PASERK PHP: Extend PASETO to wrap and serialize keys
| Recommend this page to a friend! |
 Author |
 |
|
Innovation award Nominee: 27x Winner: 1x | ||||||||||
This package can extend PASETO to wrap and serialize keys.
It provides classes that can perform several operations with keys used by the PHP implementation of the PASETO security tokens specification.
Currently, it provides classes that implement:
- Types of data that can be encoded and decoded, like seals and secret passwords
- Operations with the types of data like wrapping and serialization
It provides classes that can perform several operations with keys used by the PHP implementation of the PASETO security tokens specification.
Currently, it provides classes that implement:
- Types of data that can be encoded and decoded, like seals and secret passwords
- Operations with the types of data like wrapping and serialization
Details
PASERK (PHP)
Platform Agnostic SERialized Keys. Requires PHP 7.1 or newer.
PASERK Specification
The PASERK Specification can be found in this repository.
Installing
composer require paragonie/paserk
PASERK Library Versions
- PASERK PHP Version 2 * Requires PHP 8.1+ * PASETO versions: `v3`, `v4` * This means only the corresponding `k3` and `k4` modes are implemented.
- PASERK PHP Version 1 * Requires PHP 7.1+ * PASETO versions: `v1`, `v2`, `v3`, `v4` * This provides a stable reference implementation for the PASERK specification.
Documentation
See this directory for the documentation.
Example: Public-key Encryption
Wrapping
<?php
use ParagonIE\Paseto\Builder;
use ParagonIE\Paseto\Keys\SymmetricKey;
use ParagonIE\Paseto\Protocol\Version4;
use ParagonIE\Paserk\Operations\Key\SealingPublicKey;
use ParagonIE\Paserk\Types\Seal;
$version = new Version4();
// First, you need a sealing keypair.
// $sealingSecret = ParagonIE\Paserk\Operations\Key\SealingSecretKey::generate();
// $sealingPublic = $sealingSecret->getPublicKey();
// var_dump($sealingSecret->encode(), $sealingPublic->encode());
$sealingPublic = SealingPublicKey::fromEncodedString(
"vdd1m2Eri8ggYYR5YtnmEninoiCxH1eguGNKe4pes3g",
$version
);
$sealer = new Seal($sealingPublic);
// Generate a random one-time key, which will be encrypted with the public key:
$key = SymmetricKey::generate($version);
// Seal means "public key encryption":
$paserk = $sealer->encode($key);
// Now let's associate this PASERK with a PASETO that uses the local key:
$paseto = Builder::getLocal($key, $version)
->with('test', 'readme')
->withExpiration(
(new DateTime('NOW'))
->add(new DateInterval('P01D'))
)
->withFooterArray(['kid' => $sealer->id($key)])
->toString();
var_dump($paserk, $paseto);
Unwrapping
<?php
use ParagonIE\Paseto\Protocol\Version4;
use ParagonIE\Paserk\Operations\Key\SealingSecretKey;
use ParagonIE\Paserk\Types\Lid;
use ParagonIE\Paserk\Types\Seal;
use ParagonIE\Paseto\Parser as PasetoParser;
use ParagonIE\Paseto\ProtocolCollection;
$version = new Version4();
// From previous example:
$paserk = "k4.seal.F2qE4x0JfqT7JYhOB7S12SikvLaRuEpxRkgxxHfh4hVpE1JfwIDnreuhs9v5gjoBl3WTVjdIz6NkwQdqRoS2EDc3yGvdf_Da4K1xUSJ8IVTn4HQeol5ruYwjQlA_Ph4N";
$paseto = "v4.local.hYG-BfpTTM3bb-xZ-q5-w77XGayS4WA8kA5R5ZL85u3nzgrWba5NdqgIouFn71CJyGAff1eloirzz3sWRdVXnDeSIYxXDIerNkbLI5ALn24JehhSLKrv8R2-yhfo_XZF9XEASXtwrOyMNjeEAan5kqO6Dg.eyJraWQiOiJrNC5saWQueDAycGJDRmhxU1Q4endnbEJyR3VqWE9LYU5kRkJjY1dsTFFRN0pzcGlZM18ifQ";
// Keys for unsealing:
$sealingSecret = SealingSecretKey::fromEncodedString(
"j043XiZTuGLleB0kAy8f3Tz-lEePK_ynEWPp4OyB-lS913WbYSuLyCBhhHli2eYSeKeiILEfV6C4Y0p7il6zeA",
$version
);
$sealingPublic = $sealingSecret->getPublicKey();
// Unwrap the sytmmetric key for `v4.local.` tokens.
