1. class
  2. Neos
  3. \
  4. Flow
  5. \
  6. Security
  7. \
  8. Cryptography
  9. \
  10. RsaWalletServicePhp

RsaWalletServicePhp

class RsaWalletServicePhp implements RsaWalletServiceInterface (View source)

Implementation of the RSAWalletServiceInterface using PHP's OpenSSL extension

Properties

protected string $keystorePathAndFilename
protected array $keys
protected array $openSSLConfiguration

The openSSL configuration
protected int $paddingAlgorithm

The padding to use for OpenSSL encryption/decryption
protected bool $saveKeysOnShutdown

Methods

void
injectSettings(array $settings)

Injects the OpenSSL configuration to be used

void
initializeObject()

Initializes the rsa wallet service by fetching the keys from the keystore file

string
generateNewKeypair(bool $usedForPasswords = false)

Generates a new keypair and returns a fingerprint to refer to it

string
registerKeyPairFromPrivateKeyString(string $privateKeyString, bool $usedForPasswords = false)

Adds the specified keypair to the local store and returns a fingerprint to refer to it.

string
registerPublicKeyFromString(string $publicKeyString)

Adds the specified public key to the wallet and returns a fingerprint to refer to it.

OpenSslRsaKey
getPublicKey(string $fingerprint)

Returns the public key for the given fingerprint

string
encryptWithPublicKey(string $plaintext, string $fingerprint)

Encrypts the given plaintext with the public key identified by the given fingerprint

string
decrypt(string $cipher, string $fingerprint)

Decrypts the given cipher with the private key identified by the given fingerprint Note: You should never decrypt a password with this function. Use checkRSAEncryptedPassword() to check passwords!

string
sign(string $plaintext, string $fingerprint)

Signs the given plaintext with the private key identified by the given fingerprint

bool
verifySignature(string $plaintext, string $signature, string $fingerprint)

Checks whether the given signature is valid for the given plaintext with the public key identified by the given fingerprint

bool
checkRSAEncryptedPassword(string $encryptedPassword, string $passwordHash, string $salt, string $fingerprint)

Checks if the given encrypted password is correct by comparing it's md5 hash. The salt is appended to the decrypted password string before hashing.

void
destroyKeypair(string $fingerprint)

Destroys the keypair identified by the given fingerprint

void
shutdownObject()

Stores the keys array in the keystore file

string
getFingerprintByPublicKey(string $publicKeyString)

Generate an OpenSSH fingerprint for a RSA public key

Details

at line 63
void injectSettings(array $settings)

Injects the OpenSSL configuration to be used

Parameters

array $settings

Return Value

void

Exceptions

MissingConfigurationException
Exception

at line 88
void initializeObject()

Initializes the rsa wallet service by fetching the keys from the keystore file

Return Value

void

at line 103
string generateNewKeypair(bool $usedForPasswords = false)

Generates a new keypair and returns a fingerprint to refer to it

Parameters

bool $usedForPasswords

true if this keypair should be used to encrypt passwords (then decryption won't be allowed!).

Return Value

string

An fingerprint that identifies the generated keypair

Exceptions

Exception

at line 128
string registerKeyPairFromPrivateKeyString(string $privateKeyString, bool $usedForPasswords = false)

Adds the specified keypair to the local store and returns a fingerprint to refer to it.

Parameters

string $privateKeyString

The private key in its string representation
bool $usedForPasswords

true if this keypair should be used to encrypt passwords (then decryption won't be allowed!).

Return Value

string

The fingerprint used for storing

at line 149
string registerPublicKeyFromString(string $publicKeyString)

Adds the specified public key to the wallet and returns a fingerprint to refer to it.

This is helpful if you have not private key and want to use this key only to verify incoming data.

Parameters

string $publicKeyString

The public key in its string representation

Return Value

string

The fingerprint used for storing

at line 166
OpenSslRsaKey getPublicKey(string $fingerprint)

Returns the public key for the given fingerprint

Parameters

string $fingerprint

The fingerprint

Return Value

OpenSslRsaKey

The public key

Exceptions

InvalidKeyPairIdException

at line 183
string encryptWithPublicKey(string $plaintext, string $fingerprint)

Encrypts the given plaintext with the public key identified by the given fingerprint

Parameters

string $plaintext

The plaintext to encrypt
string $fingerprint

The fingerprint to identify to correct public key

Return Value

string

The ciphertext

Exceptions

Exception

at line 209
string decrypt(string $cipher, string $fingerprint)

Decrypts the given cipher with the private key identified by the given fingerprint Note: You should never decrypt a password with this function. Use checkRSAEncryptedPassword() to check passwords!

Parameters

string $cipher

cipher text to decrypt
string $fingerprint

The fingerprint to identify to correct private key

Return Value

string

The decrypted text

Exceptions

InvalidKeyPairIdException
DecryptionNotAllowedException
Exception

at line 232
string sign(string $plaintext, string $fingerprint)

Signs the given plaintext with the private key identified by the given fingerprint

Parameters

string $plaintext

The plaintext to sign
string $fingerprint

The fingerprint to identify to correct private key

Return Value

string

The signature of the given plaintext

Exceptions

InvalidKeyPairIdException

at line 254
bool verifySignature(string $plaintext, string $signature, string $fingerprint)

Checks whether the given signature is valid for the given plaintext with the public key identified by the given fingerprint

Parameters

string $plaintext

The plaintext to sign
string $signature

The signature that should be verified
string $fingerprint

The fingerprint to identify to correct public key

Return Value

bool

true if the signature is correct for the given plaintext and public key

Exceptions

InvalidKeyPairIdException

at line 276
bool checkRSAEncryptedPassword(string $encryptedPassword, string $passwordHash, string $salt, string $fingerprint)

Checks if the given encrypted password is correct by comparing it's md5 hash. The salt is appended to the decrypted password string before hashing.

Parameters

string $encryptedPassword

The received, RSA encrypted password to check
string $passwordHash

The md5 hashed password string (md5(md5(password) . salt))
string $salt

The salt used in the md5 password hash
string $fingerprint

The fingerprint to identify to correct private key

Return Value

bool

true if the password is correct

Exceptions

InvalidKeyPairIdException

at line 294
void destroyKeypair(string $fingerprint)

Destroys the keypair identified by the given fingerprint

Parameters

string $fingerprint

The fingerprint

Return Value

void

Exceptions

InvalidKeyPairIdException

at line 402
void shutdownObject()

Stores the keys array in the keystore file

Return Value

void

Exceptions

Exception

at line 439
string getFingerprintByPublicKey(string $publicKeyString)

Generate an OpenSSH fingerprint for a RSA public key

See http://tools.ietf.org/html/rfc4253#page-15 for reference of OpenSSH "ssh-rsa" key format. The fingerprint is obtained by applying an MD5 hash on the raw public key bytes.

If you have a PEM encoded private key, you can generate the same fingerprint using this:

ssh-keygen -yf my-key.pem > my-key.pub ssh-keygen -lf my-key.pub

Parameters

string $publicKeyString

RSA public key, PKCS1 encoded

Return Value

string

The public key fingerprint