PHP Implementation of PASERK

Overview

PASERK (PHP)

Build Status Latest Stable Version Latest Unstable Version License Downloads

Platform Agnostic SERialized Keys. Requires PHP 7.1 or newer.

PASERK Specification

The PASERK Specification can be found in this repository.

Installing

composer require paragonie/paserk

Example: Public-key Encryption

Wrapping

encode($key); // Now let's associate this PASERK with a PASETO that uses the local key: $paseto = Builder::getLocal($key, $version) ->with('test', 'readme') ->withExpiration( (new DateTime('NOW')) ->add(new DateInterval('P01D')) ) ->withFooterArray(['kid' => $sealer->id($key)]) ->toString(); var_dump($paserk, $paseto); ">

use ParagonIE\Paseto\Builder;
use ParagonIE\Paseto\Keys\SymmetricKey;
use ParagonIE\Paseto\Protocol\Version4;
use ParagonIE\Paserk\Operations\Key\SealingPublicKey;
use ParagonIE\Paserk\Types\Seal;

$version = new Version4();

// First, you need a sealing keypair.

// $sealingSecret = ParagonIE\Paserk\Operations\Key\SealingSecretKey::generate();
// $sealingPublic = $sealingSecret->getPublicKey();
// var_dump($sealingSecret->encode(), $sealingPublic->encode());

$sealingPublic = SealingPublicKey::fromEncodedString(
    "vdd1m2Eri8ggYYR5YtnmEninoiCxH1eguGNKe4pes3g",
    $version
);
$sealer = new Seal($sealingPublic);

// Generate a random one-time key, which will be encrypted with the public key:
$key = SymmetricKey::generate($version);

// Seal means "public key encryption":
$paserk = $sealer->encode($key);

// Now let's associate this PASERK with a PASETO that uses the local key:
$paseto = Builder::getLocal($key, $version)
    ->with('test', 'readme')
    ->withExpiration(
        (new DateTime('NOW'))
            ->add(new DateInterval('P01D'))
    )
    ->withFooterArray(['kid' => $sealer->id($key)])
    ->toString();

var_dump($paserk, $paseto);

Unwrapping

getPublicKey(); // Unwrap the sytmmetric key for `v4.local.` tokens. $sealer = new Seal($sealingPublic, $sealingSecret); $unwrapped = $sealer->decode($paserk); // Parse the PASETO $parsed = PasetoParser::getLocal($unwrapped, ProtocolCollection::v4()) ->parse($paseto); // Get the claims from the parsed and validated token: var_dump($parsed->getClaims()); /* array(2) { ["test"]=> string(6) "readme" ["exp"]=> string(25) "2038-01-19T03:14:08+00:00" } */ // Observe the Key ID is the same as the value stored in the footer. var_dump(Lid::encode($version, $paserk)); var_dump($parsed->getFooterArray()['kid']); /* string(51) "k4.lid.x02pbCFhqST8zwglBrGujXOKaNdFBccWlLQQ7JspiY3_" string(51) "k4.lid.x02pbCFhqST8zwglBrGujXOKaNdFBccWlLQQ7JspiY3_" */ ">

use ParagonIE\Paseto\Protocol\Version4;
use ParagonIE\Paserk\Operations\Key\SealingSecretKey;
use ParagonIE\Paserk\Types\Lid;
use ParagonIE\Paserk\Types\Seal;
use ParagonIE\Paseto\Parser as PasetoParser;
use ParagonIE\Paseto\ProtocolCollection;

$version = new Version4();

// From previous example:
$paserk = "k4.seal.F2qE4x0JfqT7JYhOB7S12SikvLaRuEpxRkgxxHfh4hVpE1JfwIDnreuhs9v5gjoBl3WTVjdIz6NkwQdqRoS2EDc3yGvdf_Da4K1xUSJ8IVTn4HQeol5ruYwjQlA_Ph4N";
$paseto = "v4.local.hYG-BfpTTM3bb-xZ-q5-w77XGayS4WA8kA5R5ZL85u3nzgrWba5NdqgIouFn71CJyGAff1eloirzz3sWRdVXnDeSIYxXDIerNkbLI5ALn24JehhSLKrv8R2-yhfo_XZF9XEASXtwrOyMNjeEAan5kqO6Dg.eyJraWQiOiJrNC5saWQueDAycGJDRmhxU1Q4endnbEJyR3VqWE9LYU5kRkJjY1dsTFFRN0pzcGlZM18ifQ";

// Keys for unsealing:
$sealingSecret = SealingSecretKey::fromEncodedString(
    "j043XiZTuGLleB0kAy8f3Tz-lEePK_ynEWPp4OyB-lS913WbYSuLyCBhhHli2eYSeKeiILEfV6C4Y0p7il6zeA",
    $version
);
$sealingPublic = $sealingSecret->getPublicKey();

// Unwrap the sytmmetric key for `v4.local.` tokens.
$sealer = new Seal($sealingPublic, $sealingSecret);
$unwrapped = $sealer->decode($paserk);

// Parse the PASETO
$parsed = PasetoParser::getLocal($unwrapped, ProtocolCollection::v4())
    ->parse($paseto);

// Get the claims from the parsed and validated token:
var_dump($parsed->getClaims());
/*
array(2) {
  ["test"]=>
  string(6) "readme"
  ["exp"]=>
  string(25) "2038-01-19T03:14:08+00:00"
}
*/

// Observe the Key ID is the same as the value stored in the footer.
var_dump(Lid::encode($version, $paserk));
var_dump($parsed->getFooterArray()['kid']);
/*
string(51) "k4.lid.x02pbCFhqST8zwglBrGujXOKaNdFBccWlLQQ7JspiY3_"
string(51) "k4.lid.x02pbCFhqST8zwglBrGujXOKaNdFBccWlLQQ7JspiY3_"
*/

PASERK Feature Coverage

You might also like...
PHP implementation for reading and writing Apache Parquet files/streams

php-parquet This is the first parquet file format reader/writer implementation in PHP, based on the Thrift sources provided by the Apache Foundation.

PHP implementation of PSON

PSON-PHP Information This library is an php implementation of PSON. This software is licensed under the MIT License. Installation You can install this

An open-source Minecraft: Java Edition server implementation, written in PHP.
An open-source Minecraft: Java Edition server implementation, written in PHP.

PHPCraft An open-source Minecraft: Java Edition server implementation, written in PHP. What is PHPCraft? PHPCraft is an open-source Minecraft: Java Ed

Php-file-iterator - FilterIterator implementation that filters files based on a list of suffixes, prefixes, and other exclusion criteria.

php-file-iterator Installation You can add this library as a local, per-project dependency to your project using Composer: composer require phpunit/ph

phly-mustache is a Mustache implementation written for PHP

phly-mustache is a Mustache implementation written for PHP. It conforms to the principles of mustache, and allows for extension of the format via pragmas.

This is a JSONPath implementation for PHP based on Stefan Goessner's JSONPath script.
This is a JSONPath implementation for PHP based on Stefan Goessner's JSONPath script.

JSONPath for PHP This is a JSONPath implementation for PHP based on Stefan Goessner's JSONPath script. JSONPath is an XPath-like expression language f

Swaggest JSON-schema implementation for PHP

Swaggest JSON-schema implementation for PHP High definition PHP structures with JSON-schema based validation. Supported schemas: JSON Schema Draft 7 J

This repository demonstrates exemplary implementation of chat using HTTP and Websocket servers in PHP using Kraken Framework components.
This repository demonstrates exemplary implementation of chat using HTTP and Websocket servers in PHP using Kraken Framework components.

This repository demonstrates exemplary implementation of chat using HTTP and Websocket servers in PHP using Kraken Framework components.

PHP implementation of Rapid Automatic Keyword Exraction algorithm (RAKE) for extracting multi-word phrases from text

PHP implementation of Rapid Automatic Keyword Exraction algorithm (RAKE) for extracting multi-word phrases from text.

