PHP repository for secure message exchange between applications
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
example
src
LICENSE
README.md
composer.json
standAloneLoader.php

README.md

cryptMessage (PHP and JS)

Author Source Code Software License Website

PHP repository for secure message exchange between applications. Full compatible with a equivalent Javascript code from this repository. Documentation and Demo.

install

cryptMessage is available via Composer:

{
    "require": {
        "falkm/crypt-message": "1.*"
    }
}

Or download and include the outoloader

<?php
    require_once 'cryptMessage/standAloneLoader.php';

example usage

##1. Generate RSA keys and change them on a secure way

$rsa_lib = new cryptMessage\lib\rsa();<br/>
$private_Key = null; $public_Key = null;<br/>
$rsa_lib->generateKeys($clinet1_public_key, $clinet1_private_key);
$rsa_lib->generateKeys($clinet2_public_key, $clinet2_private_key);

Client 1 get $clinet1_private_key and $clinet2_public_key. Client 2 get $clinet2_private_key and $clinet1_public_key.

##2. Client 1 create message for client 2

use cryptMessage\entity\message; 

$message = new message();
$message->body->data = "test";
$crypt_message = $message->getCryptMessage($clinet2_public_key);

##3. Client 1 transfer message to client 2

$cookies = array(); /*if you receive cookies use them*/
$url = ''; /*Url of client 2 Api endpoint*/

$response = cryptMessage\lib\curl::exec(array(
    "url" => $url, 
    "method" => 'POST',
    "postfields" => $crypt_message,
    "cookies" => $cookies
));

4. Client 2 receive message and responds

use cryptMessage\entity\message;

$error_message = null;
$request_body = file_get_contents("php://input");

$headercheck = function($header){
    /*if message timestamt older then 10min, then not accept message*/
    if($header->timestamp < (time() - 600)){
        return false;
    }

    /*delay attack protection
     message slug must be unique in last 10 minutes, check it over mySql table for examle*/
    checkUniqueMesssage($header->slug);
}

$request_message = message::getFromRawRequest($request_body, $clinet2_private_key, $error_message, $headercheck));
if($error_message || !$request_message || !($request_message instanceof message)){
    echo "ERROR"; /*message is not create with yout public key*/ 
    exit();
}

$response_message = new message();
$response_message->header->requestSlug = $request_message->header->slug;
$response_message->body->data = "hello, i receive: ".$request_message->body->data;
$rawResonse = $response_message->getCryptMessage($clinet1_public_key);

if(!$rawResonse){
    return "ERROR"; /*public key of client 1 is wrong*/
    exit();
}

echo $rawResonse;

##5. Client 1 receice the response from client 2

/* $response is a array from culr request from step 3*/

if(!$response["body"] || $response["body"] == "ERROR"){
    echo "ERROR";
    exit();
 }
        
$request_slug = $request_message->header->slug;
$header_check = function($header) use ($request_slug){
    /*if message timestamt older then 10min, then not accept message*/
    if($header->timestamp < (time() - 600)){
        return false;
    }

    /*other client set slug of your message in his response as requestSlug*/
    if($header->requestSlug !== $request_slug){
        return false;
    }

    return true;
};
        
$response_message = message::getFromRawRequest($response["body"], $clinet1_private_key, $error_message, $header_check);
if($error_message || !$response_message || !($response_message instanceof message)){
    echo "ERROR"; /*resonse is wrong, detail in $error_message*/
    exit();
}

/*optional: cahce cookies for next api call*/
$cookies $response["cookie"];
    
echo $response_message->body->data;