) with PHP 7.1.

    Moreover, this PR contains the Zend\Crypt\Password\Bcrypt refactor using the password_hash() and password_verify() functions of PHP 5.5+.

    I updated the documentation according to these changes.

    Note: All the changes included in this PR are backward compatible. I provided some unit tests as proof.

    enhancement 
    opened by ezimuel 4
  • Please consider to deprecate MCrypt usage

    Please consider to deprecate MCrypt usage

    Zend\Crypt\Symmetric\MCrypt rely on libmcrypt and php-mcrypt/

    Libmcrypt is a dead cow, unmaintained for ~8 year, rely on such things can't be serious.

    I understand it is not easy to drop such feature, especially for applications using ZF2, but probably it could be possible to deprecate this class, to encourage user to switch to something else, and to be able to drop it later.

    enhancement question BC Break 
    opened by remicollet 4
  • Use FQFN

    Use FQFN

    This repository use many internal php function. For example in my application when I use Zend\Crypt\BlockCipher class hash_hmac function is call 10k times and take ~23ms! This change should have perfomance visible impact

    opened by snapshotpl 3
  • Minor Modes to Modes + Padding

    Minor Modes to Modes + Padding

    Should remove "ecb" as a mode and add "ctr". Also, if padding is set to a value of "0", openssl_encrypt() does PKCS7 padding internally

    opened by dbierer 3
  • Encrypt/Openssl Unset Difference

    Encrypt/Openssl Unset Difference

    Zend Framework 2.4.6-2.5.3, Zend\Filter\Encrypt\Openssl.php I believe the unset should read unset($options['compression']); , lines 90-93.

    if (array_key_exists('compression', $options)) {
        $this->setCompression($options['compression']);
        unset($options['compress']);
    }
    

    The code above I believe results in 'Undefined index: compression' later in code. Current workaround is to use ...->setCompression($string) .

    opened by m1st0 3
  • Proposal: Constant-Time Base64 Encoding/Decoding

    Proposal: Constant-Time Base64 Encoding/Decoding

    https://github.com/zendframework/zend-crypt/search?utf8=%E2%9C%93&q=base64

    The way base64_encode() and base64_decode() are implemented in php-src leads to the possibility of cache-timing attacks. We maintain a MIT licensed constant-time implementation of all the RFC 4648 encodings meant for cryptography libraries in particular.

    https://github.com/paragonie/constant_time_encoding

    opened by paragonie-scott 3
  • Add Argon2i for password hashing

    Add Argon2i for password hashing

    This PR adds an extra class for the argon2i password hash algorithm introduced with PHP7.2.

    There are some open questions with this:

    1. Do we really want to have 1 new class for each algorithm PHP addes? "Argon2id" is just around the corner...

    2. PHP's password_verify() accepts currently both Bcrypt and Argon2i hashes. So basically you could either use the Bcrypt class or the Argon2i class to verify either hashes. This makes it pretty easy to migrate users from Bcrypt to Argon2i:

    • Use the new Argon2i class as the dependency
    • old bcrypt passwords are still verified correctly
    • new password will be created with argon2i
    1. Do we need a wrapper function for password_needs_rehash() ? This would mean we need some kind of inter-class upgrade path (from class Bcrypt to Argon2i in future php-versions). Although we dont know WHY password_needs_rehash() returns false: is it because of the algorithm or the cost value(s)?

    2. This class is marked as PHP7.2+ only (it throws an exception in the constructor). Do we want to provide fallbacks of some kind for older PHP Versions?

    3. Other than the algorithm no other PHP7.2+ specific features were used in this class (e. g. scalar type hints and return types) because a syntax error is much more heavy and harder to catch than a constructor-exception (Pre 7.0). Should type hints and return types get added because its a PHP7.2+ class anyway?

    opened by MatthiasKuehneEllerhold 6
  • Test failure on arm

    Test failure on arm

    From Fedora QA https://apps.fedoraproject.org/koschei/package/php-zendframework-zend-crypt?collection=f28

