/**
  * Returns a new set of keys for message encryption and signing.
  *
  * @param string $seed The seed to use to create repeatable keys.
  * @param string $hashKey The key to hash the key with.
  * @return array
  */
 public static function generateKeys($seed = null, $hashKey = '')
 {
     # The keys are being generated from a seed.
     if ($seed !== null) {
         # Generate some repeatable hashes to create keys against for recovery
         $encrHash = Hash::hash($seed, $hashKey, Constants::BOX_SEEDBYTES);
         $signHash = Hash::hash($seed, $hashKey, Constants::SIGN_SEEDBYTES);
         # Build recoverable pre-seeded key pairs.
         $seeds = ['encr' => \Sodium\crypto_box_keypair($encrHash), 'sign' => \Sodium\crypto_sign_keypair($signHash)];
     } else {
         # Build un-recoverable key pairs.
         $seeds = ['encr' => \Sodium\crypto_box_keypair(), 'sign' => \Sodium\crypto_sign_keypair()];
     }
     # Return the two generated key pairs to the client.
     return ['encr' => ['pri' => Helpers::bin2hex(\Sodium\crypto_box_secretkey($seeds['encr'])), 'pub' => Helpers::bin2hex(\Sodium\crypto_box_publickey($seeds['encr']))], 'sign' => ['pri' => Helpers::bin2hex(\Sodium\crypto_sign_secretkey($seeds['sign'])), 'pub' => Helpers::bin2hex(\Sodium\crypto_sign_publickey($seeds['sign']))]];
 }
Exemple #2
0
 /**
  * Generate a key
  * 
  * @param int $type
  * @param &string $secret_key - Reference to optional variable to store secret key in
  * @return array|Key
  */
 public static function generate($type = self::CRYPTO_SECRETBOX, &$secret_key = null)
 {
     // Set this to true to flag a key as a signing key
     $signing = false;
     /**
      * Are we doing public key cryptography?
      */
     if (($type & self::ASYMMETRIC) !== 0) {
         /**
          * Are we doing encryption or digital signing?
          */
         if (($type & self::ENCRYPTION) !== 0) {
             // Encryption keypair
             $kp = \Sodium\crypto_box_keypair();
             $secret_key = \Sodium\crypto_box_secretkey($kp);
             $public_key = \Sodium\crypto_box_publickey($kp);
         } elseif (($type & self::SIGNATURE) !== 0) {
             // Digital signature keypair
             $signing = true;
             $kp = \Sodium\crypto_sign_keypair();
             $secret_key = \Sodium\crypto_sign_secretkey($kp);
             $public_key = \Sodium\crypto_sign_publickey($kp);
         } else {
             throw new CryptoException\InvalidFlags('Must specify encryption or authentication');
         }
         // Let's wipe our $kp variable
         \Sodium\memzero($kp);
         // Let's return an array with two keys
         return [new ASecretKey($secret_key, $signing), new APublicKey($public_key, $signing)];
     } elseif ($type & self::SECRET_KEY !== 0) {
         /**
          * Are we doing encryption or authentication?
          */
         if ($type & self::ENCRYPTION !== 0) {
             $secret_key = \random_bytes(\Sodium\CRYPTO_SECRETBOX_KEYBYTES);
         } elseif ($type & self::SIGNATURE !== 0) {
             $signing = true;
             // ...let it throw, let it throw!
             $secret_key = \random_bytes(\Sodium\CRYPTO_AUTH_KEYBYTES);
         }
         return new SecretKey($secret_key, $signing);
     } else {
         throw new CryptoException\InvalidFlags('Must specify symmetric-key or asymmetric-key');
     }
 }