mglinski/ecc 问题修复 & 功能扩展

解决BUG、新增功能、兼容多环境部署,快速响应你的开发需求

邮箱:yvsm@zunyunkeji.com | QQ:316430983 | 微信:yvsm316

mglinski/ecc

Composer 安装命令:

composer require mglinski/ecc

包简介

PHP Elliptic Curve Cryptography library

README 文档

README

Build Status HHVM Status

Scrutinizer Code Quality Code Coverage

Latest Stable Version Total Downloads Latest Unstable Version License

Information

This library is a rewrite/update of Matyas Danter's ECC library. All credit goes to him.

For more information on Elliptic Curve Cryptography please read this fine article.

License

This package is released under the MIT license.

Requirements

  • PHP 5.4+
  • composer
  • ext-gmp
  • ext-mcrypt

Installation

You can install this library via Composer :

composer require mdanter/ecc

Contribute

When sending in pull requests, please make sure to run the make command.

The default target runs all PHPUnit and PHPCS tests. All tests must validate for your contribution to be accepted.

It's also always a good idea to check the results of the Scrutinizer analysis for your pull requests.

Usage

WARNING Though this library is tested for compliance to standards, it is subject to at least one documented vulnerability in public-key derivation, which can potentially allow attackers to grab your private keys. USE AT YOUR OWN RISK. You've been warned.

WARNING All following documentation is based off the master branch, not the tagged versions.

Key generation

The lazy way

You're in luck, there's a command line tool ! The examples assume that phpecc (found in the bin/ folder) is on your path.

Generate a private/public keypair:

$ phpecc genkey --curve=nist-p256 --out=pem
Using curve "nist-p256"
-----BEGIN EC PRIVATE KEY-----
MHYCAQEEHxMDwxsmFiNDNtNXZIfDm7xYlwJU3YedMA3zyhz/0+OgCgYIKoZIzj0D
AQehRANCAATHZZfy/pz9cqrVldcbtM2ucDYahx8IZZWY8/txTGfmwE9VhZDxh2w6
rJruv+3BMOmKqI42MvpuE02U+Rhlf9ch
-----END EC PRIVATE KEY-----
-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEx2WX8v6c/XKq1ZXXG7TNrnA2Gocf
CGWVmPP7cUxn5sBPVYWQ8YdsOqya7r/twTDpiqiONjL6bhNNlPkYZX/XIQ==
-----END PUBLIC KEY-----

Alternately, you can pipe the output to file:

$ phpecc genkey --curve=nist-p256 --out=pem > keypair.pem
Using curve "nist-p256"

The generated keys should be compatible with OpenSSL. However, if you find cases where OpenSSL cannot parse a key generated using phpecc, please submit an issue with the parameters used to generate your key.

Note: you don't actually need the public key part from the output, it's also encoded in the private key segment.

To get the list of supported curves :

$ phpecc list-curves
nist-p192
nist-p224
nist-p256
nist-p384
nist-p521
secp256k1
secp384r1
The developper way

TODO...

Asymmetric encryption

The dead stupid example:
<?php

require 'vendor/autoload.php';

use \Mdanter\Ecc\EccFactory;
use \Mdanter\Ecc\Message\MessageFactory;

$math = EccFactory::getAdapter();
$generator = EccFactory::getNistCurves()->generator256();

// Yeah, you won't really be doing that...
$alice = $generator->createPrivateKey();
$bob = $generator->createPrivateKey();

$messages = new MessageFactory($math);
$message = $messages->plaintext('Not for eavesdroppers', 'sha256');

// Exchange keys
$aliceDh = $alice->createExchange($messages, $bob->getPublicKey());
$bobDh = $bob->createExchange($messages, $alice->getPublicKey());

$encryptedMessage = $aliceDh->encrypt($message);
$decryptedMessage = $bobDh->decrypt($encryptedMessage);

echo $decryptedMessage->getContent() . PHP_EOL;
A lesser dead stupid example

A more realistic example, assumes you are Alice, and that your private key is stored (unencrypted) in PEM format on file. You will of course also need Bob's public key in PEM format on file. This example clearly shows that this library can be improved...

