PHP Secure Communications Library

Overview

phpseclib - PHP Secure Communications Library

Build Status

Supporting phpseclib

Introduction

MIT-licensed pure-PHP implementations of the following:

SSH-2, SFTP, X.509, an arbitrary-precision integer arithmetic library, Ed25519 / Ed449 / Curve25519 / Curve449, ECDSA / ECDH (with support for 66 curves), RSA (PKCS#1 v2.2 compliant), DSA / DH, DES / 3DES / RC4 / Rijndael / AES / Blowfish / Twofish / Salsa20 / ChaCha20, GCM / Poly1305

Documentation

Branches

master

  • Development Branch
  • Unstable API
  • Do not use in production

3.0

  • Long term support (LTS) release
  • Major expansion of cryptographic primitives
  • Minimum PHP version: 5.6.1
  • PSR-4 autoloading with namespace rooted at \phpseclib3
  • Install via Composer: composer require phpseclib/phpseclib:~3.0

2.0

  • Long term support (LTS) release
  • Modernized version of 1.0
  • Minimum PHP version: 5.3.3
  • PSR-4 autoloading with namespace rooted at \phpseclib
  • Install via Composer: composer require phpseclib/phpseclib:~2.0

1.0

Security contact information

To report a security vulnerability, please use the Tidelift security contact. Tidelift will coordinate the fix and disclosure.

Support

Need Support?

Contributing

  1. Fork the Project

  2. Ensure you have Composer installed (see Composer Download Instructions)

  3. Install Development Dependencies

    composer install
  4. Create a Feature Branch

  5. (Recommended) Run the Test Suite

    vendor/bin/phpunit
  6. (Recommended) Check whether your code conforms to our Coding Standards by running

    vendor/bin/phing -f build/build.xml sniff
  7. Send us a Pull Request

Comments
  • Moving to proper release management / Releasing the php5 branch

    Moving to proper release management / Releasing the php5 branch

    • We should define a feature set for the php5 branch (e.g. PSR4 autoloading and removing all the old PHP4 stuff or whatnot) and then just release it.
    • Releasing it involves assigning a version number. I think semantic versioning should be followed. I am fine with starting at 1.0.0, then what currently is master can stay as 0.x.y. The alternative is to make master 1.0.0 and release php5 as 2.0.0.
    • We should define how long the released version will be supported with bugfixes etc. pp.
    • New developments should happen in different branches, etc. pp. The php5 branch has to go.
    meta 
    opened by bantu 71
  • Want minimal sftp function

    Want minimal sftp function

    While I appreciate the great range of algorithms implemented in phpseclib, I would like to find a short function that does an sftp file upload only, given account name, password, and the private key and certificate file pathnames. So far, web searching has not produced anything. Any ideas?

    opened by David263 42
  • PHP 5.3 Namespaces, PSR-4 Autoloading, Class-based Constants

    PHP 5.3 Namespaces, PSR-4 Autoloading, Class-based Constants

    Ok this is a brand new PR that is a rollup of all the changes requested from #247. This PR includes the following:

    • Proper PHP 5.3 namespaces using phpseclib as the root namespace
    • PSR-4 auto-loading support
    • Converted all global constants to class based constants
    • Updated all inline documentation to reflect namespaces

    (I removed all of the visibility declarations from the original PR)

    Feedback is welcomed and appreciated. Unit tests still need to be updated, and I have only tested the SFTP and SSH2 functions in very limited use cases, so there may be new bugs introduced that I have not seen. Please let me know if you find any and I can make any necessary tweaks.

    opened by cnelissen 40
  • Connection closed prematurely

    Connection closed prematurely

    Using: PHP 7.3.21 phpseclib 2.0.29

    I'm trying to run a very long running command (like 1 hour or more) with this function, as this function runs more than ClientAliveInterval * ClientAliveCountMax ~ 10 mins (default) I get error Connection closed prematurely.

    I switched to this library from php ssh2 extension, back there I had no problem with this.

    https://www.php.net/manual/en/function.ssh2-exec.php

    Is there any command or setting to send server that we are still alive as client?

    Thanks in advance.

    function runSSHCommandWithCallback($ip, $port, $username, $password, $cmd, callable $callback, $timeout = 10800){
        $connection = new SSH2($ip, $port);
        if (!$connection->login($username, $password)) {
            throw new SSHException("SSH Authentication failed");
        }
        $connection->enableQuietMode();
        $connection->setTimeout($timeout);
        $output = $connection->exec($cmd, function($output) use ($callback) {
            $error = $connection->getStdError();
            if(!empty($error)){
                throw new SSHErrorException($error);
            }
            if (is_callable($callback)) {
                $callback($output);
            }
        });
        $error = $connection->getStdError();
        if(!empty($error)){
            throw new SSHErrorException($error);
        }
    }
    
    opened by matiniamirhossein 37
  • Specification RSA OAEP

    Specification RSA OAEP

    I just ask some basic question because i dont know about RSA too much.