$sealer = new Seal($sealingPublic, $sealingSecret);
$unwrapped = $sealer->decode($paserk);
// Parse the PASETO
$parsed = PasetoParser::getLocal($unwrapped, ProtocolCollection::v4())
->parse($paseto);
// Get the claims from the parsed and validated token:
var_dump($parsed->getClaims());
/*
array(2) {
["test"]=>
string(6) "readme"
["exp"]=>
string(25) "2038-01-19T03:14:08+00:00"
}
*/
// Observe the Key ID is the same as the value stored in the footer.
var_dump(Lid::encode($version, $paserk));
var_dump($parsed->getFooterArray()['kid']);
/*
string(51) "k4.lid.x02pbCFhqST8zwglBrGujXOKaNdFBccWlLQQ7JspiY3_"
string(51) "k4.lid.x02pbCFhqST8zwglBrGujXOKaNdFBccWlLQQ7JspiY3_"
*/
PASERK Feature Coverage
| Classes of Scott Arciszewski | > | PASERK PHP | > |  Download .zip .tar.gz |
> |  Support forum |
> |  Blog |
> |   Latest changes |
|
|
||||||||||||||
| Groups | Applications |  Files |
| Groups |
 Cryptography |
Encrypting, decrypting and hashing data | View top rated classes |
| Innovation Award |
 November 2022 Nominee Vote |
PASETO is an approach to sign, encrypt and decrypt data that is more secure than other approaches like JSON Web Tokens. PASERK extends the PHP PASETO to add more functionality for serializing and wrapping kets used by PASETO. This possibility helps developers to use keys on different platforms. Manuel Lemos |
| Applications that use this package |
No pages of applications that use this class were specified.
If you know an application of this package, send a message to the author to add a link here.
| Files |
| File | Role | Description | ||
|---|---|---|---|---|
| .github (1 directory) |
||||
| docs (1 file, 2 directories) |
||||
| src (6 files, 2 directories) |
||||
| tests (2 files, 4 directories) |
||||
 composer.json |
Data | Auxiliary data | ||
| LICENSE |
Lic. | License text | ||
| phpunit.xml |
Data | Auxiliary data | ||
| psalm.xml |
Data | Auxiliary data | ||
| README.md |
Doc. | Read me | ||
| Download all files: paserk-php.tar.gz paserk-php.zip NOTICE: if you are using a download manager program like 'GetRight', please Login before trying to download this archive.
|
| Files |
| File | Role | Description | ||
|---|---|---|---|---|
| .github (1 directory) |
||||
| docs (1 file, 2 directories) |
||||
| src (6 files, 2 directories) |
||||
| tests (2 files, 4 directories) |
||||
| composer.json |
Data | Auxiliary data | ||
| LICENSE |
Lic. | License text | ||
| phpunit.xml |
Data | Auxiliary data | ||
| psalm.xml |
Data | Auxiliary data | ||
| README.md |
Doc. | Read me | ||
| Files |
/ | docs | / | Types |
| File | Role | Description |
|---|---|---|
| Lid.md |
Doc. | Documentation |
| Local.md |
Doc. | Documentation |
| LocalPW.md |
Doc. | Documentation |
| LocalWrap.md |
Doc. | Documentation |
| Pid.md |
Doc. | Documentation |
| PublicType.md |
Doc. | Documentation |
| Seal.md |
Doc. | Documentation |
| SecretPW.md |
Doc. | Documentation |
| SecretType.md |
Doc. | Documentation |
| SecretWrap.md |
Doc. | Documentation |
| Sid.md |
Doc. | Documentation |
| Files |
/ | src |
| File | Role | Description | ||
|---|---|---|---|---|
| Operations (6 files, 4 directories) |
||||
| Types (11 files) |
||||
| ConstraintTrait.php |
Class | Class source | ||
| IdCommonTrait.php |
Class | Class source | ||
| IdInterface.php |
Class | Class source | ||
| PaserkException.php |
Class | Class source | ||
| PaserkTypeInterface.php |
Class | Class source | ||
| Util.php |
Class | Class source | ||
| Files |
/ | src | / | Operations |
| File | Role | Description | ||
|---|---|---|---|---|
| Key (2 files) |
||||
| PBKW (2 files) |
||||
| PKE (3 files) |
||||
| Wrap (1 file) |
||||
| PBKW.php |
Class | Class source | ||
| PBKWInterface.php |
Class | Class source | ||
| PKE.php |
Class | Class source | ||
| PKEInterface.php |
Class | Class source | ||
| Wrap.php |
Class | Class source | ||