You want to encrypt a message for Bob --and only Bob-- to read.

Alice encodes the data
<?php

require 'vendor/autoload.php';

use \Mdanter\Ecc\EccFactory;
use \Mdanter\Ecc\File\PemLoader;
use \Mdanter\Ecc\Serializer\PrivateKey\DerPrivateKeySerializer;
use \Mdanter\Ecc\Serializer\PrivateKey\PemPrivateKeySerializer;
use \Mdanter\Ecc\Serializer\PublicKey\DerPublicKeySerializer;
use \Mdanter\Ecc\Serializer\PublicKey\PemPublicKeySerializer;
use \Mdanter\Ecc\Message\MessageFactory;

$math = EccFactory::getAdapter();
$messages = new MessageFactory($math);

$loader = new PemLoader();
$privKeySerializer = new PemPrivateKeySerializer(new DerPrivateKeySerializer());
$pubKeySerializer = new PemPublicKeySerializer(new DerPublicKeySerializer());

$alicePrivateKeyPath = '/path/to/alice.priv';
$bobPublicKeyPath = '/path/to/bob.pub';

$alice = $privKeySerializer->parse($loader->loadPrivateKeyData($alicePrivateKeyPath));
$bob = $pubKeySerializer->parse($loader->loadPublicKeyData($bobPublicKeyPath));

$aliceDh = $alice->createExchange($messages, $bob);

$message = $messages->plaintext('To Bob - For your eyes only', 'sha256');
$messageForBob = $aliceDh->encrypt($message);

// Binary!
echo $messageForBob->getContent() . PHP_EOL;

Now you can email/snail mail/whatever the encrypted message to Bob, and he will be able to decrypt your secret data (assuming he already has your public key, and his private key...)

Bob decodes the encrypted data
<?php

require 'vendor/autoload.php';

use \Mdanter\Ecc\File\PemLoader;
use \Mdanter\Ecc\Serializer\PrivateKey\DerPrivateKeySerializer;
use \Mdanter\Ecc\Serializer\PrivateKey\PemPrivateKeySerializer;
use \Mdanter\Ecc\Serializer\PublicKey\DerPublicKeySerializer;
use \Mdanter\Ecc\Serializer\PublicKey\PemPublicKeySerializer;

$loader = new PemLoader();
$privKeySerializer = new PemPrivateKeySerializer(new DerPrivateKeySerializer());
$pubKeySerializer = new PemPublicKeySerializer(new DerPublicKeySerializer());

$bobPrivateKeyPath = '/path/to/bob/privkey.pem';
$alicePublicKeyPath = '/path/to/alice/publickey.pem';

$alice = $pubKeySerializer->parse($loader->loadPublicKeyData($alicePrivateKeyPath));
$bob = $privKeySerializer->parse($loader->loadPrivateKeyData($bobPublicKeyPath));

$bobDh = $bob->createExchange($alice);
$messageForBob = $bobDh->decrypt('... the encrypted message... too lazy to actually generate the encoded message');

mglinski/ecc 适用场景与选型建议

mglinski/ecc 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 2.12k 次下载、GitHub Stars 达 0, 最近一次更新时间为 2015 年 06 月 07 日, 在 PHP 生态内属于活跃度较高的组件。

我们在过去多个企业项目中使用过 mglinski/ecc 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。

围绕 mglinski/ecc 我们能提供哪些服务?
定制开发 / 二次开发

基于 mglinski/ecc 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。

BUG 修复 & 性能优化

线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。

项目外包 & 长期维护

承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。

yvsm@zunyunkeji.com QQ:316430983 微信:yvsm316 西安尊云信息科技 · 专注 PHP / Go / 分布式系统研发

统计信息

  • 总下载量: 2.12k
  • 月度下载量: 0
  • 日度下载量: 0
  • 收藏数: 0
  • 点击次数: 23
  • 依赖项目数: 2
  • 推荐数: 0

GitHub 信息

  • Stars: 0
  • Watchers: 1
  • Forks: 104
  • 开发语言: PHP

其他信息

  • 授权协议: MIT
  • 更新时间: 2015-06-07