    1. are public key and private key always random every i'm refresh the code ? if so how length the public key and private key is ?

    sorry may this sounds ridiculous for you. Your answer will help me in the future. thank you

    support 
    opened by 69slimm 32
  • Issue uploading large file with SFTP->put()

    Issue uploading large file with SFTP->put()

    I have issues uploading a rather large file (426.4MB) via using the put() method. I'm running the script from the command line. Close to the end (about 10MB short), the script hangs and the file stops uploading. I can look on the destination server and see that the file isn't growing any longer. The PHP script never finishes. This is the command I'm using:

    $sftp->put( $file_host, $local_file, NET_SFTP_LOCAL_FILE );
    

    If I set this constant after loading the class

    define('NET_SFTP_LOGGING', NET_SFTP_LOG_COMPLEX);
    

    then it returns the following error.

    PHP Fatal error:  Allowed memory size of 268435456 bytes exhausted (tried to allocate 4125 bytes) in /path/to/phpseclib/Net/SSH2.php on line 3148
    

    Originally, I had the memory limit at 128MB (in my php.ini) and then changed it to 256MB, and the file still quits at almost exactly the same place. So it seems that increasing the memory limit doesn't solve the problem.

    Increasing to the 512MB removes the error, but the script still hangs and the file upload stalls out at the same place.

    It's worth noting that the file uploads don't stall at exactly the same place every time. Trying it a handful of times, left me with these various sizes in bytes:

    • 418347888
    • 418331620
    • 416204579
    • 417815111
    • 418469898
    • 417575158
    • 415867018

    The actual size of the file is: 426429440 bytes.

    Surely, something's not right here... it shouldn't need that much memory to transfer the file, should it?

    How do I get better log messages? I haven't been able to figure out how to turn that on in phpseclib?

    bug support 
    opened by sjparsons 30
  • Using File_ASN1, questions regarding ASN1 definitions

    Using File_ASN1, questions regarding ASN1 definitions

    I'm trying my hand at using the File_ASN1 code (and hopefully also the Crypt_RSA etc code) to build a pure PHP Kerberos implementation, because the existing PECL library is a bit finicky and doesn't currently build on newer PHP than 5.3.

    Kerberos uses ASN1 encoding of the data in it's packets, so I'm trying to model a Krb5_Message class off of File_X509 using File_ASN1 for ASN handling. Most of the ASN definitions I was able to figure out (at least I think so!) converting to code phpseclib style:

    PrincipalName ::= SEQUENCE {         name-type [0] Int32,         name-string [1] SEQUENCE OF KerberosString }

            $this->PrincipalName = array(
                'type' => FILE_ASN1_TYPE_SEQUENCE,
                'children' => array(
                    'name-type' => $this->Int32,
                    'name-string' => array(
                        'type' => FILE_ASN1_TYPE_SEQUENCE,
                        'children' => $this->KerberosString,
                    ),
                ),
            );
    

    However there's a few I don't know how or if they can be done currently:

    For starters, PA-DATA oddly starts at sequence 0, not 1. How can I indicate this in the array definition?

    PA-DATA ::= SEQUENCE {         -- NOTE: first tag is [1], not [0]         padata-type [1] Int32,         padata-value [2] OCTET STRING -- might be encoded AP-REQ }

    Secondly, I'm not sure how to map APPLICATION ...

    AS-REQ ::= [APPLICATION 10] KDC-REQ

    Third, there's some things marked OPTIONAL

    KDC-REQ ::= SEQUENCE {         -- NOTE: first tag is [1], not [0]         pvno [1] INTEGER (5) ,         msg-type [2] INTEGER (10 -- AS -- | 12 -- TGS --),         padata [3] SEQUENCE OF PA-DATA OPTIONAL             -- NOTE: not empty --,         req-body [4] KDC-REQ-BODY }

    Assuming these things can be handled by File_ASN1, can you tell me how to do so ? If it can't be and implementing them is non-trivial, then I'll look for another ASN "compiler" package for PHP.

    support 
    opened by jonathanvaughn 29
  • sftp/ssh2 errors

    sftp/ssh2 errors

    There seems to be some type of bug maintaining connections (I'm using the SFTP portion, but the errors are coming from the SSH2 class) downloading multiple files via SFTP class. After grabbing a fresh copy of phpseclib I'm seeing these errors after a couple files download successfully:

