定制 rinzler/user-encryption 二次开发

按需修改功能、优化性能、对接业务系统,提供一站式技术支持

邮箱:yvsm@zunyunkeji.com | QQ:316430983 | 微信:yvsm316

rinzler/user-encryption

Composer 安装命令:

composer require rinzler/user-encryption

包简介

User asymmetric encryption wrapper using private and public keys for Crypton.

README 文档

README

Laravel package for per-user asymmetric encryption: legacy RSA-OAEP or ML-KEM-768 wraps the Halite / libsodium encryption secret; user content is sealed with Crypto::seal and unsealed with the user’s secret (typically from a session cookie after unlock).

Requires: PHP ^8.2, Laravel ^11 or ^12, paragonie/halite ^5.1, paragonie/pqcrypto_compat, paragonie/sodium_compat, and the host app’s App\User model with an encryption() relation and a uuid attribute (see tests/Stubs/App/User.php). Version is defined in composer.json.

Demo app (demo/)

A self-contained Laravel skeleton lives under demo/. It Composer-links the parent package from .. so you can run create / decrypt in a browser without installing from GitLab.

cd demo
composer install
cp .env.example .env && php artisan key:generate
touch database/database.sqlite
php artisan migrate --seed
php artisan serve

Package migrations load from ../src/migrations (no vendor:publish required for the schema). Optionally publish config: php artisan vendor:publish --tag=userencryption.

See demo/README.md for details and caveats (auto-login is dev-only).

Installation

composer require rinzler/user-encryption

Publish and run migrations:

php artisan vendor:publish --tag=userencryption
php artisan migrate

Register the service provider if discovery is disabled:

Rinzler\UserEncryption\UserEncryptionServiceProvider::class,

Routes ship with web, auth, and throttle:30,1 (30 attempts per minute per IP) so a standard Crypton install does not need extra route wiring for those concerns.

Routes

MethodURIRoute name
POST/encryption/newuser-encryption.new
POST/encryption/decryptuser-encryption.decrypt
  • new — Create RSA + Halite key material, store in user_encryption, set unlock cookie.
  • decrypt — Submit passphrase to unlock master key and set the same style of cookie.

Use the default web stack (session, CSRF) from the browser. Unlock cookies use HttpOnly, Secure when config('session.secure') is true, and SameSite when your Laravel cookie jar supports session.same_site.

Database

Table user_encryption (after migrate): belongs_to, rsa_master_private_key, rsa_master_public_key (legacy RSA-OAEP PEM material; empty for ML-KEM-only rows), encryption_private_key, encryption_public_key, timestamps.

Main API

  • Facade / container: UserEncryptionRinzler\UserEncryption\Support\UserEncryption (see Rinzler\UserEncryption\Facades\UserEncryption).
  • Rinzler\UserEncryption\Support\UserEncryption
    • generateEncryptionKey($passphrase) — throws RuntimeException if OpenSSL key generation fails.
    • generateAESKey() — Halite encryption keypair (hex-encoded material in the returned array; name is historical).
    • encryptAESKey / decryptAESKey — RSA-OAEP wrap/unwrap of the Halite secret (false on failure).
    • encryptString($data, $publicKeyString) / decryptString($data) — Halite seal/unseal; decryptString returns a plain string and may throw HttpResponseException for redirects when the unlock cookie is missing or invalid.

See src/ for implementation details.

Tests

From a clone of this repo (dev dependencies include Orchestra Testbench 9 and PHPUnit 11):

composer install
composer test

Tests use Orchestra Testbench with an in-memory SQLite database and a test-only App\User under tests/Stubs/App/ (your production app supplies the real App\User).

Security

This package handles high-value secrets (keys in the DB, material in cookies). Use HTTPS in production (session.secure / APP_URL), keep a strong passphrase policy in your forms if you need more than required, and review your overall threat model (XSS, DB access, backups).

License

GNU General Public License v3.0 or later (SPDX: GPL-3.0-or-later).

rinzler/user-encryption 适用场景与选型建议

rinzler/user-encryption 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 1 次下载、GitHub Stars 达 0, 最近一次更新时间为 2024 年 01 月 06 日, 在 PHP 生态内属于活跃度较高的组件。

我们在过去多个企业项目中使用过 rinzler/user-encryption 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。

围绕 rinzler/user-encryption 我们能提供哪些服务?
定制开发 / 二次开发

基于 rinzler/user-encryption 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。

BUG 修复 & 性能优化

线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。

项目外包 & 长期维护

承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。

yvsm@zunyunkeji.com QQ:316430983 微信:yvsm316 西安尊云信息科技 · 专注 PHP / Go / 分布式系统研发

统计信息

  • 总下载量: 1
  • 月度下载量: 0
  • 日度下载量: 0
  • 收藏数: 0
  • 点击次数: 13
  • 依赖项目数: 0
  • 推荐数: 0

GitHub 信息

  • Stars: 0
  • Watchers: 0
  • Forks: 0
  • 开发语言: PHP

其他信息

  • 授权协议: GPL-3.0-or-later
  • 更新时间: 2024-01-06