Skip to content

PHP repository for secure message exchange between applications

License

Notifications You must be signed in to change notification settings

falkmueller/cryptMessage

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

10 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

cryptMessage (PHP and JS)

Author Source Code Software License Website

PHP repository for secure message exchange between applications. Full compatible with a equivalent Javascript code from this repository. Documentation and Demo.

install

cryptMessage is available via Composer:

{
    "require": {
        "falkm/crypt-message": "1.*"
    }
}

Or download and include the outoloader

<?php
    require_once 'cryptMessage/standAloneLoader.php';

example usage

##1. Generate RSA keys and change them on a secure way

$rsa_lib = new cryptMessage\lib\rsa();<br/>
$private_Key = null; $public_Key = null;<br/>
$rsa_lib->generateKeys($clinet1_public_key, $clinet1_private_key);
$rsa_lib->generateKeys($clinet2_public_key, $clinet2_private_key);

Client 1 get $clinet1_private_key and $clinet2_public_key. Client 2 get $clinet2_private_key and $clinet1_public_key.

##2. Client 1 create message for client 2

use cryptMessage\entity\message; 

$message = new message();
$message->body->data = "test";
$crypt_message = $message->getCryptMessage($clinet2_public_key);

##3. Client 1 transfer message to client 2

$cookies = array(); /*if you receive cookies use them*/
$url = ''; /*Url of client 2 Api endpoint*/

$response = cryptMessage\lib\curl::exec(array(
    "url" => $url, 
    "method" => 'POST',
    "postfields" => $crypt_message,
    "cookies" => $cookies
));

4. Client 2 receive message and responds

use cryptMessage\entity\message;

$error_message = null;
$request_body = file_get_contents("php://input");

$headercheck = function($header){
    /*if message timestamt older then 10min, then not accept message*/
    if($header->timestamp < (time() - 600)){
        return false;
    }

    /*delay attack protection
     message slug must be unique in last 10 minutes, check it over mySql table for examle*/
    checkUniqueMesssage($header->slug);
}

$request_message = message::getFromRawRequest($request_body, $clinet2_private_key, $error_message, $headercheck));
if($error_message || !$request_message || !($request_message instanceof message)){
    echo "ERROR"; /*message is not create with yout public key*/ 
    exit();
}

$response_message = new message();
$response_message->header->requestSlug = $request_message->header->slug;
$response_message->body->data = "hello, i receive: ".$request_message->body->data;
$rawResonse = $response_message->getCryptMessage($clinet1_public_key);

if(!$rawResonse){
    return "ERROR"; /*public key of client 1 is wrong*/
    exit();
}

echo $rawResonse;

##5. Client 1 receice the response from client 2

/* $response is a array from culr request from step 3*/

if(!$response["body"] || $response["body"] == "ERROR"){
    echo "ERROR";
    exit();
 }
        
$request_slug = $request_message->header->slug;
$header_check = function($header) use ($request_slug){
    /*if message timestamt older then 10min, then not accept message*/
    if($header->timestamp < (time() - 600)){
        return false;
    }

    /*other client set slug of your message in his response as requestSlug*/
    if($header->requestSlug !== $request_slug){
        return false;
    }

    return true;
};
        
$response_message = message::getFromRawRequest($response["body"], $clinet1_private_key, $error_message, $header_check);
if($error_message || !$response_message || !($response_message instanceof message)){
    echo "ERROR"; /*resonse is wrong, detail in $error_message*/
    exit();
}

/*optional: cahce cookies for next api call*/
$cookies $response["cookie"];
    
echo $response_message->body->data;    

About

PHP repository for secure message exchange between applications

Resources

License

Stars

Watchers

Forks

Packages

No packages published