softcreatr / wsc-crypto-php
PoC of cryptographic utility functions for WoltLab Suite Core, implemented in PHP.
Fund package maintenance!
softcreatr
ecologi.com/softcreatr?r=61212ab3fc69b8eb8a2014f4
Requires
- php: >=8.1
- ext-mbstring: *
- paragonie/constant_time_encoding: ^3.0
Requires (Dev)
- friendsofphp/php-cs-fixer: ^3.64
- phpunit/phpunit: >=10
README
PoC of cryptographic utility functions for WoltLab Suite Core, implemented in PHP.
Overview
This project provides cryptographic helper functions, including:
- Creating secure signatures based on the Keyed-Hash Message Authentication Code (HMAC) algorithm.
- Base64 encoding and decoding without cache-timing leaks.
- Parsing and verifying signed strings to ensure data integrity and authenticity.
Installation
Use Composer to install the package:
composer require softcreatr/wsc-crypto-php
Usage
For detailed usage examples, please refer to the examples directory.
Examples
Testing
The project includes a comprehensive test suite using PHPUnit.
Running Tests
-
Install Dependencies:
Ensure all dependencies are installed via Composer:
composer install
-
Run PHPUnit with Coverage:
Execute the following command to run your tests and generate an HTML coverage report:
./vendor/bin/phpunit --coverage-html coverage
-
View Coverage Report:
Open
coverage/index.html
in your browser to view detailed coverage statistics.
License
This project is licensed under the ISC License. See the LICENSE file for details.
Author
- Sascha Greuel
- Email: hello@1-2.dev
- GitHub: SoftCreatR
Security Considerations
- Protect the
signatureSecret
: Ensure that the signature secret is stored securely and not exposed in version control or logs. - Validate Inputs: Always validate and sanitize inputs when dealing with signed strings to prevent security vulnerabilities.
Contributing
Contributions are welcome! Please open issues or submit pull requests for improvements and bug fixes.
Acknowledgments
- ParagonIE for their constant-time encoding library.
- Inspired by WoltLab's WCF Crypto utilities.