/**
* Generates a new KeyPair.
*
* @param array $config The OpenSSL configuration.
* @return KeyPair Returns the newly generated KeyPair.
* @since 0.3
*/
public static function generate(array $config = CryptoKey::DEFAULT_CONFIG) : KeyPair
{
OpenSSL::resetErrors();
if (($resource = openssl_pkey_new($config)) === false) {
// @codeCoverageIgnoreStart
throw new OpenSSLException(OpenSSL::getErrors(), 'Could not generate a new key pair.');
// @codeCoverageIgnoreEnd
}
openssl_pkey_export($resource, $privateKey);
$publicKey = openssl_pkey_get_details($resource)['key'];
return new self(PrivateKey::fromPEM($privateKey), PublicKey::fromPEM($publicKey));
}
/**
* Unseals the given envelope.
*
* @param string $envelope The envelope to unseal.
* @param string $envelopeKey The envelope hash key.
* @param string $cipherMethod The cipher method used to seal the message.
* @param string $iv The optional initialization vector for some cipher methods.
* @return string The unsealed message.
* @since 0.3
*/
public function unseal(string $envelope, string $envelopeKey, string $cipherMethod = null, string $iv = '') : string
{
OpenSSL::resetErrors();
$paddedIV = InitVector::pad($iv);
if (@openssl_open($envelope, $message, $envelopeKey, $this->resource, $cipherMethod, $paddedIV) === false) {
// @codeCoverageIgnoreStart
throw new OpenSSLException(OpenSSL::getErrors(), 'Could not unseal envelope.');
// @codeCoverageIgnoreEnd
}
return $message;
}
/**
* Encrypts the given data with the given password.
*
* @param string $data The data to encrypt.
* @param string $password The password to encrypt data with.
* @return array Returns an array containing the encrypted data and some information like the IV if used.
* 0 => [string] encrypted data
* 1 => [string] password as hex string
* 2 => [int] options used (the bitwise disjunction value)
* 3 => [string] iv used for encryption
* 4 => [int] cipher mode used
* @see http://php.net/manual/en/function.openssl-encrypt.php openssl_encrypt function reference
* @throws OpenSSLException when the cipher cannot encrypt the data.
* @since 0.3.5
*/
public function encrypt(string $data, string $password) : array
{
OpenSSL::resetErrors();
if (($encrypted = @openssl_encrypt($data, $this->getCipherDescription(), $password, $this->getOptions(), $this->getIV())) === false) {
// @codeCoverageIgnoreStart
throw new OpenSSLException(OpenSSL::getErrors(), 'The given data could not be encrypted.');
// @codeCoverageIgnoreEnd
}
return [$encrypted, StringEncoder::rawToHex($password), $this->getOptions(), $this->getIV(), $this->getMode()];
}
/**
* Gets all the supported cipher methods.
*
* @return array Returns a numerically indexed array containing the list of supported cipher methods.
* @since 0.1
*/
public static function allAvailable() : array
{
OpenSSL::isAvailable(true);
if (self::$availableMethods === null) {
$methods = array_unique(array_map('strtoupper', openssl_get_cipher_methods(true)));
self::$availableMethods = array_unique(self::trimCipherMode($methods));
}
return self::$availableMethods;
}
/**
* Seals the given message in an encrypted envelope that can only be decrypted by the private key matching the public key.
*
* @param string $message The message to be sealed.
* @param string $cipherMethod The cipher method to use from CipherMethod.
* @param string $iv The optional initialization vector for some cipher methods.
* @return array Returns an array containing the envelope along other information like the key and method used.
* 0 => [string] envelope
* 1 => [string] envelope key
* 2 => [string] cipher method used
* @since 0.3
*/
public function seal(string $message, string $cipherMethod = CipherMethod::RC4, string $iv = '') : array
{
OpenSSL::resetErrors();
if (!CipherMethod::isAvailable($cipherMethod)) {
throw new CipherMethodNotAvailableException($cipherMethod, 'The given cipher method is not available in the current platform stack.');
}
$paddedIV = InitVector::pad($iv);
if (@openssl_seal($message, $envelope, $envelopeKeys, [$this->resource], $cipherMethod, $paddedIV) === false) {
// @codeCoverageIgnoreStart
throw new OpenSSLException(OpenSSL::getErrors(), 'Could not seal message.');
// @codeCoverageIgnoreEnd
}
return [$envelope, $envelopeKeys[0], $cipherMethod];
}
/**
* Gets the key modulus.
*
* @see http://us.php.net/manual/en/function.openssl-pkey-get-details.php openssl_pkey_get_details fucntion reference.
* @return string Returns the RSA key modulus.
* @throws CryptoKeyTypeException when key is not of type RSA.
* @since 0.3
*/
public function getModulus() : string
{
OpenSSL::resetErrors();
switch ($this->getType()) {
case CryptoKeyType::RSA:
return $this->details['rsa']['n'];
case CryptoKeyType::DSA:
return $this->details['dsa']['p'];
case CryptoKeyType::DH:
return $this->details['dh']['p'];
default:
// @codeCoverageIgnoreStart
throw new CryptoKeyTypeException(sprintf('The key must be of type RSA, DSA or DH to get modulus, but key is of type \'%s\'.', strtoupper(CryptoKeyType::toName($this->getType()))));
// @codeCoverageIgnoreEnd
}
}
