/** * @param string $sealed encrypted value, base64 encoded * @param string $shareKey share key, base64 encoded * @param PrivateKey $private * @return null|string */ public function unseal($sealed, $shareKey, PrivateKey $private) { $unsealed = null; if (openssl_open($this->decode($sealed), $unsealed, $this->decode($shareKey), $private->getResource())) { return $unsealed; } throw new \RuntimeException('Cannot unseal: ' . openssl_error_string()); }
/** * */ private function generate() { if ($this->request === null) { $commonName = iconv("UTF-8", "ASCII//TRANSLIT", $this->commonName); $privateKeyResource = $this->privateKey->asResource(); $csr = openssl_csr_new(['CN' => substr($commonName, 0, 64), 'emailAddress' => $this->emailAddress], $privateKeyResource); $this->request = $csr; } }
/** * Used to create a public key from the given string. * * If a string containing a serialized public key is * not give, the framework default one will be used * * @param string|null $custom_key the public key serialized as a string * * @throws \InvalidArgumentException the given key isn't a valid serialized key * @throws AsymmetricException the given key is invalid */ public function __construct($custom_key = null) { $serialized_key = ''; if (is_null($custom_key)) { //create the default private key $default_private_key = new PrivateKey(); //and retrive the public key from the default private key $serialized_key = $default_private_key->retrivePublicKey(); } elseif (is_string($custom_key)) { $serialized_key = $custom_key; } else { throw new \InvalidArgumentException('The serialized public key must be a string'); } //load the public key $this->key = openssl_pkey_get_public($serialized_key); //check for errors if (!$this->isLoaded()) { throw new AsymmetricException('The public key could not be loaded', 2); } }
/** * @depnds testGenerateWithoutException */ public function testIsValid() { $sinKey = new SinKey(); $this->assertNotNull($sinKey); $this->assertFalse($sinKey->isValid()); $pubKey = PublicKey::create(); $this->assertNotNull($pubKey); $pubKey->setPrivateKey(PrivateKey::create()->generate()); $pubKey->generate(); $sinKey->setPublicKey($pubKey); $sinKey->generate(); $this->assertTrue($sinKey->isValid()); }
/** * @depends testGenerate */ public function testToString() { $pubKey = new PublicKey(); $this->assertNotNull($pubKey); $pubKey->setPrivateKey(PrivateKey::create()->generate()); $this->assertSame('', (string) $pubKey); $pubKey->generate(PrivateKey::create()->generate()); if ('02' . $pubKey->getX() == $pubKey) { $compressed = '02' . $pubKey->getX(); } else { $compressed = '03' . $pubKey->getX(); } $this->assertSame($compressed, (string) $pubKey); $this->assertEquals(66, strlen((string) $pubKey)); }
public static function test_signature_validity($Msg, $Qx, $Qy, $R, $S, $expected, $verbose = false) { $p192 = NISTcurve::generator_192(); $curve_192 = NISTcurve::curve_192(); $pubk = new PublicKey($p192, new Point($curve_192, $Qx, $Qy)); $got = $pubk->verifies(PrivateKey::digest_integer($Msg), new Signature($R, $S)); if (bccomp($got, $expected) == 0) { if ($verbose) { print "Signature tested as expected: received " . var_export($got, true) . ", expected " . var_export($expected, true) . ".<br />"; } flush(); } else { print "*** Signature test failed: received " . var_export($got, true) . ", expected " . var_export($expected, true) . ".<br />"; } flush(); }
public function testGetPublicKey() { $key = new PrivateKey(); $publicKey = $key->getPublicKey(); $this->assertInstanceOf('Bitpay\\PublicKey', $publicKey); }
