/** * Sign a message with our private key * * @param string $message Message to sign * @param Contract\CryptoKeyInterface $privatekey * @param boolean $raw Don't hex encode the output? * * @return string Signature (detached) */ public static function sign($message, Contract\CryptoKeyInterface $privatekey, $raw = false) { if (!$privatekey->isSigningKey()) { throw new CryptoAlert\InvalidKey('Expected a signing key'); } if (!$privatekey->isSecretKey()) { throw new CryptoAlert\InvalidKey('Expected a secret key'); } $signed = \Sodium\crypto_sign_detached($message, $privatekey->get()); if ($raw) { return $signed; } return \Sodium\bin2hex($signed); }
/** * Sign a message with our private key * * @param string $message Message to sign * @param SignatureSecretKey $privateKey * @param boolean $raw Don't hex encode the output? * @return string Signature (detached) */ public static function sign(string $message, SignatureSecretKey $privateKey, bool $raw = false) : string { $signed = \Sodium\crypto_sign_detached($message, $privateKey->getRawKeyMaterial()); if ($raw) { return $signed; } return \Sodium\bin2hex($signed); }
/** * @param string $message * @param string $signer_private * @return string The signature of the message. * @throws InvalidTypeException */ public static function sign($message, $signer_private) { # Test to make sure all the required variables are strings. Helpers::isString($message, 'PublicKeyEncryption', 'sign'); Helpers::isString($signer_private, 'PublicKeyEncryption', 'sign'); return base64_encode(Helpers::bin2hex(\Sodium\crypto_sign_detached($message, $signer_private))); }
/** * Sign a message with our private key * * @param string $message Message to sign * @param SignatureSecretKey $privateKey * @param boolean $raw Don't hex encode the output? * * @return string Signature (detached) * * @throws CryptoException\InvalidKey */ public static function sign($message, Contract\KeyInterface $privateKey, $raw = false) { if (!$privateKey instanceof SignatureSecretKey) { throw new CryptoException\InvalidKey('Argument 2: Expected an instance of SignatureSecretKey'); } $signed = \Sodium\crypto_sign_detached($message, $privateKey->get()); if ($raw) { return $signed; } return \Sodium\bin2hex($signed); }
/** * Check if a password is known by the knownpassword.org API. * * @param string $password The password to check. * @param string $passwordFormat The format of the given password (Blake2b, Sha512, Cleartext) [Default: Blake2b]. * @return mixed Exception on error, true if the password is known and false if the password is unknown. * @access public */ public function checkPassword($password, $passwordFormat = "Blake2b") { $apiData = array(); switch ($passwordFormat) { case "Blake2b": $apiData = array("Blake2b" => $password); break; case "Sha512": $apiData = array("Sha512" => $password); break; case "Cleartext": $apiData = array("Cleartext" => $password); break; default: throw new \Exception("Unknown passwordFormat."); } $nonce = \Sodium\randombytes_buf(24); $signature = \Sodium\crypto_sign_detached($nonce, $this->_privatekey); $clearJson = json_encode($apiData); $encryptionNonce = \Sodium\randombytes_buf(\Sodium\CRYPTO_BOX_NONCEBYTES); $encryptionKeyPair = \Sodium\crypto_box_keypair(); $encryptionSecretkey = \Sodium\crypto_box_secretkey($encryptionKeyPair); $encryptionPublickey = \Sodium\crypto_box_publickey($encryptionKeyPair); $encryptionKeyPair = \Sodium\crypto_box_keypair_from_secretkey_and_publickey($encryptionSecretkey, $this->_serverEncryptionPublicKey); $ciphertext = \Sodium\crypto_box($clearJson, $encryptionNonce, $encryptionKeyPair); $encryptedApiData = array("PublicKey" => \Sodium\bin2hex($encryptionPublickey), "Nonce" => \Sodium\bin2hex($encryptionNonce), "Ciphertext" => \Sodium\bin2hex($ciphertext)); $data_string = json_encode($encryptedApiData); $ch = curl_init($this->_apiurl . "/checkpassword"); curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "POST"); curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, TRUE); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2); curl_setopt($ch, CURLOPT_HEADER, 1); curl_setopt($ch, CURLOPT_POSTFIELDS, $data_string); curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-Type: application/json', 'Content-Length: ' . strlen($data_string), 'User-Agent: ' . 'Laravel 5', 'X-Public: ' . \Sodium\bin2hex($this->_publickey), 'X-Nonce: ' . \Sodium\bin2hex($nonce), 'X-Signature: ' . \Sodium\bin2hex($signature))); if (!($result = curl_exec($ch))) { throw new \Exception("Request failed"); } $header_size = curl_getinfo($ch, CURLINFO_HEADER_SIZE); $header = substr($result, 0, $header_size); $headers = $this->get_headers_from_curl_response($header); if (array_key_exists("http_code", $headers[0]) && array_key_exists("X-Powered-By", $headers[0]) && array_key_exists("X-Signature", $headers[0])) { $httpCode = $headers[0]["http_code"]; $responsePowered = $headers[0]["X-Powered-By"]; $responseSignature = $headers[0]["X-Signature"]; $responseNonce = $headers[0]["X-Nonce"]; if ($httpCode === "HTTP/1.1 200 OK" || $httpCode === "HTTP/2.0 200 OK") { if ($responsePowered === "bitbeans") { // validate the response signature if (!\Sodium\crypto_sign_verify_detached(\Sodium\hex2bin($responseSignature), \Sodium\crypto_generichash(\Sodium\hex2bin($responseNonce), null, 64), $this->_serverSignaturePublicKey)) { throw new \Exception("Invalid signature"); } } else { throw new \Exception("Invalid server"); } } else { throw new \Exception("Invalid response code"); } } else { throw new \Exception("Invalid header"); } $result = substr($result, $header_size); curl_close($ch); $resultJson = json_decode($result); $decryptionKeyPair = \Sodium\crypto_box_keypair_from_secretkey_and_publickey($encryptionSecretkey, \Sodium\hex2bin($resultJson->{'publicKey'})); $plaintext = \Sodium\crypto_box_open(\Sodium\hex2bin($resultJson->{'ciphertext'}), \Sodium\hex2bin($resultJson->{'nonce'}), $decryptionKeyPair); if ($plaintext === FALSE) { throw new \Exception("Malformed message or invalid MAC"); } $plaintextJson = json_decode($plaintext); return !$plaintextJson->{'FoundPassword'}; }
/** * Sign a message with our private key * * @param string $message Message to sign * @param SignatureSecretKey $privateKey * @param mixed $encoding Which encoding scheme to use? * @return string Signature (detached) */ public static function sign(string $message, SignatureSecretKey $privateKey, $encoding = Halite::ENCODE_BASE64URLSAFE) : string { $signed = \Sodium\crypto_sign_detached($message, $privateKey->getRawKeyMaterial()); $encoder = Halite::chooseEncoder($encoding); if ($encoder) { return $encoder($signed); } return $signed; }