vamischenko/decorators
Composer 安装命令:
composer require vamischenko/decorators
包简介
PSR-7 stream decorators for WhatsApp media encryption and decryption
README 文档
README
PSR-7 stream decorators for encrypting and decrypting WhatsApp media files using the WhatsApp AES-256-CBC algorithm.
Requirements
- PHP 8.1+
- ext-openssl
- ext-hash
- guzzlehttp/psr7 ^2.0
Installation
composer require vamischenko/decorators
Architecture
The encryption pipeline is built from composable PSR-7 stream decorators, inspired by jeskew/php-encrypted-streams (Apache 2.0). Since that package requires guzzlehttp/psr7 ~1.0 and is no longer maintained, its core classes were adapted and included directly.
source
→ AesEncryptingStream (AES-256-CBC, cipherKey, iv)
→ AppendStream([iv, ciphertext]) ← iv prepended so HMAC covers it
→ HashingStream (HMAC-SHA256, macKey)
Encryption is true streaming — no full-file buffering. Data is processed block by block as the stream is read.
Algorithm
- Expand the 32-byte
mediaKeyto 112 bytes using HKDF with SHA-256 (RFC 5869) - Split into
iv(16 bytes),cipherKey(32),macKey(32),refKey(32) - Encrypt with AES-256-CBC + PKCS7 padding
- Compute HMAC-SHA256 over
iv + ciphertext, truncate to 10 bytes - Output:
[ciphertext][mac]
Media-type-specific HKDF info strings:
| Type | Info string |
|---|---|
| IMAGE | WhatsApp Image Keys |
| VIDEO | WhatsApp Video Keys |
| AUDIO | WhatsApp Audio Keys |
| DOCUMENT | WhatsApp Document Keys |
Usage
Encryption
use GuzzleHttp\Psr7\Utils; use Vamischenko\Decorators\KeyExpander; use Vamischenko\Decorators\MediaKey; use Vamischenko\Decorators\MediaType; use Vamischenko\Decorators\Sidecar\SidecarContext; use Vamischenko\Decorators\Stream\EncryptingStream; $mediaKey = MediaKey::generate(); // or MediaKey::fromBinary($existingKey) $expanded = (new KeyExpander())->expand($mediaKey, MediaType::IMAGE); $source = Utils::streamFor(fopen('photo.jpg', 'rb')); $sidecar = new SidecarContext($expanded->macKey); // optional, for VIDEO/AUDIO $stream = new EncryptingStream($source, $expanded, $sidecar); // Read the encrypted stream — data is processed incrementally, not buffered file_put_contents('photo.jpg.enc', (string) $stream); // For streamable media, retrieve the sidecar after reading the full stream $sidecarBytes = $sidecar->getSidecar();
Decryption
use GuzzleHttp\Psr7\Utils; use Vamischenko\Decorators\KeyExpander; use Vamischenko\Decorators\MediaKey; use Vamischenko\Decorators\MediaType; use Vamischenko\Decorators\Stream\DecryptingStream; $mediaKey = MediaKey::fromBinary($keyBytes); $expanded = (new KeyExpander())->expand($mediaKey, MediaType::IMAGE); $source = Utils::streamFor(fopen('photo.jpg.enc', 'rb')); $stream = new DecryptingStream($source, $expanded); // MAC is verified before any bytes are returned $plaintext = (string) $stream;
Exceptions
InvalidMediaKeyException— thrown when the key is not exactly 32 bytesMacVerificationException— thrown when the HMAC does not match (corrupt or tampered data)
Security
- MAC verification uses constant-time
hash_equals()to prevent timing attacks - Integrity is verified before any plaintext is returned
- Key derivation follows RFC 5869 (HKDF) with WhatsApp-specific info strings
Memory behaviour
| Stream type | Encryption | Decryption |
|---|---|---|
| Seekable (file) | Incremental — O(block) memory | Incremental — O(block) memory (MAC read via seek, then streaming AesDecryptingStream) |
| Non-seekable (HTTP) | Incremental — O(block) memory | Full ciphertext buffered (MAC is at the tail), then plaintext delivered incrementally — no second copy |
For memory-constrained environments with non-seekable sources, wrap the response body in a temp-file stream before passing it to DecryptingStream.
Sidecar
The sidecar enables random-offset decryption for VIDEO and AUDIO streams, allowing players to seek without downloading the full file.
It is generated during encryption with no additional reads from the source stream. Each 10-byte entry is the HMAC-SHA256 of the [n*64K, (n+1)*64K+16] slice of the logical combined buffer iv + ciphertext + mac, truncated to 10 bytes.
Running tests
composer install vendor/bin/phpunit
vamischenko/decorators 适用场景与选型建议
vamischenko/decorators 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 0 次下载、GitHub Stars 达 0, 最近一次更新时间为 2026 年 03 月 26 日, 在 PHP 生态内属于活跃度较高的组件。
它主要适用于以下技术方向: 「media」 「Streams」 「encryption」 「whatsapp」 「hmac」 「psr-7」 等业务场景。在实际项目中,围绕这些方向常见需要落地的问题包括:接口对接、性能调优、并发安全、与既有框架(Laravel / ThinkPHP / Yii / Webman 等)的兼容适配,以及生产环境的日志埋点与稳定性保障。
我们在过去多个企业项目中使用过 vamischenko/decorators 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。
基于 vamischenko/decorators 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。
线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。
承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。
与 vamischenko/decorators 相关的其它包
同方向 / 同关键字的高下载量 PHP Composer 包推荐,方便对比选型:
Pop Http Component for Pop PHP Framework
Simple Sharing generates social media share links within CP entry pages, allowing you to quickly & easily share entries.
A simple PHP class to encrypt a string and decrypt an encrypted string
A package for automatically encrypting and decrypting Eloquent attributes in Laravel 5.5+, based on configuration settings.
PHP streams library
Encryption with AES-256 and HMAC-SHA256
统计信息
- 总下载量: 0
- 月度下载量: 0
- 日度下载量: 0
- 收藏数: 0
- 点击次数: 42
- 依赖项目数: 0
- 推荐数: 0
其他信息
- 授权协议: MIT
- 更新时间: 2026-03-26