PHP Classes

PHP OpenSSL Toolbox: Use SSL certificates to process data with OpenSSL

Recommend this page to a friend!
  Info   Documentation   View files Files   Install with Composer Install with Composer   Download Download   Reputation   Support forum   Blog    
Ratings Unique User Downloads Download Rankings
Not yet rated by the usersTotal: 90 All time: 9,960 This week: 146Up
Version License PHP version Categories
openssltoolbox 1.0.0GNU Lesser Genera...5PHP 5, Files and Folders, Cryptography, S...
Description 

Author

This package can use SSL certificates to process data with OpenSSL.

It provides classes that can be used to perform several types of operations with SSL certificates. Currently it can:

- Encrypt and decrypt data
- Sign and verify signed data
- Create and export SSL certificates

Picture of Kjell-Inge Gustafsson
  Performance   Level  
Innovation award
Innovation award
Nominee: 6x

 

Documentation

OpenSSLToolbox

provides object-oriented, secure and extended access to PHP OpenSSL functions

Conception basics

The OpenSSL pkey functions are assembled in the

  • OpenSSLPkeyFactory class

The OpenSSL CSR functions are assembled in the

  • OpenSSLCsrFactory class

The OpenSSL x509 functions are assembled in the

  • OpenSSLX509Factory class

The OpenSSL pkcs7 functions are assembled in the

  • OpenSSLPkcs7Factory class

The OpenSSL pkcs12 functions are assembled in the

  • OpenSSLPkcs12Factory class

The OpenSSL spki functions are assembled in the

  • OpenSSLSpkiFactory class

Remaining OpenSSL functions are assembled in the

  • OpenSSLFactory class

Asserts and convenient salt, base64, hex, pack utility etc methods are assembled in the

  • Assert class
  • Convert class

Methods

All methods have

  • argument validation and throws InvalidArgumentException on error
  • errorHandler protection and result error evaluation, throws RuntimeException on error

Method names originates from OpenSSL function names

  • Ex 'openssl_pkey_export' is encapsulated in method OpenSSLPkeyFactory::export()

Most methods has also more convenient and describable named method alias

  • Ex OpenSSLPkeyFactory::getPrivateKeyAsPemString() for 'openssl_pkey_export'

Most methods (ex setters) are chainable (ie return 'static')

The OO-classes, above, has 'factory' methods, support 'one-liners' and inherit usefull constants defind in the OpenSSLInterface

Supplementary methods for message digest / hmac digest support are assembled in the

* HashFactory class * HmacHashFactory class

Example Usage

Generate keys :

<?php
namespace Kigkonsult\OpenSSLToolbox;

$config = [
    OpenSSLPkeyFactory::DIGESTALGO     => OPENSSL_ALGO_SHA512,
    OpenSSLPkeyFactory::PRIVATEKEYBITS => 4096,
    OpenSSLPkeyFactory::PRIVATEKEYTYPE => OPENSSL_KEYTYPE_RSA,
];

$pKeyFactory      = new OpenSSLPkeyFactory( $config );

// Generate a private key
$privateKeyString = $pKeyFactory->getPrivateKeyAsPemString();
// Generate a public key
$publicKeyString  = $pKeyFactory->getPublicKeyAsPemString();
/* 
// or 
list( $privateKeyString, $publicKeyString ) =
    $pKeyFactory->getPrivatePublicKeyPairAsPemStrings();
// or one-liner, all-in-one
list( $privateKeyString, $publicKeyString ) =
    OpenSSLPkeyFactory::factory( $config )
                      ->getPrivatePublicKeyPairAsPemStrings();
// or to files
OpenSSLPkeyFactory::factory( $config )
                  ->savePrivatePublicKeyPairIntoPemFiles( 'priv.pem', 'pub.pem' )
*/

// Distinguished Name or subject fields to be used in the certificate
$DN = [
    OpenSSLCsrFactory::COUNTRYNAME          => "GB",
    OpenSSLCsrFactory::STATEORPROVINCENAME  => "Somerset",
    OpenSSLCsrFactory::LOCALITYNAME         => "Glastonbury",
    OpenSSLCsrFactory::ORGANIZATIONNAME     => "The Brain Room Limited",
    OpenSSLCsrFactory::ORGANIZATIONUNITNAME => "PHP Documentation Team",
    OpenSSLCsrFactory::COMMONNAME           => "Wez Furlong",
    OpenSSLCsrFactory::EMAILADDRESS         => "wez@example.com"
];
// Generate a certificate signing request
$csrFactory       = OpenSSLCsrFactory::factory( $DN, $privateKeyString, $config );
$csrCertString    = $csrFactory->getCSRasPemString();

