bentools / shh
A PHP library to encrypt/decrypt secrets using OpenSSL.
Installs: 17 666
Dependents: 2
Suggesters: 0
Security: 0
Stars: 3
Watchers: 3
Forks: 0
Open Issues: 0
Requires
- php: >=7.3
- ext-json: *
- ext-openssl: *
Requires (Dev)
- bentools/cartesian-product: ^1.3
- php-coveralls/php-coveralls: ~2.1
- phpstan/phpstan: ~0.12
- phpunit/phpunit: ~8.0|~9.0
- squizlabs/php_codesniffer: ~3.0
- symfony/var-dumper: ~4.0|~5.0
- thecodingmachine/safe: ^1.0
Suggests
- bentools/shh-bundle: Integrate Shh! into your Symfony application.
This package is auto-updated.
Last update: 2024-11-04 17:28:49 UTC
README
Shh! 🤫
Shh! is a simple library to deal with secrets. It helps you generate key pairs, encrypt/decrypt a payload, store secrets in a safe way.
For the full background behind this, see the Symfony Bundle documentation
Installation
composer require bentools/shh:^1.0
Usage
Generate keys
use BenTools\Shh\Shh; [$publicKey, $privateKey] = Shh::generateKeyPair();
By default sha512
algorithm is used with a length of 4096 bits.
Example with a passphrase and a different configuration:
use BenTools\Shh\Shh; [$publicKey, $privateKey] = Shh::generateKeyPair('Some passphrase', ['private_key_bits' => 512, 'digest_alg' => 'sha256']);
Change passphrase
You can change the passphrase of an existing key:
use BenTools\Shh\Shh; [$publicKey, $privateKey] = Shh::generateKeyPair(); $privateKey = Shh::changePassphrase($privateKey, null, 'now I have a passphrase');
This generates a new private key.
The public key remains unchanged, and existing secrets can still be decoded, with the new passphrase only.
Encrypt / decrypt secrets
Public key is required to encrypt secrets, while public AND private keys are required to decode them.
use BenTools\Shh\Shh; $shh = new Shh($publicKey, $privateKey); $encoded = $shh->encrypt('foo'); $decoded = $shh->decrypt($encoded);
Payloads are serialized/deserialized using base64.
Secret storage
It allows you to store encrypted secrets. You can safely publish a file containing secrets as soon as the private key is not published.
Only the owners of the private key (and its associated passphrase, if any) will be able to decrypt the secrets in it.
use BenTools\Shh\SecretStorage\JsonFileSecretStorage; use BenTools\Shh\Shh; [$publicKey, $privateKey] = Shh::generateKeyPair('Some passphrase', ['private_key_bits' => 512, 'digest_alg' => 'sha256']); $shh = new Shh($publicKey, $privateKey); $storage = new JsonFileSecretStorage($shh, './secrets.json'); $storage->store('some-secret'); $storage->has('some-secret'); $storage->get('some-secret'); // Reveal $storage->getKeys(); // List known secrets
Tests
./vendor/bin/phpunit
License
MIT