    We encounter erratic test suite failure

    • Test suite fails when builder is an arm computer
    • Test suite passes everywhere else
    There were 4 failures:
    1) ZendTest\Crypt\Key\Derivation\ScryptTest::testVectorSalsa208Core
    Failed asserting that two strings are equal.
    --- Expected
    +++ Actual
    @@ @@
    -'a41f859c6608cc993b81cacb020cef05044b2181a2fd337dfd7b1c6396682f29b4393168e3c9e6bcfe6bc5b7a06d96bae424cc102c91745c24ad673dc7618f81'
    +'65926f050000000028b57eb7d8079020dea4b71fcf1a2ba072c0cab4c93fb6556e2447cb6713f9c4e77fea859a18026c175d2aaba5f484900000000065397009'
    /builddir/build/BUILD/zend-crypt-514cef5556bac069e36c2cbded40e529b86bb3f2/test/Key/Derivation/ScryptTest.php:56
    2) ZendTest\Crypt\Key\Derivation\ScryptTest::testVectorScryptBlockMix
    Failed asserting that two strings are equal.
    --- Expected
    +++ Actual
    @@ @@
    -'a41f859c6608cc993b81cacb020cef05044b2181a2fd337dfd7b1c6396682f29b4393168e3c9e6bcfe6bc5b7a06d96bae424cc102c91745c24ad673dc7618f8120edc975323881a80540f64c162dcd3c21077cfe5f8d5fe2b1a4168f953678b77d3b3d803b60e4ab920996e59b4d53b65d2a225877d5edf5842cb9f14eefe425'
    +'65926f050000000028b57eb7d8079020dea4b71fcf1a2ba072c0cab4c93fb6556e2447cb6713f9c4e77fea859a18026c175d2aaba5f4849000000000653970092a7c7e69abf6e67f2bf8f0b400000000b769a515b7db8485d347f4e2abe448101012149261772322a53e07fdc1ba1c14f0f8df09abdae6ca620f98f800000000'
    /builddir/build/BUILD/zend-crypt-514cef5556bac069e36c2cbded40e529b86bb3f2/test/Key/Derivation/ScryptTest.php:90
    3) ZendTest\Crypt\Key\Derivation\ScryptTest::testVectorScryptROMix
    Failed asserting that two strings are equal.
    --- Expected
    +++ Actual
    @@ @@
    -'79ccc193629debca047f0b70604bf6b62ce3dd4a9626e355fafc6198e6ea2b46d58413673b99b029d665c357601fb426a0b2f4bba200ee9f0a43d19b571a9c71ef1142e65d5a266fddca832ce59faa7cac0b9cf1be2bffca300d01ee387619c4ae12fd4438f203a0e4e1c47ec314861f4e9087cb33396a6873e8f9d2539a4b8e'
    +'226231f300000000c5eefc3d0000000038da7f66d108c506ee48cef300000000e8b3ef4ffcf1b396d308bfe0c90c825800000000073b2afc3cf1324600000000f73554500000000099e71816a8457c49a8e6ce14a6af6b0e88636ac921c78dbe8b3ddc7f1e0c19bf8b30e6b0436369ec867beb125b63f26059db393c297e83f3'
    /builddir/build/BUILD/zend-crypt-514cef5556bac069e36c2cbded40e529b86bb3f2/test/Key/Derivation/ScryptTest.php:124
    4) ZendTest\Crypt\Key\Derivation\ScryptTest::testVectorScrypt
    Failed asserting that two strings are equal.
    --- Expected
    +++ Actual
    @@ @@
    -'d33c6ec1818daaf728f55afadfeaa558b38efa81305b3521a7f12f4be097e84d184092d2a2e93bf71fd1efe052710f66b956ce45da43aa9099de7406d3a05e2a'
    +'caf1c85d0594b50d3ad3b16de5fcda6e5b814fa32bf16bdbd5b43e60af6b227f8496a2a619338c13a996a24d0d8e6bb014e499ba00823121524939f66b4f1c35'
    /builddir/build/BUILD/zend-crypt-514cef5556bac069e36c2cbded40e529b86bb3f2/test/Key/Derivation/ScryptTest.php:142
    

    P.S. arm is quite common on low cost devices (ex: raspberry pi)

    opened by remicollet 2
  • Consider libsodium / sodium_compat for modern public-key crypto

    Consider libsodium / sodium_compat for modern public-key crypto

    https://github.com/paragonie/sodium_compat#cryptography-primitives-provided

    Zend\Crypt users interested in modern ECC may want to see sodium_compat adopted in the near future. In particular, public-key encryption via ParagonIE_Sodium_Compat::crypto_box_seal() and digital signatures via ParagonIE_Sodium_Compat::crypto_sign_detached().

