Skip to content

Pure PHP Elliptic Curve Cryptography Library

Notifications You must be signed in to change notification settings

squarecloudlabs/phpecc

 
 

Repository files navigation

Pure PHP Elliptic Curve DSA and DH

Build Status Type Safety

Scrutinizer Code Quality Code Coverage

Latest Stable Version Total Downloads Latest Unstable Version License

Notice

This library is a fork from phpecc/phpecc, which is itself a fork of mdanter/ecc. It should serve as a drop-in replacement for any applications that previously depended on either method.

However, Paragon Initiative Enterprises CANNOT guarantee the security of this library until we have fully audited its code. This notice will be removed when we believe it to be secure.

In the meantime, DO NOT submit bug bounty reports to us for this code. They will be closed as out of scope. File an Issue here instead!

This Library Implements Low-Level Elliptic Curve Cryptography

If you just need Diffie-Hellman or ECDSA, you should install EasyECC instead of working with this library directly. EasyECC was designed to use PHPECC in a secure-by-default manner.

Information

This library is a rewrite/update of Matyas Danter's ECC library. All credit goes to him.

For more information on Elliptic Curve Cryptography please read this fine article.

The library supports the following curves:

  • secp112r1
  • secp256k1
  • nistp192
  • nistp224
  • nistp256 / secp256r1
  • nistp384 / secp384r1
  • nistp521

During ECDSA, a random value k is required. It is acceptable to use a true RNG to generate this value, but should the same k value ever be repeatedly used for a key, an attacker can recover that signing key. The HMAC random generator can derive a deterministic k value from the message hash and private key, voiding this concern.

The library uses a non-branching Montgomery ladder for scalar multiplication, as it's constant time and avoids secret dependant branches.

License

This package is released under the MIT license.

Requirements

  • PHP 7.1+ or PHP 8.0+
  • composer
  • ext-gmp

Installation

You can install this library via Composer :

composer require paragonie/ecc:^2

Contribute

When sending in pull requests, please make sure to run the make command.

The default target runs all PHPUnit and PHPCS tests. All tests must validate for your contribution to be accepted.

It's also always a good idea to check the results of the Scrutinizer analysis for your pull requests.

Usage

Examples:

About

Pure PHP Elliptic Curve Cryptography Library

Resources

Code of conduct

Security policy

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • PHP 99.9%
  • Other 0.1%