Comments
  • PKEv3.php seal/unseal using pk as hex string, not binary

    PKEv3.php seal/unseal using pk as hex string, not binary

    I've been trying to implement the paserk sealing code for C++ and have noticed that the paserk-php v3 seal/unseal code is using $pk_compressed as a hex string (rather than binary). In the code from PKEv3.php (around line 171) below, shouldn't $pk_compressed = $pk_obj->toString(); be $pk_compressed = Hex::decode($pk_obj->toString());

     
            $pk_compressed = $pk_obj->toString();
    
            // Step 2:
            $Ak = hash(
                'sha384',
                PKE::DOMAIN_SEPARATION_AUTH . $header . $xk . $eph_pk_compressed . $pk_compressed,
                true
            );
    
    opened by kennt 2
  • Verify Specification Correctness

    Verify Specification Correctness

    Before we tag a first release, we should review the specification and ensure everything is implemented correctly, and then make sure the test vectors are updated too.

    opened by paragonie-security 0
  • Fix bug in v3.seal.

    Fix bug in v3.seal.

    It seems that the v3.seal implementation does not follow the spec for PKE. As a result of it, the generated authentication key and encryption key have the same value.

    opened by dajiaji 0
  • Fix bug on V2/V4 key wrapping.

    Fix bug on V2/V4 key wrapping.

    Hi @paragonie-security

    I might be wrong but there is a bug on V2/V4 key wrapping. It seems that the authentication key (ak) is not used in the encoding/decoding process of PIE.

    I’m very glad if you can check and merge it.

    Best regards.

    opened by dajiaji 0
Releases(v2.1.0)
Owner
Paragon Initiative Enterprises
Technology should support your ambitions, not hinder them. We are a team of technology consultants that specialize in application security.
Paragon Initiative Enterprises
Php-rpc-server - JSON RPC server implementation for PHP.

JSON RPC Server implementation for PHP. The json-rpc is a very simple protocol. You can see this by reading the protocol specification. This library i

null 4 Sep 28, 2022
A pure PHP implementation of the open Language Server Protocol. Provides static code analysis for PHP for any IDE.

A pure PHP implementation of the open Language Server Protocol. Provides static code analysis for PHP for any IDE.

Felix Becker 1.1k Jan 4, 2023
PHP implementation of circuit breaker pattern.

What is php-circuit-breaker A component helping you gracefully handle outages and timeouts of external services (usually remote, 3rd party services).

ArturEjsmont 169 Jul 28, 2022
Implementation of the Token Bucket algorithm in PHP.

Token Bucket This is a threadsafe implementation of the Token Bucket algorithm in PHP. You can use a token bucket to limit an usage rate for a resourc

null 477 Jan 7, 2023
A PHP implementation of the Unleash protocol aka Feature Flags in GitLab.

A PHP implementation of the Unleash protocol aka Feature Flags in GitLab. This implementation conforms to the official Unleash standards and implement

Dominik Chrástecký 2 Aug 18, 2021
An implementation of the Minecraft: Bedrock Edition protocol in PHP

BedrockProtocol An implementation of the Minecraft: Bedrock Edition protocol in PHP This library implements all of the packets in the Minecraft: Bedro

PMMP 94 Jan 6, 2023
A minimalistic implementation of Promises for PHP

libPromise A minimalistic implementation of Promises for PHP. Installation via DEVirion Install the DEVirion plugin and start your server. This will c

null 8 Sep 27, 2022
PHP's Promse implementation depends on the Swoole module.

php-promise-swoole PHP's Promse implementation depends on the Swoole module. Promise::allsettled([ /** Timer 调用 */ /** Timer call */

拓荒者 3 Mar 15, 2022
A circular buffer implementation in PHP

Circular Buffer Installation ?? This is a great place for showing how to install the package, see below: Run $ composer require lctrs/circular-buffer

null 1 Jan 11, 2022
This package contains a PHP implementation to solve 3D bin packing problems.

3D Bin Packager This package contains a PHP implementation to solve 3d bin packing problems based on gedex implementation on Go and enzoruiz implement

Farista Latuconsina 7 Nov 21, 2022