Skip to content
provides object-oriented, secure and extended access to PHP OpenSSL functions
PHP
Branch: master
Clone or download
Latest commit 7c2ae86 Jan 5, 2020
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
docs 0.971 Jan 5, 2020
src
test 0.971 Jan 5, 2020
LICENSE 0.971 Jan 5, 2020
README.md 0.971 Jan 5, 2020
autoload.php 0.971 Jan 5, 2020
composer.json 0.971 Jan 5, 2020
phpunit.xml 0.971 Jan 5, 2020

README.md

OpenSSLToolbox

provides object-oriented, secure and extended access to PHP OpenSSL functions

Conception basics

The OpenSSL pkey functions are assembled in the

  • OpenSSLPkeyFactory class

The OpenSSL CSR functions are assembled in the

  • OpenSSLCsrFactory class

The OpenSSL x509 functions are assembled in the

  • OpenSSLX509Factory class

The OpenSSL pkcs7 functions are assembled in the

  • OpenSSLPkcs7Factory class

The OpenSSL pkcs12 functions are assembled in the

  • OpenSSLPkcs12Factory class

The OpenSSL spki functions are assembled in the

  • OpenSSLSpkiFactory class

Remaining OpenSSL functions are assembled in the

  • OpenSSLFactory class

Asserts and convenient salt, base64, hex, pack utility etc methods are assembled in the

  • Assert class
  • Convert class

Methods

All methods have

  • argument validation and throws InvalidArgumentException on error
  • errorHandler protection and result error evaluation, throws RuntimeException on error

Method names originates from OpenSSL function names

  • Ex 'openssl_pkey_export' is encapsulated in method OpenSSLPkeyFactory::export()

Most methods has also more convenient and describable named method alias

  • Ex OpenSSLPkeyFactory::getPrivateKeyAsPemString() for 'openssl_pkey_export'

Most methods (ex setters) are chainable (ie return 'static')

The OO-classes, above, has 'factory' methods, support 'one-liners' and inherit usefull constants defind in the OpenSSLInterface

Supplementary methods for message digest / hmac digest support are assembled in the

  • HashFactory class
  • HmacHashFactory class

Example Usage

Generate keys :

<?php
namespace Kigkonsult\OpenSSLToolbox;

$config = [
    OpenSSLPkeyFactory::DIGESTALGO     => OPENSSL_ALGO_SHA512,
    OpenSSLPkeyFactory::PRIVATEKEYBITS => 4096,
    OpenSSLPkeyFactory::PRIVATEKEYTYPE => OPENSSL_KEYTYPE_RSA,
];

$pKeyFactory      = new OpenSSLPkeyFactory( $config );

// Generate a private key
$privateKeyString = $pKeyFactory->getPrivateKeyAsPemString();
// Generate a public key
$publicKeyString  = $pKeyFactory->getPublicKeyAsPemString();
/* 
// or 
list( $privateKeyString, $publicKeyString ) =
    $pKeyFactory->getPrivatePublicKeyPairAsPemStrings();
// or one-liner, all-in-one
list( $privateKeyString, $publicKeyString ) =
    OpenSSLPkeyFactory::factory( $config )
                      ->getPrivatePublicKeyPairAsPemStrings();
// or to files
OpenSSLPkeyFactory::factory( $config )
                  ->savePrivatePublicKeyPairIntoPemFiles( 'priv.pem', 'pub.pem' )
*/

// Distinguished Name or subject fields to be used in the certificate
$DN = [
    OpenSSLCsrFactory::COUNTRYNAME          => "GB",
    OpenSSLCsrFactory::STATEORPROVINCENAME  => "Somerset",
    OpenSSLCsrFactory::LOCALITYNAME         => "Glastonbury",
    OpenSSLCsrFactory::ORGANIZATIONNAME     => "The Brain Room Limited",
    OpenSSLCsrFactory::ORGANIZATIONUNITNAME => "PHP Documentation Team",
    OpenSSLCsrFactory::COMMONNAME           => "Wez Furlong",
    OpenSSLCsrFactory::EMAILADDRESS         => "wez@example.com"
];
// Generate a certificate signing request
$csrFactory       = OpenSSLCsrFactory::factory( $DN, $privateKeyString, $config );
$csrCertString    = $csrFactory->getCSRasPemString();