    I would, however, wait until sodium_compat has been audited first: https://github.com/paragonie/sodium_compat/issues/8

    opened by paragonie-scott 2
Releases(release-3.3.1)
  • release-3.3.1(May 14, 2019)

  • release-3.3.0(Apr 24, 2018)

    Added

    • #52 adds support for PHP 7.2.

    Changed

    • #55 updates Zend\Crypt\Hmac to use hash_hmac_algos instead of hmac_algos when it is present.

    • #50 updates all classes to import functions and constants they use.

    Deprecated

    • Nothing.

    Removed

    • Nothing.

    Fixed

    • Nothing.
    Source code(tar.gz)
    Source code(zip)
  • release-3.2.1(Jul 17, 2017)

  • release-3.2.0(Dec 6, 2016)

  • release-3.1.0(Aug 11, 2016)

    Added

    • #32 adds a new Hybrid encryption utility, to allow OpenPGP-like encryption/decryption of messages using OpenSSL. See the documentation for details.

    Deprecated

    • Nothing.

    Removed

    • Nothing.

    Fixed

    • Nothing.
    Source code(tar.gz)
    Source code(zip)
  • release-3.0.0(Jun 21, 2016)

    Added

    • #22 adds a requirement on ext/mbstring in order to install successfully.
    • #25 adds a new symmetric encryption adapter for the OpenSSL extension; this is now the default adapter used internally by the component when symmetric encryption is required.
    • #25 adds support for zend-math v3.
    • #26 adds Zend\Crypt\Password\Bcrypt::benchmarkCost(), which allows you to find the maximum cost value possible for your hardware within a 50ms timeframe.
    • #11 adds a new option to the Zend\Crypt\PublicKey\RsaOptions class, openssl_padding (or setOpensslPadding(); this is now consumed in Zend\Crypt\PublicKey\Rsa::encrypt() and Zend\Crypt\PublicKey\Rsa::decrypt(), instead of the optional $padding argument.

    Deprecated

    • #25 deprecates usage of the mcrypt symmetric encryption adapter when used on PHP 7 versions, as PHP 7.1 will deprecate the mcrypt extension.

    Removed

    • #11 removes the optional $padding argument from each of Zend\Crypt\PublicKey\Rsa's encrypt() and decrypt() methods; you can now specify the value via the RsaOptions.
    • #25 removes support for zend-math v2 versions.
    • #29 removes support for PHP 5.5.

    Fixed

    • #22 updates all occurrences of substr() and strlen() to use mb_substr() and mb_strlen(), respectively. This provides better security with binary values.
    • #25 updates the Zend\Crypt\Password\Bcrypt implementation to use password_hash() and password_verify() internally, as they are supported in all PHP versions we support.
    • #19 fixes the DiffieHellman publickey implementation to initialize the BigInteger adapter from zend-math as the first operation of its constructor, fixing a fatal error that occurs when binary data is provided.
    Source code(tar.gz)
    Source code(zip)
  • release-2.6.0(Feb 3, 2016)

    Added

    • #18 adds documentation, and publishes it to https://zendframework.github.io/zend-crypt/

    Deprecated

    • Nothing.

    Removed

    • Removes the (development) dependency on zend-config; tests that used it previously have been updated to use ArrayObject, which implements the same behavior being tested.

    Fixed

    • #4 replaces the zend-servicemanager with container-interop, and refactors the various plugin managers to implement that interface instead of extending the AbstractPluginManager.
    Source code(tar.gz)
    Source code(zip)
Owner
Zend Framework
Zend Framework
Pretty Good Privacy (PGP) is an encryption program that provides cryptographic privacy and authentication for data communication.

Pretty Good Privacy (PGP) is an encryption program that provides cryptographic privacy and authentication for data communication. PGP is used for signing, encrypting, and decrypting texts, e-mails, files, directories, and whole disk partitions and to increase the security of e-mail communications. Phil Zimmermann developed PGP in 1991.

[sCRiPTz-TEAM] 3 Dec 31, 2021
This repository contains the sources of OXID eShop Community Edition Core Component.

