From 106d32a9e0e5e3488da17436c058bca19abffb86 Mon Sep 17 00:00:00 2001 From: May Meow <3164256+MayMeow@users.noreply.github.com> Date: Sun, 1 Jun 2025 13:04:28 +0200 Subject: [PATCH 1/9] Update digest algorithm in RSAParameters to sha256 for javascript compatibility --- src/RSAParameters.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/RSAParameters.php b/src/RSAParameters.php index c75ef2f..452fd57 100644 --- a/src/RSAParameters.php +++ b/src/RSAParameters.php @@ -11,7 +11,7 @@ class RSAParameters private string $passphrase; protected array $config = [ - 'digest_alg' => 'sha512', + 'digest_alg' => 'sha256', 'private_key_bits' => 4096, 'private_key_type' => OPENSSL_KEYTYPE_RSA, ]; From 5524153e3e37c6bb52b43f8b52db08e69f4e1abb Mon Sep 17 00:00:00 2001 From: May Meow <3164256+MayMeow@users.noreply.github.com> Date: Sun, 1 Jun 2025 13:17:16 +0200 Subject: [PATCH 2/9] Add getFingerprint method to RSAParameters for public key fingerprinting --- src/RSAParameters.php | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/src/RSAParameters.php b/src/RSAParameters.php index 452fd57..b0877a6 100644 --- a/src/RSAParameters.php +++ b/src/RSAParameters.php @@ -142,4 +142,23 @@ public function setConfig(array $config): void { $this->config = $config; } + + /** + * Returns the fingerprint of the public key. + * + * @param bool $md5 Whether to return the MD5 fingerprint instead of SHA-256. + * @return string The fingerprint of the public key. + */ + public function getFingerprint(bool $md5 = false): string + { + $derData = preg_replace('/-----.*?-----/', '', base64_decode($this->publicKey)); + $derData = preg_replace('/\s+/', '', $derData); + $derData = base64_decode($derData); + + if ($md5) { + return implode(':', str_split(hash('md5', $derData), 2)); + } + + return hash('sha256', $derData); + } } From 97197a95533cfe7a8140260df1a8ec9f97a52ab7 Mon Sep 17 00:00:00 2001 From: May Meow <3164256+MayMeow@users.noreply.github.com> Date: Sun, 1 Jun 2025 14:17:31 +0200 Subject: [PATCH 3/9] Fix formatting by adding a newline at the end of RSAParametersTest.php --- tests/RSAParametersTest.php | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/tests/RSAParametersTest.php b/tests/RSAParametersTest.php index 3ca144a..e35faac 100644 --- a/tests/RSAParametersTest.php +++ b/tests/RSAParametersTest.php @@ -47,6 +47,7 @@ public function canExportKeysAndImportToFile() : void $reader = new RsaParametersReader($locator); $parameters2 = $reader->read(); + // create new instance of RSA CSP with imported parameters $csp2 = new RSACryptoServiceProvider(); $csp2->setParameters($parameters2); @@ -54,4 +55,5 @@ public function canExportKeysAndImportToFile() : void // Check if imported parameters are same as parameters that was exported $this->assertEquals($text, $csp2->decrypt($encryptedText)); } -} \ No newline at end of file +} + From add0e26491d192ef86891a7e40bce5ace0efc246 Mon Sep 17 00:00:00 2001 From: May Meow <3164256+MayMeow@users.noreply.github.com> Date: Sun, 1 Jun 2025 14:17:44 +0200 Subject: [PATCH 4/9] Fix formatting by removing unnecessary newline at the end of RSAParametersTest.php --- tests/RSAParametersTest.php | 1 - 1 file changed, 1 deletion(-) diff --git a/tests/RSAParametersTest.php b/tests/RSAParametersTest.php index e35faac..b4a9866 100644 --- a/tests/RSAParametersTest.php +++ b/tests/RSAParametersTest.php @@ -56,4 +56,3 @@ public function canExportKeysAndImportToFile() : void $this->assertEquals($text, $csp2->decrypt($encryptedText)); } } - From b8339ae824654dc9d54882fbf5b257b63df10f38 Mon Sep 17 00:00:00 2001 From: May Meow <3164256+MayMeow@users.noreply.github.com> Date: Sun, 1 Jun 2025 14:18:02 +0200 Subject: [PATCH 5/9] Refactor write method in RsaParametersWriter to use getPrivateKey with encryption --- src/Tools/RsaParametersWriter.php | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/src/Tools/RsaParametersWriter.php b/src/Tools/RsaParametersWriter.php index 543f4db..6e4a426 100644 --- a/src/Tools/RsaParametersWriter.php +++ b/src/Tools/RsaParametersWriter.php @@ -31,12 +31,7 @@ public function __construct(RSAParametersLocatorInterface $locator) public function write(RSAParameters $RSAParameters): void { file_put_contents($this->locator->locatePublicKey(), $RSAParameters->getPublicKey()); + file_put_contents($this->locator->locatePrivateKey(), $RSAParameters->getPrivateKey(encrypted: true)); file_put_contents($this->locator->locatePassphrase(), $RSAParameters->getPassphrase()); - - openssl_pkey_export_to_file( - $RSAParameters->getPrivateKey(), - $this->locator->locatePrivateKey(), - $RSAParameters->getPassphrase() - ); } } From 0641e28c938f520819af15b1f76a2de3f39f1594 Mon Sep 17 00:00:00 2001 From: May Meow <3164256+MayMeow@users.noreply.github.com> Date: Sun, 1 Jun 2025 14:18:17 +0200 Subject: [PATCH 6/9] Fix nullable type hint for previous throwable in DecryptException constructor --- src/Exceptions/DecryptException.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Exceptions/DecryptException.php b/src/Exceptions/DecryptException.php index f6b7ee6..352848f 100644 --- a/src/Exceptions/DecryptException.php +++ b/src/Exceptions/DecryptException.php @@ -6,7 +6,7 @@ class DecryptException extends \Exception { - public function __construct(string $message = "Cannot decrypt text", int $code = 0, Throwable $previous = null) + public function __construct(string $message = "Cannot decrypt text", int $code = 0, ?Throwable $previous = null) { parent::__construct($message, $code, $previous); } From 5954d29bc10381bebd21311ca5ae080125bbdc8e Mon Sep 17 00:00:00 2001 From: May Meow <3164256+MayMeow@users.noreply.github.com> Date: Sun, 1 Jun 2025 14:18:34 +0200 Subject: [PATCH 7/9] Refactor RSAParameters to use nullable passphrase and improve key encryption/decryption methods --- src/RSAParameters.php | 52 ++++++++++++++++++++++++++----------------- 1 file changed, 32 insertions(+), 20 deletions(-) diff --git a/src/RSAParameters.php b/src/RSAParameters.php index b0877a6..650c2a2 100644 --- a/src/RSAParameters.php +++ b/src/RSAParameters.php @@ -8,7 +8,7 @@ class RSAParameters { private string $privateKey; private string $publicKey; - private string $passphrase; + private ?string $passphrase = 'test_passphrase'; protected array $config = [ 'digest_alg' => 'sha256', @@ -31,15 +31,9 @@ public function generateKeys(?string $passphrase = null, ?array $configArgs = nu { $keys = openssl_pkey_new($this->config); - if ($passphrase != null) { - $this->passphrase = $passphrase; - } else { - $this->passphrase = (string)rand(100000, 999999); - } - if ($keys) { - openssl_pkey_export($keys, $private, $passphrase, $configArgs); - $this->privateKey = $private; + openssl_pkey_export($keys, $private); + $this->privateKey = $this->_encryptPrivateKey(privateKey: $private); $pub = openssl_pkey_get_details($keys); @@ -51,22 +45,40 @@ public function generateKeys(?string $passphrase = null, ?array $configArgs = nu return $this; } + protected function _encryptPrivateKey(string $privateKey, string $salt = 'salt'): string + { + $aes = new AESCryptoServiceProvider(); + $aes->generateIV(); + $k = new CryptoKey(); + $key = $k->getCryptographicKey($this->passphrase, $salt); + $aes->setKey($key); + + return $aes->encrypt($privateKey); + } + + protected function _decryptPrivateKey(string $privateKey, string $salt = 'salt'): string + { + $aes = new AESCryptoServiceProvider(); + $k = new CryptoKey(); + $key = $k->getCryptographicKey($this->passphrase, $salt); + $aes->setKey($key); + + return $aes->decrypt($privateKey); + } + /** * Returns Decrypted Key * * @return string|\OpenSSLAsymmetricKey * @throws DecryptPrivateKeyException */ - public function getPrivateKey(): \OpenSSLAsymmetricKey|string + public function getPrivateKey(string $salt = 'salt', bool $encrypted = false): \OpenSSLAsymmetricKey|string { - if ($this->passphrase != null && $this->privateKey != null) { - $privateKeyResource = openssl_pkey_get_private($this->privateKey, $this->passphrase); - - if ($privateKeyResource == false) { - throw new DecryptPrivateKeyException(); - } - - return $privateKeyResource; + if (!