    PHP Notice: fputs(): send of 36 bytes failed with errno=32 Broken pipe in /redacted/vendor/phpseclib/phpseclib/phpseclib/Net/SSH2.php on line 2847

    Notice: fputs(): send of 36 bytes failed with errno=32 Broken pipe in /redacted/vendor/phpseclib/phpseclib/phpseclib/Net/SSH2.php on line 2847 updating file log... Error downloading file! PHP Notice: Connection closed prematurely in /redacted/vendor/phpseclib/phpseclib/phpseclib/Net/SSH2.php on line 2815

    Notice: Connection closed prematurely in /redacted/vendor/phpseclib/phpseclib/phpseclib/Net/SSH2.php on line 2815

    Here's the version info on what I'm using: commit bf6da217c19514506060d98797a53dc1a78c807e Merge: 8c9e7a8 78f9fad Author: terrafrost [email protected] Date: Mon Jul 22 23:53:45 2013 -0500

    Merge branch 'master' of https://github.com/phpseclib/phpseclib
    

    I replaced this version of phpseclib with a previous one, and everything is back to functioning as expected. Here's the info on that version in case it helps: commit b2262f731dbd2aee68bcbe95593d374b8aee76a5 Merge: 33e415c af3f275 Author: terrafrost [email protected] Date: Tue May 14 11:02:45 2013 -0500

    Merge branch 'master' of https://github.com/phpseclib/phpseclib
    
    opened by epoplive 28
  • Issue retrieving a file using sftp, strange NET_SSH2_MSG_CHANNEL_DATA packet

    Issue retrieving a file using sftp, strange NET_SSH2_MSG_CHANNEL_DATA packet

    I've a reproducible issue, when retrieving a large file from a Go Anywhere sftp server, I suddenly stop receiving file data and start receiving these packets, any idea what they are?

    I'm using 2.0.23 Last good data packet (seems to stop short as the previous ones have all been 16k in size)

    <- NET_SSH2_MSG_CHANNEL_DATA (since last: 0.6684, network: 0s)
    00000000  00:00:01:00:00:00:00:1f:32:2e:31:30:2c:20:20:20  ........2.10,
    00000010  20:20:20:20:20:20:20:20:20:20:2e:30:30:2c:20:20            .00,
    00000020  20:20:20:20:20:20:20
    

    Followed by numerous of the following:-

    -> NET_SSH2_MSG_CHANNEL_DATA (since last: 0.0003, network: 0s)
    00000000  00:00:00:00:00:00:00:3d:00:00:00:39:05:00:00:00  .......=...9....
    00000010  00:00:00:00:24:62:37:37:36:38:61:37:39:2d:61:39  ....$b7768a79-a9
    00000020  34:63:2d:34:61:36:32:2d:62:36:39:63:2d:33:65:63  4c-4a62-b69c-3ec
    00000030  39:38:35:37:36:64:31:64:36:00:00:00:00:7f:f0:00  98576d1d6.......
    00000040  00:00:00:80:00                                   .....
    
    -> NET_SFTP_READ (0.0001s)
    00000000  00:00:00:24:66:37:39:37:62:39:34:38:2d:32:31:38  ...$f797b948-218
    00000010  33:2d:34:37:31:39:2d:62:61:37:61:2d:30:34:38:65  3-4719-ba7a-048e
    00000020  34:65:38:33:31:36:64:35:00:00:00:00:7f:f0:00:00  4e8316d5........
    00000030  00:00:80:00                                      ....
    
    -> NET_SSH2_MSG_CHANNEL_DATA (since last: 0.0002, network: 0s)
    00000000  00:00:00:00:00:00:00:3d:00:00:00:39:05:00:00:00  .......=...9....
    00000010  01:00:00:00:24:62:37:37:36:38:61:37:39:2d:61:39  ....$b7768a79-a9
    00000020  34:63:2d:34:61:36:32:2d:62:36:39:63:2d:33:65:63  4c-4a62-b69c-3ec
    00000030  39:38:35:37:36:64:31:64:36:00:00:00:00:7f:f0:80  98576d1d6.......
    00000040  00:00:00:80:00                                   .....
    
    -> NET_SFTP_READ (0s)
    00000000  00:00:00:24:66:37:39:37:62:39:34:38:2d:32:31:38  ...$f797b948-218
    00000010  33:2d:34:37:31:39:2d:62:61:37:61:2d:30:34:38:65  3-4719-ba7a-048e
    00000020  34:65:38:33:31:36:64:35:00:00:00:00:7f:f0:80:00  4e8316d5........
    00000030  00:00:80:00                                      ....
    
