Skip to content
/ crypto Public

OpenSSL wrapper that handles X509 certificates and PKCS #12 keystores.

Notifications You must be signed in to change notification settings

secoya/crypto

Repository files navigation

Certificate library

This library wraps the php openssl extension, allowing you to handle PKCS #12 keystores, X509 Certificates and OpenSSH keys in an object oriented way.

Functionality

  • PKCS #12 keystore handling
  • X509 certificate information
  • CRL check
  • PrivateKey de/encryption
  • Check signatures

Exceptions


All error reporting is based on exceptions. php_openssl usually requires you to check last_error after an operation, the library does this for you and throws an exception if something failed.

Simple example

Signing with a private key from a keystore

Given a PKCS #12 keystore the library can extract the private key and sign any message with it, returning the signature:

<?php
try {
	$passphrase = 'keystore passphrase';
	$keyStore = PKCS12::initFromFile('path/to/keystore.pkcs12', $passphrase);
	$signature = $keyStore->privateKey->sign($message);
} catch(KeyStoreDecryptionFailedException $e) {
	die('Wrong passphrase.');
}
return $signature;

Verifying a signature

To verify a signature against a message you simply need the X509Certificate holding the public key that corresponds to the private key the message was signed with.

<?php
$pemCert = 'base64 encoded string';
$certificate =  new X509Certificate($pemCert);
$valid = $certificate->publicKey->verify($message, $signature);
if($valid) {
	echo 'Signature is valid';
} else {
	echo 'Signature is invalid';
}

Signing with an openssh private key

OpenSSH private keys are also handled by this library.

<?php
try {
	$passphrase = 'private key passphrase';
	$privateKey = PrivateKey::initFromFile('~/.ssh/id_rsa', $passphrase);
	$signature = $privateKey->sign($message);
} catch(PrivateKeyDecryptionFailedException $e) {
	die('Wrong passphrase.');
}
return $signature;

Initialize X509 certificates using a base64 encoded string

<?php
$pemCert = 'base64 encoded string';
$certificate =  new X509Certificate($pemCert);

Check the certificate revocation list

<?php
$certificate->checkCRL(array('path/to/intermediate_certificates'));

About

OpenSSL wrapper that handles X509 certificates and PKCS #12 keystores.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages