class RsaWalletServicePhp implements RsaWalletServiceInterface (View source)

Implementation of the RSAWalletServiceInterface using PHP's OpenSSL extension

Properties

protected string $keystorePathAndFilename
protected array $keys
protected array $openSSLConfiguration

The openSSL configuration

protected int $paddingAlgorithm

The padding to use for OpenSSL encryption/decryption

protected bool $saveKeysOnShutdown

Methods

void
injectSettings(array $settings)

Injects the OpenSSL configuration to be used

void
initializeObject()

Initializes the rsa wallet service by fetching the keys from the keystore file

string
generateNewKeypair(bool $usedForPasswords = false)

Generates a new keypair and returns a fingerprint to refer to it

string
registerKeyPairFromPrivateKeyString(string $privateKeyString, bool $usedForPasswords = false)

Adds the specified keypair to the local store and returns a fingerprint to refer to it.

string
registerPublicKeyFromString(string $publicKeyString)

Adds the specified public key to the wallet and returns a fingerprint to refer to it.

getPublicKey(string $fingerprint)

Returns the public key for the given fingerprint

string
encryptWithPublicKey(string $plaintext, string $fingerprint)

Encrypts the given plaintext with the public key identified by the given fingerprint

string
decrypt(string $cipher, string $fingerprint)

Decrypts the given cipher with the private key identified by the given fingerprint Note: You should never decrypt a password with this function. Use checkRSAEncryptedPassword() to check passwords!

string
sign(string $plaintext, string $fingerprint)

Signs the given plaintext with the private key identified by the given fingerprint

bool
verifySignature(string $plaintext, string $signature, string $fingerprint)

Checks whether the given signature is valid for the given plaintext with the public key identified by the given fingerprint

bool
checkRSAEncryptedPassword(string $encryptedPassword, string $passwordHash, string $salt, string $fingerprint)

Checks if the given encrypted password is correct by comparing it's md5 hash. The salt is appended to the decrypted password string before hashing.

void
destroyKeypair(string $fingerprint)

Destroys the keypair identified by the given fingerprint

void
shutdownObject()

Stores the keys array in the keystore file

string
getFingerprintByPublicKey(string $publicKeyString)

Generate an OpenSSH fingerprint for a RSA public key

Details

void injectSettings(array $settings)

Injects the OpenSSL configuration to be used

Parameters

array $settings

Return Value

void

Exceptions

MissingConfigurationException
Exception

void initializeObject()

Initializes the rsa wallet service by fetching the keys from the keystore file

Return Value

void

string generateNewKeypair(bool $usedForPasswords = false)

Generates a new keypair and returns a fingerprint to refer to it

Parameters

bool $usedForPasswords

true if this keypair should be used to encrypt passwords (then decryption won't be allowed!).

Return Value

string

An fingerprint that identifies the generated keypair

Exceptions

Exception

string registerKeyPairFromPrivateKeyString(string $privateKeyString, bool $usedForPasswords = false)

Adds the specified keypair to the local store and returns a fingerprint to refer to it.

Parameters

string $privateKeyString

The private key in its string representation

bool $usedForPasswords

true if this keypair should be used to encrypt passwords (then decryption won't be allowed!).

Return Value

string

The fingerprint used for storing

string registerPublicKeyFromString(string $publicKeyString)

Adds the specified public key to the wallet and returns a fingerprint to refer to it.

This is helpful if you have not private key and want to use this key only to verify incoming data.

Parameters

string $publicKeyString

The public key in its string representation

Return Value

string

The fingerprint used for storing

OpenSslRsaKey getPublicKey(string $fingerprint)

Returns the public key for the given fingerprint

Parameters

string $fingerprint

The fingerprint

Return Value

OpenSslRsaKey

The public key

Exceptions

InvalidKeyPairIdException

string encryptWithPublicKey(string $plaintext, string $fingerprint)

Encrypts the given plaintext with the public key identified by the given fingerprint

Parameters

string $plaintext

The plaintext to encrypt

string $fingerprint

The fingerprint to identify to correct public key

Return Value

string

The ciphertext

Exceptions

Exception

string decrypt(string $cipher, string $fingerprint)

Decrypts the given cipher with the private key identified by the given fingerprint Note: You should never decrypt a password with this function. Use checkRSAEncryptedPassword() to check passwords!

Parameters

string $cipher

cipher text to decrypt

string $fingerprint

The fingerprint to identify to correct private key

Return Value

string

The decrypted text

Exceptions

InvalidKeyPairIdException
DecryptionNotAllowedException
Exception

string sign(string $plaintext, string $fingerprint)

Signs the given plaintext with the private key identified by the given fingerprint

Parameters

string $plaintext

The plaintext to sign

string $fingerprint

The fingerprint to identify to correct private key

Return Value

string

The signature of the given plaintext

Exceptions

InvalidKeyPairIdException

bool verifySignature(string $plaintext, string $signature, string $fingerprint)

Checks whether the given signature is valid for the given plaintext with the public key identified by the given fingerprint

Parameters

string $plaintext

The plaintext to sign

string $signature

The signature that should be verified

string $fingerprint

The fingerprint to identify to correct public key

Return Value

bool

true if the signature is correct for the given plaintext and public key

Exceptions

InvalidKeyPairIdException

bool checkRSAEncryptedPassword(string $encryptedPassword, string $passwordHash, string $salt, string $fingerprint)

Checks if the given encrypted password is correct by comparing it's md5 hash. The salt is appended to the decrypted password string before hashing.

Parameters

string $encryptedPassword

The received, RSA encrypted password to check

string $passwordHash

The md5 hashed password string (md5(md5(password) . salt))

string $salt

The salt used in the md5 password hash

string $fingerprint

The fingerprint to identify to correct private key

Return Value

bool

true if the password is correct

Exceptions

InvalidKeyPairIdException

void destroyKeypair(string $fingerprint)

Destroys the keypair identified by the given fingerprint

Parameters

string $fingerprint

The fingerprint

Return Value

void

Exceptions

InvalidKeyPairIdException

void shutdownObject()

Stores the keys array in the keystore file

Return Value

void

Exceptions

Exception

string getFingerprintByPublicKey(string $publicKeyString)

Generate an OpenSSH fingerprint for a RSA public key

See http://tools.ietf.org/html/rfc4253#page-15 for reference of OpenSSH "ssh-rsa" key format. The fingerprint is obtained by applying an MD5 hash on the raw public key bytes.

If you have a PEM encoded private key, you can generate the same fingerprint using this:

ssh-keygen -yf my-key.pem > my-key.pub ssh-keygen -lf my-key.pub

Parameters

string $publicKeyString

RSA public key, PKCS1 encoded

Return Value

string

The public key fingerprint