/** * Sign * * This function accepts the same parameters as signrawtransaction. * $raw_transaction is a hex encoded string for an unsigned/partially * signed transaction. $inputs is an array, containing the txid/vout/ * scriptPubKey/redeemscript. $priv_keys contains WIF keys. * * The function looks at each TxIn and tries to sign, if the hash160 * belongs to a key specified in the wallet. * * @param array $wallet * @param string $raw_transaction * @param array $inputs * @param string $magic_byte * @return array */ public static function sign($wallet, $raw_transaction, $inputs, $magic_byte = '00') { // Generate digests of inputs to sign. $message_hash = self::_create_txin_signature_hash($raw_transaction, $inputs); $inputs_arr = (array) json_decode($inputs); // Generate an association of expected hash160's and related information. //$wallet = BitcoinLib::private_keys_to_receive($priv_keys); $decode = self::decode($raw_transaction); $req_sigs = 0; $sign_count = 0; foreach ($decode['vin'] as $vin => $input) { $scriptPubKey = self::_decode_scriptPubKey($inputs_arr[$vin]->scriptPubKey); $tx_info = self::_get_transaction_type($scriptPubKey, $magic_byte); if (isset($wallet[$tx_info['hash160']])) { $key_info = $wallet[$tx_info['hash160']]; $generator = \SECcurve::generator_secp256k1(); if ($key_info['type'] == 'scripthash') { $signatures = self::extract_input_signatures_p2sh($input, $message_hash[$vin], $key_info); $sign_count += count($signatures); // Create Signature foreach ($key_info['keys'] as $key) { $point = new \Point($generator->getCurve(), gmp_init(substr($key['uncompressed_key'], 2, 64), 16), gmp_init(substr($key['uncompressed_key'], 66, 64), 16), $generator->getOrder()); $_public_key = new \PublicKey($generator, $point); $_private_key = new \PrivateKey($_public_key, gmp_init($key['private_key'], 16)); $sign = $_private_key->sign(gmp_init($message_hash[$vin], 16), gmp_init((string) bin2hex(openssl_random_pseudo_bytes(32)), 16)); if ($sign !== FALSE) { $sign_count++; $signatures[$key['public_key']] = self::encode_signature($sign); } } $decode['vin'][$vin]['scriptSig']['hex'] = self::_apply_sig_scripthash_multisig($signatures, $key_info); // Increase required # signature counter. $req_sigs += $key_info['required_signature_count']; } if ($key_info['type'] == 'pubkeyhash') { // Create Signature $point = new \Point($generator->getCurve(), gmp_init(substr($key_info['uncompressed_key'], 2, 64), 16), gmp_init(substr($key_info['uncompressed_key'], 66, 64), 16), $generator->getOrder()); $_public_key = new \PublicKey($generator, $point); $_private_key = new \PrivateKey($_public_key, gmp_init($key_info['private_key'], 16)); $sign = $_private_key->sign(gmp_init($message_hash[$vin], 16), gmp_init((string) bin2hex(openssl_random_pseudo_bytes(32)), 16)); if ($sign !== FALSE) { $sign_count++; $decode['vin'][$vin]['scriptSig']['hex'] = self::_apply_sig_pubkeyhash(self::encode_signature($sign), $key_info['public_key']); } $req_sigs++; } } } $new_raw = self::encode($decode); // If the transaction isn't fully signed, return false. // If it's fully signed, perform signature verification, return true if valid, or invalid if signatures are incorrect. $complete = $req_sigs - $sign_count == 0 ? self::validate_signed_transaction($new_raw, $inputs, $magic_byte) == TRUE ? 'true' : 'false' : 'false'; return array('hex' => $new_raw, 'complete' => $complete); }
/** * @param $concatenated * @return PushCertificate */ public static function fromString($concatenated) { list($signedCertificate, $privateKey) = explode('-' . PHP_EOL . '-', $concatenated); return new self(PrivateKey::fromString('-' . $privateKey), new SignedCertificate($signedCertificate . '-' . PHP_EOL)); }
/** * @group certificate * * @test * @expectedException \SAML2\Exception\InvalidArgumentException */ public function test_create_with_nonstring_password_throws_exception() { $key = \SAML2\CertificatesMock::getPlainPrivateKey(); PrivateKey::create($key, 1); }