    

    In the above the SSH2 logging is from a different session than the SFTP logging (hence what look like GUIDs being different), but it demonstrates the issue.

    opened by Stevehans 27
  • Start of SSH2 Agent Forwarding implementation

    Start of SSH2 Agent Forwarding implementation

    As I am rather keen on having this work I've written code to support a SSH2 Agent Forwarding implementation. This PR does enable this functionality but as I am not super familiar with PHP or the design of this library I'm expecting some feedback or comments.

    This PR will address this current OPEN issue / feature request.

    https://github.com/phpseclib/phpseclib/issues/505

    opened by montdidier 26
  • Unable to connect to SFTP server due to NET_SSH2_MSG_CHANNEL_EXTENDED_DATA

    Unable to connect to SFTP server due to NET_SSH2_MSG_CHANNEL_EXTENDED_DATA

    I'm having the same issue as in #725

    I.e. can not connect to proftpd SFTP Server if server provides MOTD $sftp = new SFTP($host); $key = new RSA(); $key->load(file_get_contents($_cfg['ssl_key']));

    if (!$sftp->login($user, $key)) { write_log('ERR', "Login Error to {$user}@{$host}:22",LINE); echo $sftp->getLog(); exit; }

    PHP Fatal error: Uncaught RuntimeException: Unable to fulfill channel request in /opt/openpda/client/phpseclib/Net/SSH2.php:3675 Stack trace: #0 /opt/openpda/client/phpseclib/Net/SFTP.php(452): phpseclib\Net\SSH2->get_channel_packet(256) #1 /opt/openpda/client/pda_test_sftp1.php(47): phpseclib\Net\SFTP->login('Dott', Object(phpseclib\Crypt\RSA)) #2 {main} thrown in /opt/openpda/client/phpseclib/Net/SSH2.php on line 3675

    How can I get logs from cli php script?

    Trace is equal to: http://webcache.googleusercontent.com/search?q=cache:TKNFGczN7jQJ:techqa.info/programming/tag/pty%3Fafter%3D25167721+&cd=1&hl=de&ct=clnk&gl=de&client=firefox-b

    search for NET_SSH2_MSG_CHANNEL_EXTENDED_DATA

    opened by xaled1 25
Releases(2.0.41)
  • 2.0.41(Dec 23, 2022)

  • 3.0.18(Dec 17, 2022)

    • fix for PHP 8.2 deprecations (#1869, #1873)
    • SSH2: if logging in with rsa-sha2-256/512 fails, try ssh-rsa (#1865)
    • SSH/Agent: add support for named pipes on windows (for pageant) (#1866)
    • Crypt/Base: add a function to check continuous buffer status (#1870)
    • OpenSSL 3.0.1+ deprecated some algorithms (RC2, RC4, DES, Blowfish)
    Source code(tar.gz)
    Source code(zip)
  • 2.0.40(Dec 17, 2022)

    • fix for PHP 8.2 deprecations (#1869)
    • SSH2: if logging in with rsa-sha2-256/512 fails, try ssh-rsa (#1865)
    • SSH/Agent: add support for named pipes on windows (for pageant) (#1866)
    • Crypt/Base: add a function to check continuous buffer status (#1870)
    • OpenSSL 3.0.1+ deprecated some algorithms (RC2, RC4, DES, Blowfish)
    Source code(tar.gz)
    Source code(zip)
  • 3.0.17(Oct 24, 2022)

    • X509: make it so CRLs, CSRs and SPKACs can support PSS keys (#1837)
    • X509: make it so PKCS1 X509 certs can create PSS sigs (#1837)
    • SFTP: fix deprecated implicit float to int on 32-bit PHP 8.1 (#1841)
    • SFTP: restore orig behavior when deleting non-existant folder (#1847)
    • Random: fix fallback on PHP 8.1+
    Source code(tar.gz)
    Source code(zip)
  • 2.0.39(Oct 24, 2022)

    • SFTP: fix deprecated implicit float to int on 32-bit PHP 8.1 (#1841)
    • SFTP: restore orig behavior when deleting non-existant folder (#1847)
    • Random: fix fallback on PHP 8.1+
    Source code(tar.gz)
    Source code(zip)
  • 3.0.16(Sep 5, 2022)

  • 3.0.15(Sep 2, 2022)