OXID eShop This repository contains the sources of OXID eShop Community Edition Core Component. About OXID eShop: OXID eShop is a flexible open source

OXID eSales AG 209 Dec 14, 2022
Security Component - Guard

The Guard component brings many layers of authentication together, making it much easier to create complex authentication systems where you have total control.

Symfony 1.4k Jan 5, 2023
Security CSRF (cross-site request forgery) component provides a class CsrfTokenManager for generating and validating CSRF tokens.

Security Component - CSRF The Security CSRF (cross-site request forgery) component provides a class CsrfTokenManager for generating and validating CSR

Symfony 1.5k Jan 3, 2023
The Security component provides a complete security system for your web application.

Security Component The Security component provides a complete security system for your web application. It ships with facilities for authenticating us

Symfony 1.2k Jan 1, 2023
CORS Middleware for Lumen micro-framework

Lumen-CORS Cross-origin resource sharing (CORS) Middleware for Lumen micro-framework. Installation After you install lumen as per lumen docs, install

Palani Kumanan 101 Nov 21, 2022
A Simple Cross Origin Resource Sharing for Lumen Framework (5.*).

Lumen Cors Package A Simple Cross Origin Resource Sharing for Lumen Framework. Note: That should works fine on Laravel Framework too, but the tests ar

Vagner Luz do Carmo 46 Jul 27, 2022
Zend\Text is a component to work on text strings from Zend Framework

zend-text Repository abandoned 2019-12-31 This repository has moved to laminas/laminas-text. Zend\Text is a component to work on text strings. It cont

Zend Framework 31 Jan 24, 2021
Easy to use cryptographic framework for data protection: secure messaging with forward secrecy and secure data storage. Has unified APIs across 14 platforms.

Themis provides strong, usable cryptography for busy people General purpose cryptographic library for storage and messaging for iOS (Swift, Obj-C), An

Cossack Labs 1.6k Jan 6, 2023
Pretty Good Privacy (PGP) is an encryption program that provides cryptographic privacy and authentication for data communication.

Pretty Good Privacy (PGP) is an encryption program that provides cryptographic privacy and authentication for data communication. PGP is used for signing, encrypting, and decrypting texts, e-mails, files, directories, and whole disk partitions and to increase the security of e-mail communications. Phil Zimmermann developed PGP in 1991.

[sCRiPTz-TEAM] 3 Dec 31, 2021
Authentication component from Zend Framework

zend-authentication Repository abandoned 2019-12-31 This repository has moved to laminas/laminas-authentication. The Zend\Authentication component pro

Zend Framework 43 Jun 13, 2021
Serializer component from Zend Framework

zend-serializer Repository abandoned 2019-12-31 This repository has moved to laminas/laminas-serializer. zend-serializer provides an adapter-based int

Zend Framework 45 Jan 13, 2022
ServiceManager component from Zend Framework

zend-servicemanager Repository abandoned 2019-12-31 This repository has moved to laminas/laminas-servicemanager. Master: Develop: The Service Locator

Zend Framework 192 Nov 21, 2022
Console component from Zend Framework

zend-console Repository abandoned 2019-12-31 This repository has moved to laminas/laminas-console. Zend\Console is a component to design and implement

Zend Framework 47 Mar 16, 2021
Db component from Zend Framework

zend-db Repository abandoned 2019-12-31 This repository has moved to laminas/laminas-db. Zend\Db is a component that abstract the access to a Database

Zend Framework 98 Sep 5, 2022
Debug component from Zend Framework

zend-debug Zend\Debug is a component that help the debugging of PHP applications. In particular it offers a static method Zend\Debug\Debug::dump() tha

Zend Framework 12 Jan 29, 2020
Navigation component from Zend Framework

zend-navigation Repository abandoned 2019-12-31 This repository has moved to laminas/laminas-navigation. Zend\Navigation is a component for managing t

Zend Framework 19 Jun 30, 2021
Json component from Zend Framework

zend-json Repository abandoned 2019-12-31 This repository has moved to laminas/laminas-json. Zend\Json provides convenience methods for serializing na

Zend Framework 102 Nov 17, 2022
A panel created based on the Zend Framework MVC framework

?? Painel MyZap2.0 Com ZendFramework 3 Descrição Esse é um painel criado como estudo pessoal do framework (Zend Framework MVC) não foi criado para fin

Jonathan Henrique 9 Jun 10, 2022