// Generate a self-signed cert
$x509CertResource = $csrFactory->getX509CertResource( null, $privateKeyString );
$x509Factory      = OpenSSLX509Factory::factory()
                                      ->setX509Resource( $x509CertResource );
$x509CertString   = $x509Factory->getX509CertAsPemString();

/*
// or shorter
$x509CertString   = OpenSSLX509Factory::csrFactory( null, $DN, $privateKeyString, $config )
                                      ->getX509CertAsPemString();
// or save to pem/der-file
OpenSSLX509Factory::csrFactory( null, $DN, $privateKeyString, $config )
                  ->saveX509CertIntoPemFile( 'cert.pem' );
              //  ->saveX509CertIntoDerFile( 'cert.der' )
*/

Seal/open

<?php
...
// Seal data using public key(s)
$data        = implode( array_fill( 0, 100, 'Testing OpenSSL seal/open, !"#¤%&/()=?. '));
$recipientId = 'The Recipient';
$publicKeys  = [ $recipientId => $publicKeyString ];
list( $sealed, $envelopeKeys ) = OpenSSLFactory::getSealedString( $data, $publicKeys );

// Open (decrypted) data using private key
$decrypted   = OpenSSLFactory::getOpenedSealedString(
     $sealed, $envelopeKeys[$recipientId], $privateKeyString
);

Encrypt/decrypt

$data       = implode( array_fill( 0, 100, 'Testing OpenSSL encrypt/decrypt, !"#¤%&/()=?. '));
$cipher     = 'AES-256-ECB';
$passPhrase = Workshop::getSalt();
// encrypt string
$encrypted  = OpenSSLFactory::getEncryptedString( $data, $cipher, $passPhrase );
// decrypt string
$decrypted  = OpenSSLFactory::getDecryptedString( $encrypted, $cipher, $passPhrase );

More encrypt/decrypt

$data      = 'Testing OpenSSL public/private encrypt/decrypt, !"#¤%&/()=?. ';
// Encrypt the data using the PUBLIC key
$encrypted = OpenSSLFactory::getpublicKeyEncryptedString( $data, $publicKeyString );
// Decrypt the data using the PRIVATE key
$decrypted = OpenSSLFactory::getprivateKeyDecryptedString( $encrypted, $privateKeyString );

// Encrypt the data using the PRIVATE key
$encrypted = OpenSSLFactory::getprivateKeyEncryptedString( $data, $privateKeyString );
// Decrypt the data using the PUBLIC key
$decrypted = OpenSSLFactory::getpublicKeyDecryptedString( $encrypted, $publicKeyString );

Info

You will find - class information in docs folder - convenient constants in src/OpenSSLInterface - a lot of more examples in the test folder.

Installation

[Composer]

From the Command Line:

composer require kigkonsult/openssltoolbox

In your composer.json:

{
    "require": {
        "kigkonsult/openssltoolbox": "dev-master"
    }
}

Acquire access

namespace Kigkonsult\OpenSSLToolbox;
...
include 'vendor/autoload.php';

Or

Download and acquire..

namepace Kigkonsult\OpenSSLToolbox;
...
include 'pathToSource/OpenSSLToolbox/autoload.php';

Run tests

cd pathToSource/OpenSSLToolbox
vendor/bin/phpunit

Note, it will takes some time, 80% coverage...<br> But still remain untested parts, help appreciated.

Support

For support, please use [Github]/issues.

License

This project is licensed under the LGPLv3 License

[Composer]:https://getcomposer.org/ [Github]:https://github.com/iCalcreator/OpenSSLToolbox/issues


  Files folder image Files (63)  
File Role Description
Files folder imagedocs (17 files)
Files folder imagesrc (18 files)
Files folder imagetest (20 files, 1 directory)
Accessible without login Plain text file autoload.php Aux. Auxiliary script
Accessible without login Plain text file composer.json Data Auxiliary data
Accessible without login Plain text file LICENSE Lic. License text
Accessible without login Plain text file phpunit.xml Data Auxiliary data
Accessible without login Plain text file README.md Doc. Read me

The PHP Classes site has supported package installation using the Composer tool since 2013, as you may verify by reading this instructions page.
Install with Composer Install with Composer
 Version Control Unique User Downloads Download Rankings  
 100%
Total:90
This week:0
All time:9,960
This week:146Up