    • PublicKeyLoader: add support for OpenSSH encrypted keys (#1737, #1733, #1531, #1490)
    • PublicKeyLoader: add support for JSON Web Keys (#1817)
    • SSH2: make login method return false under rare situation (#1790)
    • SSH2: fix possibly undefined variable error (#1802)
    • SFTP: fix enableDatePreservation bug w.r.t. mtime (#1670)
    • SFTP: try to delete dir even if it can't be opened (#1791)
    • SFTP: try without path canonicalization if initial realpath() fails (#1796)
    • SFTP: detect if stream metadata has wrapper_type set for put() method (#1792)
    • BigInteger: tweak to the phpinfo checks (#1726)
    • BigInteger: fix behavior on 32-bit PHP installs (#1820)
    • EC/PKCS8: OpenSSL didn't like phpseclib formed Ed25519 public keys (#1819)
    • don't use dynamic properties, which are deprecated in PHP 8.2 (#1808, #1822)
    • fix deprecated implicit float to int on 32-bit PHP 8.1
    Source code(tar.gz)
    Source code(zip)
  • 2.0.38(Sep 2, 2022)

    • RSA: add support for OpenSSH encrypted keys (#1737, #1733, #1531, #1490)
    • SSH2: fix possibly undefined variable error (#1802)
    • SFTP: try to delete dir even if it can't be opened (#1791)
    • SFTP: try without path canonicalization if initial realpath() fails (#1796)
    • SFTP: detect if stream metadata has wrapper_type set for put() method (#1792)
    • BigInteger: fix behavior on 32-bit PHP installs (#1820)
    • don't use dynamic properties, which are deprecated in PHP 8.2 (#1808, #1822)
    • fix deprecated implicit float to int on 32-bit PHP 8.1
    Source code(tar.gz)
    Source code(zip)
  • 3.0.14(Apr 4, 2022)

    • PublicKeyLoader: add support for loading PuTTY v3 keys
    • Crypt/Base: fix CTR mode with continuous buffer with non-eval PHP
    • Crypt/Base: use sodium_increment in _increment_str for speed purposes
    • Crypt/Base: fix deprecation notice (#1770)
    • SSH2/Agent: rm unused parameter (#1757)
    • BigInteger: add precision to __debugInfo
    • BigInteger: fix random engine issues
    • call useBestEngine() when getEngine() is called
    Source code(tar.gz)
    Source code(zip)
  • 2.0.37(Apr 4, 2022)

    • RSA: add support for loading PuTTY v3 keys
    • Crypt/Base: fix CTR mode with continuous buffer with non-eval PHP
    • Crypt/Base: use sodium_increment in _increment_str
    • Crypt/Base: fix deprecation notice (#1770)
    • SSH2/Agent: rm unused parameter (#1757)
    Source code(tar.gz)
    Source code(zip)
  • 3.0.13(Jan 30, 2022)

    • SSH2: make login() return false if no valid auth methods are found (#1744)
    • SSH2: show a more helpful error message when logging in with pubkey (#1718)
    • SSH2: rsa-sha2-256 and rsa-sha2-512 sigs weren't verifying (#1743)
    • SFTP: fix chgrp() for version < 4 (#1730)
    • Crypt/Base: add OFB8 as a new mode (phpseclib/mcrypt_compat#33)
    • Crypt/Salsa20: fix PHP 5.6 error (#1717)
    • RSA & BigInteger: check phpinfo() available before using it (#1726)
    • Fixed psalm level 6 errors in phpseclib/Net/ (#1746)
    Source code(tar.gz)
    Source code(zip)
  • 2.0.36(Jan 30, 2022)

    • SSH2: make login() return false if no valid auth methods are found (#1744)
    • SFTP: fix chgrp() for version < 4 (#1730)
    • Crypt/Base: add OFB8 as a new mode (phpseclib/mcrypt_compat#33)
    • RSA & BigInteger: check phpinfo() available before using it (#1726)
    Source code(tar.gz)
    Source code(zip)
  • 1.0.20(Dec 28, 2021)

    SFTP:

    • speed up uploads (by changing SFTP upload packet size from 4KB to 32KB)
    • add support for SFTPv4/5/6
    • add enableDatePreservation() / disableDatePreservation() (#1496)
    • uploads on low speed networks could get in infinite loop (#1507)
    • "fix" rare resource not closed error (#1510)
    • progress callback should report actual downloaded bytes (#1543)
    • add stream to get method (#1546)
    • fix undefined index notice in stream touch() (#1615)
    • digit only filenames were converted to integers by php (#1623)
    • Stream: make it so you can write past the end of a file (#1618)
    • reopen channel on channel closure (#1654)
    • don't check SFTP packet size after SFTP initialization (#1606)
    • return false if get_channel_packet returns false (#1678)
    • timeout during SFTP init should return false (#1684)
    • add option to allow arbitrary length packets (#1691)

    SSH2:

    • add support for zlib and [email protected] compression
    • add "smart multi factor" login mode (enabled by default) (#1648)
    • don't try to login as none auth method for CoreFTP server (#1488)
    • when building algo list look at if crypto engine is set (#1500)
    • suppress 'broken pipe' errors (#1511)
    • add setKeepAlive() method (#1529)
    • behave like putty with broken publickey auth (#1572)
    • don't close channel on unexpected response to channel request (#1631)
    • add getAuthMethodsToContinue() method (#1648)
    • fix issue with key re-exchange (#1644)
    • fix PHP7.4 errors about accessing bool as string (#1656)
    • end connection faster for algorithm mismatch

    X509:

    • really looong base64 encoded strings broke extractBER() (#1486)
    • only parse the first cert of a multi-cert PEMs (#1542, #1568)

    ASN1:

    • fix timezone issue when non-utc time is given (#1562)
    • return false when not enough bytes are available (#1676)

    RSA:

    • ssh-keygen -yf private.key fails if \r is present (#1698)

    BigInteger:

    • fix issue with toBits on 32-bit PHP 8 installs

    Crypt/Base:

    • use a custom error handler for mcrypt
    Source code(tar.gz)
    Source code(zip)
  • 3.0.12(Nov 29, 2021)

    • SSH2: add "smart multi factor" login mode (enabled by default) (#1648)
    • SSH2: error out when no data is received from the server (#1647)
    • SFTP: don't attempt to parse unsupported attributes (#1708)
    • SFTP: getSupportedVersions() call didn't work
    • EC: error out when scalar is out of range (#1712)
    • RSA: add support for raw private keys (#1711)
    • SymmetricKey: add getMode()
    Source code(tar.gz)
    Source code(zip)
    phpseclib3.0.12.zip(632.93 KB)
  • 2.0.35(Nov 29, 2021)

    • SSH2: add "smart multi factor" login mode (enabled by default) (#1648)
    • SSH2: error out when no data is received from the server (#1647)
    • SFTP: don't attempt to parse unsupported attributes (#1708)
    • SFTP: getSupportedVersions() call didn't work
    Source code(tar.gz)
    Source code(zip)
  • 3.0.11(Oct 27, 2021)

    • SSH2: add support for zlib and [email protected] compression
    • SFTP: add support for SFTPv4/5/6
    • SFTP: add option to allow arbitrary length packets (#1691)
    • SFTP: errors weren't being logged (#1702)
    • RSA: ssh-keygen -yf private.key fails if \r is present (#1698)
    Source code(tar.gz)
    Source code(zip)
  • 2.0.34(Oct 27, 2021)

  • 3.0.10(Aug 16, 2021)

    • SFTP: don't check SFTP packet size after SFTP initialization (#1606)
    • SFTP: timeout during SFTP init should return false (#1684)
    • SFTP: return false if get_channel_packet returns false (#1678)
    • ASN1: return false when not enough bytes are available (#1676)
    • BigInteger: Serializable is being deprecated in PHP 8.1 (#1680)
    • explicitly define methods as being static (#1689)
    • plug memory leaks (#1672)
    Source code(tar.gz)
    Source code(zip)
  • 2.0.33(Aug 16, 2021)

    • SFTP: don't check SFTP packet size after SFTP initialization (#1606)
    • SFTP: timeout during SFTP init should return false (#1684)
    • SFTP: return false if get_channel_packet returns false (#1678)
    • ASN1: return false when not enough bytes are available (#1676)
    Source code(tar.gz)
    Source code(zip)
  • 3.0.9(Jun 14, 2021)

    • SSH2: add getAuthMethodsToContinue() method (#1648)
    • SSH2: timeout would occasionally infinitely loop
    • SSH2: fix PHP7.4 errors about accessing bool as string (#1656)
    • SSH2: fix issue with key re-exchange (#1644)
    • SFTP: reopen channel on channel closure (#1654)
    • X509: extra characters before cert weren't being removed (#1659)
    • X509: signing with pw protected PSS keys yielded errors (#1657)
    • ASN1: fix timezone issue when non-utc time is given (#1562)
    • ASN1: change how default values are processed for ints and enums (#1665)
    • RSA: OAEP decryption didn't check labels correctly (#1669)
    Source code(tar.gz)
    Source code(zip)
  • 2.0.32(Jun 14, 2021)

    • SSH2: add getAuthMethodsToContinue() method (#1648)
    • SSH2: timeout would occasionally infinitely loop
    • SSH2: fix PHP7.4 errors about accessing bool as string (#1656)
    • SSH2: fix issue with key re-exchange (#1644)
    • SFTP: reopen channel on channel closure (#1654)
    • X509: extra characters before cert weren't being removed (#1659)
    • ASN1: fix timezone issue when non-utc time is given (#1562)
    • RSA: OAEP decryption didn't check labels correctly (#1669)
    Source code(tar.gz)
    Source code(zip)
  • 3.0.8(Apr 20, 2021)