| WrapInterface.php |
Class | Class source | ||
| Files |
/ | src | / | Operations | / | Key |
| File | Role | Description |
|---|---|---|
| SealingPublicKey.php |
Class | Class source |
| SealingSecretKey.php |
Class | Class source |
| Files |
/ | src | / | Operations | / | PBKW |
| File | Role | Description |
|---|---|---|
| PBKWv3.php |
Class | Class source |
| PBKWv4.php |
Class | Class source |
| Files |
/ | src | / | Operations | / | PKE |
| File | Role | Description |
|---|---|---|
| PKETrait.php |
Class | Class source |
| PKEv3.php |
Class | Class source |
| PKEv4.php |
Class | Class source |
| Files |
/ | src | / | Types |
| File | Role | Description |
|---|---|---|
| Lid.php |
Class | Class source |
| Local.php |
Class | Class source |
| LocalPW.php |
Class | Class source |
| LocalWrap.php |
Class | Class source |
| Pid.php |
Class | Class source |
| PublicType.php |
Class | Class source |
| Seal.php |
Class | Class source |
| SecretPW.php |
Class | Class source |
| SecretType.php |
Class | Class source |
| SecretWrap.php |
Class | Class source |
| Sid.php |
Class | Class source |
| Files |
/ | tests |
| File | Role | Description | ||
|---|---|---|---|---|
| KAT (11 files) |
||||
| Operations (3 files, 1 directory) |
||||
| test-vectors (23 files) |
||||
| Types (8 files) |
||||
| KnownAnswers.php |
Class | Class source | ||
| UtilTest.php |
Class | Class source | ||
| Files |
/ | tests | / | KAT |
| File | Role | Description |
|---|---|---|
| LidTest.php |
Class | Class source |
| LocalPWTest.php |
Class | Class source |
| LocalTest.php |
Class | Class source |
| LocalWrapPieTest.php |
Class | Class source |
| PidTest.php |
Class | Class source |
| PublicTest.php |
Class | Class source |
| SealTest.php |
Class | Class source |
| SecretPWTest.php |
Class | Class source |
| SecretTest.php |
Class | Class source |
| SecretWrapPieTest.php |
Class | Class source |
| SidTest.php |
Class | Class source |
| Files |
/ | tests | / | Operations |
| File | Role | Description | ||
|---|---|---|---|---|
| Wrap (1 file) |
||||
| PBKWTest.php |
Class | Class source | ||
| PKETest.php |
Class | Class source | ||
| WrapTest.php |
Class | Class source | ||
| Files |
/ | tests | / | test-vectors |
| File | Role | Description |
|---|---|---|
| k3.lid.json |
Data | Auxiliary data |
| k3.local-pw.json |
Data | Auxiliary data |
| k3.local-wrap.pie.json |
Data | Auxiliary data |
| k3.local.json |
Data | Auxiliary data |
| k3.pid.json |
Data | Auxiliary data |
| k3.public.json |
Data | Auxiliary data |
| k3.seal.json |
Data | Auxiliary data |
| k3.secret-pw.json |
Data | Auxiliary data |
| k3.secret-wrap.pie.json |
Data | Auxiliary data |
| k3.secret.json |
Data | Auxiliary data |
| k3.sid.json |
Data | Auxiliary data |
| k4.lid.json |
Data | Auxiliary data |
| k4.local-pw.json |
Data | Auxiliary data |
| k4.local-wrap.pie.json |
Data | Auxiliary data |
| k4.local.json |
Data | Auxiliary data |
| k4.pid.json |
Data | Auxiliary data |
| k4.public.json |
Data | Auxiliary data |
| k4.seal.json |
Data | Auxiliary data |
| k4.secret-pw.json |
Data | Auxiliary data |
| k4.secret-wrap.pie.json |
Data | Auxiliary data |
| k4.secret.json |
Data | Auxiliary data |
| k4.sid.json |
Data | Auxiliary data |
| README.md |
Doc. | Documentation |
| Files |
/ | tests | / | Types |
| File | Role | Description |
|---|---|---|
| LocalPWTest.php |
Class | Class source |
| LocalTest.php |
Class | Class source |
| LocalWrapTest.php |
Class | Class source |
| PublicTest.php |
Class | Class source |
| SealTest.php |
Class | Class source |
| SecretPWTest.php |
Class | Class source |
| SecretTest.php |
Class | Class source |
| SecretWrapTest.php |
Class | Class source |
| Download all files: paserk-php.tar.gz paserk-php.zip NOTICE: if you are using a download manager program like 'GetRight', please Login before trying to download this archive.
|