// Generate a self-signed cert
$x509CertResource = $csrFactory->getX509CertResource( null, $privateKeyString );
$x509Factory      = OpenSSLX509Factory::factory()
                                      ->setX509Resource( $x509CertResource );
$x509CertString   = $x509Factory->getX509CertAsPemString();

/*
// or shorter
$x509CertString   = OpenSSLX509Factory::csrFactory( null, $DN, $privateKeyString, $config )
                                      ->getX509CertAsPemString();
// or save to pem/der-file
OpenSSLX509Factory::csrFactory( null, $DN, $privateKeyString, $config )
                  ->saveX509CertIntoPemFile( 'cert.pem' );
              //  ->saveX509CertIntoDerFile( 'cert.der' )
*/

Seal/open

<?php
...
// Seal data using public key(s)
$data        = implode( array_fill( 0, 100, 'Testing OpenSSL seal/open, !"#¤%&/()=?. '));
$recipientId = 'The Recipient';
$publicKeys  = [ $recipientId => $publicKeyString ];
list( $sealed, $envelopeKeys ) = OpenSSLFactory::getSealedString( $data, $publicKeys );

// Open (decrypted) data using private key
$decrypted   = OpenSSLFactory::getOpenedSealedString(
     $sealed, $envelopeKeys[$recipientId], $privateKeyString
);

Encrypt/decrypt

$data       = implode( array_fill( 0, 100, 'Testing OpenSSL encrypt/decrypt, !"#¤%&/()=?. '));
$cipher     = 'AES-256-ECB';
$passPhrase = Workshop::getSalt();
// encrypt string
$encrypted  = OpenSSLFactory::getEncryptedString( $data, $cipher, $passPhrase );
// decrypt string
$decrypted  = OpenSSLFactory::getDecryptedString( $encrypted, $cipher, $passPhrase );

More encrypt/decrypt

$data      = 'Testing OpenSSL public/private encrypt/decrypt, !"#¤%&/()=?. ';
// Encrypt the data using the PUBLIC key
$encrypted = OpenSSLFactory::getpublicKeyEncryptedString( $data, $publicKeyString );
// Decrypt the data using the PRIVATE key
$decrypted = OpenSSLFactory::getprivateKeyDecryptedString( $encrypted, $privateKeyString );

// Encrypt the data using the PRIVATE key
$encrypted = OpenSSLFactory::getprivateKeyEncryptedString( $data, $privateKeyString );
// Decrypt the data using the PUBLIC key
$decrypted = OpenSSLFactory::getpublicKeyDecryptedString( $encrypted, $publicKeyString );

Info

You will find

  • class information in docs folder
  • convenient constants in src/OpenSSLInterface
  • a lot of more examples in the test folder.

Installation

Composer

From the Command Line:

composer require kigkonsult/openssltoolbox

In your composer.json:

{
    "require": {
        "kigkonsult/openssltoolbox": "dev-master"
    }
}

Acquire access

namespace Kigkonsult\OpenSSLToolbox;
...
include 'vendor/autoload.php';
Or

Download and acquire..

namepace Kigkonsult\OpenSSLToolbox;
...
include 'pathToSource/OpenSSLToolbox/autoload.php';

Run tests

cd pathToSource/OpenSSLToolbox
vendor/bin/phpunit

Note, it will takes some time, 80% coverage...
But still remain untested parts, help appreciated.

Support

For support, please use Github/issues.

License

This project is licensed under the LGPLv3 License

You can’t perform that action at this time.