    • AsymetrticKey: add getComment() method (#1638)
    • SymmetricKey: cipher_name_openssl_ecb shouldn't be static because of AES (#1636)
    • X509: don't filter basicConstraints on unique values (#1639)
    • X509: make it so extensions can be set as critical (#1640)
    Source code(tar.gz)
    Source code(zip)
  • 3.0.7(Apr 6, 2021)

    • X509: always parse the first cert of a bundle (#1568)
    • SSH2: behave like putty with broken publickey auth (#1572)
    • SSH2: don't close channel on unexpected response to channel request (#1631)
    • RSA: cleanup RSA PKCS#1 v1.5 signature verification (CVE-2021-30130)
    • Crypt: use a custom error handler for mcrypt to avoid deprecation errors
    Source code(tar.gz)
    Source code(zip)
  • 2.0.31(Apr 6, 2021)

    • X509: always parse the first cert of a bundle (#1568)
    • SSH2: behave like putty with broken publickey auth (#1572)
    • SSH2: don't close channel on unexpected response to channel request (#1631)
    • RSA: support keys with PSS algorithm identifier (#1584)
    • RSA: cleanup RSA PKCS#1 v1.5 signature verification (CVE-2021-30130)
    • SFTP/Stream: make it so you can write past the end of a file (#1618)
    • SFTP: fix undefined index notice in stream touch() (#1615)
    • SFTP: digit only filenames were converted to integers by php (#1623)
    • BigInteger: fix issue with toBits on 32-bit PHP 8 installs
    • Crypt: use a custom error handler for mcrypt to avoid deprecation errors
    Source code(tar.gz)
    Source code(zip)
  • 3.0.6(Mar 13, 2021)

    • SFTP/Stream: make it so you can write past the end of a file (#1618)
    • SFTP/Stream: fix undefined index notice in stream touch() (#1615)
    • SFTP/Stream: mkdir didn't work (#1617)
    • BigInteger: fix issue with toBits on 32-bit PHP 8 installs
    • SFTP: digit only filenames were converted to integers by php (#1623)
    Source code(tar.gz)
    Source code(zip)
  • 3.0.5(Feb 12, 2021)

    • X509: add getCurrentCert method (since $currentCert is now private) (#1602)
    • PublicKeyLoader: add loadPrivateKey() and loadPublicKey() methods (#1603)
    • Rijndael: calling setIV() after setBlockLength() can result in err (#1599)
    • RSA: use OpenSSL for generating private keys (#1596)
    • BigInteger: big speedups for when OpenSSL is used (#1596)
    Source code(tar.gz)
    Source code(zip)
  • 3.0.4(Jan 26, 2021)

    • Random: use v9.99.99 of random_compat if appropriate (#1585, #1571)
    • SSH/Agent: EC keys didn't work with agent (#1593)
    • X509: fix niche issue with computeKeyIdentifier (#1586)

    Download PHP Secure Communications Library

    Source code(tar.gz)
    Source code(zip)
  • 3.0.3(Jan 16, 2021)

    • X509: passing DateTime objects to setEndDate produced errors (#1578)
    • X509: always parse the first cert of a bundle (#1568)
    • X509: streamline the management of custom extensions (#1573)
    • EC: fix case sensitivity errors when using Symfony autoloader (#1570)
    • RSA: improve identification of public / private PKCS1 / PKCS8 keys (#1579)
    • RSA: add support for PSS keys that don't have parameters present (#1583)
    • RSA: tweaks to how the salt length works
    • RSA: throw exceptions instead of returning false
    • SSH2: behave like putty with broken publickey auth (#1572)

    Download PHP Secure Communications Library

    Source code(tar.gz)
    Source code(zip)
  • 3.0.2(Dec 24, 2020)

    • EC/PKCS1: throw exception when trying to load non-strings (#1559)
    • X509: make date methods accept DateTimeInterface instead of DateTime (#1562)
    • SSH2: suppress errors on stream_select calls (#1560)

    Download PHP Secure Communications Library

    Source code(tar.gz)
    Source code(zip)
  • 3.0.1(Dec 19, 2020)

    • PKCS8: fix E_WARNING (#1551)
    • SSH2/Stream: stream_select needs to be able to access $fsock (#1552)
    • SFTP: resuming uploads didn't work (#1553)
    Source code(tar.gz)
    Source code(zip)
A multitool library offering access to recommended security related libraries, standardised implementations of security defences, and secure implementations of commonly performed tasks.