$encrypted) { + return $this->_decryptPrivateKey( + privateKey: $this->privateKey, + salt: $salt + ); } return $this->privateKey; @@ -78,7 +90,7 @@ public function getPrivateKey(): \OpenSSLAsymmetricKey|string * @param string $privateKey * @param string $passphrase */ - public function setPrivateKey(string $privateKey, string $passphrase): void + public function setPrivateKey(string $privateKey, string $passphrase, string $salt = 'salt'): void { $this->passphrase = $passphrase; $this->privateKey = $privateKey; @@ -109,7 +121,7 @@ public function setPublicKey(string $publicKey): void * * @return string */ - public function getPassphrase(): string + public function getPassphrase(): ?string { return $this->passphrase; } From b25e788c5916adea0a5eda4a9f95ba8d75397658 Mon Sep 17 00:00:00 2001 From: May Meow <3164256+MayMeow@users.noreply.github.com> Date: Sun, 1 Jun 2025 14:46:30 +0200 Subject: [PATCH 8/9] Change access level of _encryptPrivateKey and _decryptPrivateKey methods from protected to private --- src/RSAParameters.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/RSAParameters.php b/src/RSAParameters.php index 650c2a2..800c270 100644 --- a/src/RSAParameters.php +++ b/src/RSAParameters.php @@ -45,7 +45,7 @@ public function generateKeys(?string $passphrase = null, ?array $configArgs = nu return $this; } - protected function _encryptPrivateKey(string $privateKey, string $salt = 'salt'): string + private function _encryptPrivateKey(string $privateKey, string $salt = 'salt'): string { $aes = new AESCryptoServiceProvider(); $aes->generateIV(); @@ -56,7 +56,7 @@ protected function _encryptPrivateKey(string $privateKey, string $salt = 'salt') return $aes->encrypt($privateKey); } - protected function _decryptPrivateKey(string $privateKey, string $salt = 'salt'): string + private function _decryptPrivateKey(string $privateKey, string $salt = 'salt'): string { $aes = new AESCryptoServiceProvider(); $k = new CryptoKey(); From 1deb04930026ab0f6d12107d27ad24627db938bd Mon Sep 17 00:00:00 2001 From: May Meow <3164256+MayMeow@users.noreply.github.com> Date: Sun, 1 Jun 2025 14:48:40 +0200 Subject: [PATCH 9/9] Refactor RSAParameters to rename private methods for encrypting and decrypting private keys, improving consistency and readability --- src/RSAParameters.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/RSAParameters.php b/src/RSAParameters.php index 800c270..098b5f9 100644 --- a/src/RSAParameters.php +++ b/src/RSAParameters.php @@ -33,7 +33,7 @@ public function generateKeys(?string $passphrase = null, ?array $configArgs = nu if ($keys) { openssl_pkey_export($keys, $private); - $this->privateKey = $this->_encryptPrivateKey(privateKey: $private); + $this->privateKey = $this->encryptPrivateKey(privateKey: $private); $pub = openssl_pkey_get_details($keys); @@ -45,7 +45,7 @@ public function generateKeys(?string $passphrase = null, ?array $configArgs = nu return $this; } - private function _encryptPrivateKey(string $privateKey, string $salt = 'salt'): string + private function encryptPrivateKey(string $privateKey, string $salt = 'salt'): string { $aes = new AESCryptoServiceProvider(); $aes->generateIV(); @@ -56,7 +56,7 @@ private function _encryptPrivateKey(string $privateKey, string $salt = 'salt'): return $aes->encrypt($privateKey); } - private function _decryptPrivateKey(string $privateKey, string $salt = 'salt'): string + private function decryptPrivateKey(string $privateKey, string $salt = 'salt'): string { $aes = new AESCryptoServiceProvider(); $k = new CryptoKey(); @@ -75,7 +75,7 @@ private function _decryptPrivateKey(string $privateKey, string $salt = 'salt'): public function getPrivateKey(string $salt = 'salt', bool $encrypted = false): \OpenSSLAsymmetricKey|string { if (!$encrypted) { - return $this->_decryptPrivateKey( + return $this->decryptPrivateKey( privateKey: $this->privateKey, salt: $salt );