public static function encrypt($passphrases_and_keys, $message, $symmetric_algorithm = 9)
 {
     list($cipher, $key_bytes, $key_block_bytes) = self::getCipher($symmetric_algorithm);
     if (!$cipher) {
         throw new Exception("Unsupported cipher");
     }
     $prefix = crypt_random_string($key_block_bytes);
     $prefix .= substr($prefix, -2);
     $key = crypt_random_string($key_bytes);
     $cipher->setKey($key);
     $to_encrypt = $prefix . $message->to_bytes();
     $mdc = new OpenPGP_ModificationDetectionCodePacket(hash('sha1', $to_encrypt . "Ó", true));
     $to_encrypt .= $mdc->to_bytes();
     $encrypted = array(new OpenPGP_IntegrityProtectedDataPacket($cipher->encrypt($to_encrypt)));
     if (!is_array($passphrases_and_keys) && !$passphrases_and_keys instanceof IteratorAggregate) {
         $passphrases_and_keys = (array) $passphrases_and_keys;
     }
     foreach ($passphrases_and_keys as $pass) {
         if ($pass instanceof OpenPGP_PublicKeyPacket) {
             if (!in_array($pass->algorithm, array(1, 2, 3))) {
                 throw new Exception("Only RSA keys are supported.");
             }
             $crypt_rsa = new OpenPGP_Crypt_RSA($pass);
             $rsa = $crypt_rsa->public_key();
             $rsa->setEncryptionMode(CRYPT_RSA_ENCRYPTION_PKCS1);
             $esk = $rsa->encrypt(chr($symmetric_algorithm) . $key . pack('n', self::checksum($key)));
             $esk = pack('n', OpenPGP::bitlength($esk)) . $esk;
             array_unshift($encrypted, new OpenPGP_AsymmetricSessionKeyPacket($pass->algorithm, $pass->fingerprint(), $esk));
         } else {
             if (is_string($pass)) {
                 $s2k = new OpenPGP_S2K(crypt_random_string(10));
                 $cipher->setKey($s2k->make_key($pass, $key_bytes));
                 $esk = $cipher->encrypt(chr($symmetric_algorithm) . $key);
                 array_unshift($encrypted, new OpenPGP_SymmetricSessionKeyPacket($s2k, $esk, $symmetric_algorithm));
             }
         }
     }
     return new OpenPGP_Message($encrypted);
 }
Ejemplo n.º 2
0
 /**
  * Encrypt data.
  *
  * @param mixed $key   The list of public keys used to encrypt or a list
  *                     of passphrases.
  * @param mixed $data  The data to be PGP encrypted.
  * @param array $opts  Additional options:
  *   - cipher: (integer) Cipher algorithm.
  *   - compress: (integer) Compression algorithm.
  *
  * @param Horde_Pgp_Element_Message  Encrypted message.
  */
 protected function _encrypt($key, $data, $opts)
 {
     $msg = $this->_compressMessageOb($this->_getMessageOb($data), $opts['compress']);
     /* Following code adapted from OpenPGP_Crypt_Symmetric::encrypt(). */
     list($cipher, $key_bytes, $block_bytes) = OpenPGP_Crypt_Symmetric::getCipher($opts['cipher']);
     $prefix = crypt_random_string($block_bytes);
     $prefix .= substr($prefix, -2);
     $to_encrypt = $prefix . $msg->to_bytes();
     $mdc = new OpenPGP_ModificationDetectionCodePacket(hash('sha1', $to_encrypt . "Ó", true));
     /* This is the symmetric encryption session key. */
     $ckey = crypt_random_string($key_bytes);
     $cipher->setKey($ckey);
     /* This is the symmetrically encrypted version of plaintext. */
     $encrypted = array(new OpenPGP_IntegrityProtectedDataPacket($cipher->encrypt($to_encrypt . $mdc->to_bytes())));
     /* Now we need to encrypt the symmetric session key into the various
      * session key encrypted entities. */
     foreach ($key as $k) {
         /* Symmetric encryption. */
         if (is_string($k)) {
             $s2k = new OpenPGP_S2K(crypt_random_string(8, 2));
             // SHA-1
             $cipher->setKey($s2k->make_key($k, $key_bytes));
             $encrypted[] = new OpenPGP_SymmetricSessionKeyPacket($s2k, $cipher->encrypt(chr($opts['cipher']) . $ckey), $opts['cipher']);
             continue;
         }
         /* Public key encryption. */
         switch ($k->algorithm) {
             case 1:
             case 2:
             case 3:
                 $rsa = new OpenPGP_Crypt_RSA($k);
                 $pk = $rsa->public_key();
                 $pk->setEncryptionMode(CRYPT_RSA_ENCRYPTION_PKCS1);
                 break;
             case 16:
                 $pk = new Horde_Pgp_Crypt_Elgamal($k);
                 break;
         }
         $pk_encrypt = $pk->encrypt(chr($opts['cipher']) . $ckey . pack('n', OpenPGP_Crypt_Symmetric::checksum($ckey)));
         $esk = array();
         foreach (is_array($pk_encrypt) ? $pk_encrypt : array($pk_encrypt) as $val) {
             $esk[] = pack('n', OpenPGP::bitlength($val)) . $val;
         }
         $encrypted[] = new OpenPGP_AsymmetricSessionKeyPacket($k->algorithm, $k->fingerprint(), implode('', $esk));
     }
     return new Horde_Pgp_Element_Message(new OpenPGP_Message(array_reverse($encrypted)));
 }