SecurityMultiTool A multitool library offering access to recommended security related libraries, standardised implementations of security defences, an

Pádraic Brady 131 Oct 30, 2022
PHP Secure Headers

Secure Headers Add security related headers to HTTP response. The package includes Service Providers for easy Laravel integration. Version Installatio

null 431 Dec 26, 2022
PHP Secure Configuration Checker

PHP Secure Configuration Checker Check current PHP configuration for potential security flaws. Simply access this file from your webserver or run on C

SektionEins GmbH 799 Nov 15, 2022
Quickly and easily secure HTML text.

Larasane Quickly sanitize text into safe-HTML using fluid methods. Requirements PHP 7.4, 8.0 or later. Laravel 7.x, 8.x or later. Installation Just fi

Italo 40 Jul 20, 2021
Secure API Toolkit

Sapient: Secure API toolkit Sapient secures your PHP applications' server-to-server HTTP(S) traffic even in the wake of a TLS security breakdown (comp

Paragon Initiative Enterprises 315 Jan 3, 2023
Create cryptographically secure pseudo-random numbers, and manage big integers

laminas-math This package is considered feature-complete, and is now in security-only maintenance mode, following a decision by the Technical Steering

Laminas Project 23 Nov 24, 2022
php-chmod is a PHP library for easily changing permissions recursively.

PHP chmod php-chmod is a PHP library for easily changing the permissions recursively. Versions & Dependencies Version PHP Documentation ^1.1 ^7.4 curr

Mathias Reker ⚡️ 5 Oct 7, 2022
TCrypto is a simple and flexible PHP 5.3+ in-memory key-value storage library

About TCrypto is a simple and flexible PHP 5.3+ in-memory key-value storage library. By default, a cookie will be used as a storage backend. TCrypto h

timoh 57 Dec 2, 2022
PHPGGC is a library of PHP unserialize() payloads along with a tool to generate them, from command line or programmatically.

PHPGGC: PHP Generic Gadget Chains PHPGGC is a library of unserialize() payloads along with a tool to generate them, from command line or programmatica

Ambionics Security 2.5k Jan 4, 2023
A petite library of encryption functions for PHP

?? dcrypt A petite library of essential encryption functions for PHP 7.1+. For legacy PHP version support, look here. If you need a dcrypt inspired en

null 96 Oct 6, 2022
Sodium Compat is a pure PHP polyfill for the Sodium cryptography library (libsodium)

Sodium Compat is a pure PHP polyfill for the Sodium cryptography library (libsodium), a core extension in PHP 7.2.0+ and otherwise available in PECL.

Paragon Initiative Enterprises 817 Dec 26, 2022
JSON Object Signing and Encryption library for PHP.

NAMSHI | JOSE Deprecation notice Hi there, as much as we'd like to be able to work on all of the OSS in the world, we don't actively use this library

Namshi 1.7k Dec 22, 2022
A PHP library for counting short DNA sequences for use in Bioinformatics

Helix A PHP library for counting short DNA sequences for use in Bioinformatics. Helix consists of tools for data extraction as well as an ultra-low me

Andrew DalPino 2 Jan 25, 2022
A library for generating random numbers and strings

RandomLib A library for generating random numbers and strings of various strengths. This library is useful in security contexts. Install Via Composer

Anthony Ferrara 832 Nov 24, 2022
Fast, general Elliptic Curve Cryptography library. Supports curves used in Bitcoin, Ethereum and other cryptocurrencies (secp256k1, ed25519, ..)

Fast Elliptic Curve Cryptography in PHP Information This library is a PHP port of elliptic, a great JavaScript ECC library. Supported curve types: Sho

Simplito 178 Dec 28, 2022
A modern, portable, easy to use crypto library.

Sodium is a new, easy-to-use software library for encryption, decryption, signatures, password hashing and more. It is a portable, cross-compilable, i

Frank Denis 10.7k Jan 1, 2023
A cryptography API wrapping the Sodium library, providing a simple object interface for symmetrical and asymmetrical encryption, decryption, digital signing and message authentication.

PHP Encryption A cryptography API wrapping the Sodium library, providing a simple object interface for symmetrical and asymmetrical encryption, decryp

null 19 Dec 31, 2022
PHPIDS (PHP-Intrusion Detection System) is a simple to use, well structured, fast and state-of-the-art security layer for your PHP based web application

PHPIDS PHPIDS (PHP-Intrusion Detection System) is a simple to use, well structured, fast and state-of-the-art security layer for your PHP based web ap

null 752 Jan 3, 2023
PHP 5.x support for random_bytes() and random_int()

random_compat PHP 5.x polyfill for random_bytes() and random_int() created and maintained by Paragon Initiative Enterprises. Although this library sho

Paragon Initiative Enterprises 8k Jan 5, 2023