-
Notifications
You must be signed in to change notification settings - Fork 0
How to encrypt & decrypt
Encrypting data is a one step process and decrypting data is a two step process. All you need for encrypting and decrypting is the key and/or AAD provided when encrypting and a KEFInfo instance which contains essential information needed to decrypt the data.
Encrypting data is done through the encryptDataKEF() function which will take the data provided and split it into ranges set by the byte range of which can be the default or manually set.
Important
The byte range cannot be less than the MIN_BYTES or MAX_BYTES constants. Anything below or above will either cause a segmentation fault or be too much for OpenSSL to handle.
The description for the encryptDataKEF() function is below.
tpkarras\KEF\encryptDataKEF(string $data, array $passphrase, string $cipher, int $byte_range = 0, int $multi_encrypt_split = 0, string|null $aad = null, string|null $output = null)Note
$data can be either a file path or the data itself. $passphrase must be an array containing 1 or more strings. $output must be a path with a file name at the end, file must not exist prior; if $output is not set, function should be assigned to variable.
Decrypting data requires one more step than encrypting data.
You will have to create a KEFInfo object in order to decrypt the data.
The KEFInfo object has the following parameters required for data decryption and subsequent serving of data.
- The MIME content type, this can be passed as an HTTP Content-Type header. The Content-Type can be retrieved using this function.
$variable->getContentType()- The length of the KEF data and the original data, both are used to verify the integrity of both the KEF and original data, it can also be passed as an HTTP Content-Length header. The Length of either the original or KEF data can be retrieved using this function.
$variable->getLength(bool $type = false)- The MD5 checksum of the KEF data and the original data, both are used to verify the integrity of both the KEF and original data, it can also be passed as an HTTP Etag header. The checksum of either the original or KEF data can be retrieved using this function.
$variable->getChecksum(bool $type = false)To create the KEFInfo object, simply create a varaible with the data passed into the function like so.
$variable = new tpkarras\KEF\KEFInfo(string $data)To finally decrypt the data, pass in the data and the passphrases used. If AAD was used, it must also be provided as well.
tpkarras\KEF\decryptKEFData(KEFInfo $info, string $data, array $passphrase, string|null $aad = null, int $start = 0, int $end = 0, int $buffer_size = 0)Note
$data can be either a file path, a URL or the data itself. $passphrase must be an array of strings. $start and $end control the range of data retrieved in bytes, $buffer_size can be used to specify a custom buffer size in bytes, $buffer_size cannot be less than DEFAULT_BUFFER_SIZE. Function should be assigned to variable.
The decrypted data will be returned in either it's entirety or the range specified. Depending if any exceptions are thrown during the encryption/decryption process.
It is up to you on how to present the data. That should cover the basics of how to encrypt & decrypt.