public function sign_transaction($transaction, $inputs) { // Initialize $bip32 = new bip32(); // Start transaction $transaction[] = '01000000'; $orig_transaction = $transaction; // Add inputs temporarily $temp_input = 3; foreach ($inputs as $input) { // Set transaction variables $temp_transaction = $orig_transaction; if (count($input['privkeys']) > 1) { $temp_transaction[$temp_input] = $this->encode_vint(strlen(hex2bin($input['scriptsig']))); $temp_transaction[$temp_input + 1] = $input['scriptsig']; } else { $temp_transaction[$temp_input] = dechex(strlen(hex2bin($input['scriptsig']))); $temp_transaction[$temp_input + 1] = $input['scriptsig']; } // Initialize $generator = SECcurve::generator_secp256k1(); // Hash structure $temp_hex_trans = pack("H*", implode("", $temp_transaction)); $hash = hash('sha256', hash('sha256', $temp_hex_trans, true)); // Go through the keys $signatures = array(); $total_sign = 0; foreach ($input['privkeys'] as $privkey) { // Get public key $import = $bip32->import($privkey); $pubkey = $bip32->private_to_public($import['key']); $cpubkey = $bip32->private_to_public($import['key'], true); // Get ready to sign $point = new Point($generator->getCurve(), gmp_init(substr($pubkey, 2, 64), 16), gmp_init(substr($pubkey, 66, 64), 16), $generator->getOrder()); $_public_key = new PublicKey($generator, $point); $_private_key = new PrivateKey($_public_key, gmp_init($import['key'], 16)); // Sign $sign = $_private_key->sign(gmp_init($hash, 16), gmp_init((string) bin2hex(openssl_random_pseudo_bytes(32)), 16)); $signatures[$cpubkey] = $this->_encode_signature($sign); $total_sign++; } // Encode signature if (count($input['privkeys']) > 1) { $sig = '00'; foreach ($signatures as $pubkey => $sign) { $sig .= $this->encode_vint(strlen($sign) / 2) . $sign; } $sig .= '4c' . $this->encode_vint(strlen($input['scriptsig']) / 2) . $input['scriptsig']; } else { $key = array_keys($signatures)[0]; $sig = $this->encode_vint(strlen($signatures[$key]) / 2) . $signatures[$key]; $sig .= $this->encode_vint(strlen($key) / 2) . $key; } // Add to transaction $transaction[$temp_input] = $this->encode_vint(strlen(hex2bin($sig))); $transaction[$temp_input + 1] = $sig; $temp_input += 4; } array_pop($transaction); // Return return implode("", $transaction); }
/** * Generate a digital signature for the given message. * * The digital signature can be used to authenticate the message because * a different message will produce a different digital signature. * * You will be using the public key corresponding to the given private key * to check the digital signature. * * Example usage: * <code> * $message = "who knows if this message will be modified....."; * * //get the default private key * $privKey = new PrivateKey(); * * //generate the digital signature * $signature = Cryptography::generateDigitalSignature($privKey, $message); * * //transmit the digital signature * </code> * * @param PrivateKey $key the priate key to be used to generate the message * @param string $message the message to be signed * * @return string the generate digital signature * * @throws \InvalidArgumentException the given message is not a valid string * @throws AsymmetricException the error occurred while generating the message */ public static function generateDigitalSignature(PrivateKey &$key, $message) { //check the message type if (!is_string($message) && strlen($message) <= 0) { throw new \InvalidArgumentException('The message to be signed must be a non-empty string'); } //check for the private key if (!$key->isLoaded()) { throw new AsymmetricException('It is impossible to generate a digital signature with an unloaded key', 11); } //get the managed version of the native key $managedKey = $key(); //generate the digital signature $digitalSignature = null; if (!openssl_sign($message, $digitalSignature, $managedKey['key'], 'sha256WithRSAEncryption')) { throw new AsymmetricException('It is impossible to generate the digital signature due to an unknown error', 12); } //return the signature in a binary-safe format return base64_encode($digitalSignature); }