paragonie/hpke
Composer 安装命令:
composer require paragonie/hpke
包简介
Hybrid Public-Key Encryption (RFC 9180) for PHP
README 文档
README
Installation
composer require paragonie/hpke
Usage
Instantiating HPKE
First, you need to decide on an HPKE ciphersuite. You can build these yourself by component, or use the standard modes that ship with RFC 9180:
- DHKEM(X25519, HKDF-SHA256), HKDF-SHA256, AES-128-GCM
- DHKEM(X25519, HKDF-SHA256), HKDF-SHA256, ChaCha20Poly1305
- DHKEM(P-256, HKDF-SHA256), HKDF-SHA256, AES-128-GCM
- DHKEM(P-256, HKDF-SHA256), HKDF-SHA512, AES-128-GCM
- DHKEM(P-256, HKDF-SHA256), HKDF-SHA256, ChaCha20Poly1305
- DHKEM(P-521, HKDF-SHA512), HKDF-SHA512, AES-256-GCM
Additional Post-Quantum KEMs:
- MLKEM768-X25519, HKDF-SHA256, AES-128-GCM
- ML-KEM-768, HKDF-SHA256, AES-128-GCM
- ML-KEM-1024, HKDF-SHA256, AES-256-GCM
- MLKEM768-X25519, HKDF-SHA256, ChaCha20Poly1305
- ML-KEM-768, HKDF-SHA256, ChaCha20Poly1305
- ML-KEM-1024, HKDF-SHA256, ChaCha20Poly1305
Tip
We recommend enabling opcache and JIT if you cannot install the pqcrypto extension.
To instantiate one of these ciphersuites, you can use the Factory class, like so:
<?php use ParagonIE\HPKE\Factory; // Either approach will work fine. $ciphersuite = Factory::init('DHKEM(X25519, HKDF-SHA256), HKDF-SHA256, AES-128-GCM'); $otherCS = Factory::dhkem_p256sha256_hkdf_sha256_chacha20poly1305();
Generating and Managing Key Pairs
Once you've instantiated your ciphersuite, you can now use it to generate/load keys.
<?php use ParagonIE\HPKE\HPKE; use ParagonIE\HPKE\KEM\DHKEM\{DecapsKey, EncapsKey}; use Mdanter\Ecc\Serializer\{ PublicKey\PemPublicKeySerializer, PrivateKey\PemPrivateKeySerializer }; /** @var HPKE $hpke */ /** * @var EncapsKey $public * @var DecapsKey $secret */ [$secret, $public] = $hpke->kem->generateKeys(); // You can now use Easy-ECC or PHP-ECC to manage these keys: $decapsulationKeyToSaveToDisk = (new PemPrivateKeySerializer()) ->serialize($secret->toPrivateKey()); $encapsKeySharePublicly = (new PemPublicKeySerializer()) ->serialize($public->toPublicKey());
Setting Up Encryption Contexts
To set up an encryption context, simply use the setupBaseSender() and setupBaseReceiver()
APIs.
<?php use ParagonIE\HPKE\HPKE; use ParagonIE\HPKE\KEM\DHKEM\{DecapsKey, EncapsKey}; /** * @var HPKE $hpke * @var EncapsKey $public * @var DecapsKey $secret */ const INFO = 'my custom protocol name'; // On one side [$enc, $sender] = $hpke->setupBaseSender($public, INFO); // On te other $receiver = $hpke->setupBaseReceiver($secret, $enc, INFO); // And now you can encrypt/decrypt: $encrypted1 = $sender->seal('test message', 'first message AAD'); $decrypted1 = $receiver->open($encrypted1, 'first message AAD'); // The sequence is advanced automatically by our API
One-Shot Encryption API
<?php use ParagonIE\HPKE\HPKE; use ParagonIE\HPKE\KEM\DHKEM\{DecapsKey, EncapsKey}; /** * @var HPKE $hpke * @var EncapsKey $public * @var DecapsKey $secret */ const INFO = 'my custom protocol name'; // Sending (encryption) $sealed = $hpke->sealBase($public, 'plaintext message', 'aad', INFO); // Receiving (decryption) $opened = $hpke->openBase($secret, $sealed, 'aad', INFO);
paragonie/hpke 适用场景与选型建议
paragonie/hpke 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 26.7k 次下载、GitHub Stars 达 8, 最近一次更新时间为 2025 年 02 月 04 日, 在 PHP 生态内属于活跃度较高的组件。
我们在过去多个企业项目中使用过 paragonie/hpke 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。
基于 paragonie/hpke 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。
线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。
承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。
统计信息
- 总下载量: 26.7k
- 月度下载量: 0
- 日度下载量: 0
- 收藏数: 8
- 点击次数: 23
- 依赖项目数: 2
- 推荐数: 0
其他信息
- 授权协议: ISC
- 更新时间: 2025-02-04