PHP Classes

PASERK PHP: Extend PASETO to wrap and serialize keys

Recommend this page to a friend!
  Info   Documentation   View files Files   Install with Composer Install with Composer   Download Download   Reputation   Support forum   Blog    
Ratings Unique User Downloads Download Rankings
Not yet rated by the usersTotal: 24 All time: 11,230 This week: 571Up
Version License PHP version Categories
paserk-php 1.0.0MIT/X Consortium ...5Cryptography
Description 

Author

This package can extend PASETO to wrap and serialize keys.

It provides classes that can perform several operations with keys used by the PHP implementation of the PASETO security tokens specification.

Currently, it provides classes that implement:

- Types of data that can be encoded and decoded, like seals and secret passwords

- Operations with the types of data like wrapping and serialization

Innovation Award
PHP Programming Innovation award nominee
November 2022
Number 6
PASETO is an approach to sign, encrypt and decrypt data that is more secure than other approaches like JSON Web Tokens.

PASERK extends the PHP PASETO to add more functionality for serializing and wrapping kets used by PASETO. This possibility helps developers to use keys on different platforms.

Manuel Lemos
Picture of Scott Arciszewski
  Performance   Level  
Name: Scott Arciszewski <contact>
Classes: 37 packages by
Country: United States United States
Age: ???
All time rank: 1173170 in United States United States
Week rank: 164 Up23 in United States United States Up
Innovation award
Innovation award
Nominee: 28x

Winner: 1x

Documentation

PASERK (PHP Documentation)

PASERK is an extension to PASETO that provides key-wrapping and serialization.

To understand the motivation behind PASERK, please refer to the PASERK Specification.

What Is PASERK Anyway?

PASERKs are serialized keys for use with PASETO. PASERK is short for "Platform-Agnostic SERialized Keys".

A serialized key in PASERK has the format:

k[version].[type].[data]

Each PASERK version corresponds directly with the PASETO version a serialized key is intended to be used with, and it MUST NOT be used for another version.

Each PASERK type is a composition of one or more PASERK operations.

Please refer to the PASERK specification if you'd like to learn more about the types/operations.

This section merely focuses on how to use the PHP implementation.

Working with PASERK Types in PHP

For local-wrap and secret-wrap, the key-wrapping protocols this library implements are listed in this directory.

What About the PASERK Operations?

We do not recommend interfacing directly with the PASERK Operations.

Use the PASERK Types instead.


Details

PASERK (PHP)

Build Status Latest Stable Version Latest Unstable Version License Downloads

Platform Agnostic SERialized Keys. Requires PHP 7.1 or newer.

PASERK Specification

The PASERK Specification can be found in this repository.

Installing

composer require paragonie/paserk

PASERK Library Versions

  • PASERK PHP Version 2 * Requires PHP 8.1+ * PASETO versions: `v3`, `v4` * This means only the corresponding `k3` and `k4` modes are implemented.
  • PASERK PHP Version 1 * Requires PHP 7.1+ * PASETO versions: `v1`, `v2`, `v3`, `v4` * This provides a stable reference implementation for the PASERK specification.

Documentation

See this directory for the documentation.

Example: Public-key Encryption

Wrapping

<?php
use ParagonIE\Paseto\Builder;
use ParagonIE\Paseto\Keys\SymmetricKey;
use ParagonIE\Paseto\Protocol\Version4;
use ParagonIE\Paserk\Operations\Key\SealingPublicKey;
use ParagonIE\Paserk\Types\Seal;

$version = new Version4();

// First, you need a sealing keypair.

// $sealingSecret = ParagonIE\Paserk\Operations\Key\SealingSecretKey::generate();
// $sealingPublic = $sealingSecret->getPublicKey();
// var_dump($sealingSecret->encode(), $sealingPublic->encode());

$sealingPublic = SealingPublicKey::fromEncodedString(
    "vdd1m2Eri8ggYYR5YtnmEninoiCxH1eguGNKe4pes3g",
    $version
);
$sealer = new Seal($sealingPublic);

// Generate a random one-time key, which will be encrypted with the public key:
$key = SymmetricKey::generate($version);

// Seal means "public key encryption":
$paserk = $sealer->encode($key);

// Now let's associate this PASERK with a PASETO that uses the local key:
$paseto = Builder::getLocal($key, $version)
    ->with('test', 'readme')
    ->withExpiration(
        (new DateTime('NOW'))
            ->add(new DateInterval('P01D'))
    )
    ->withFooterArray(['kid' => $sealer->id($key)])
    ->toString();

var_dump($paserk, $paseto);

Unwrapping

<?php
use ParagonIE\Paseto\Protocol\Version4;
use ParagonIE\Paserk\Operations\Key\SealingSecretKey;
use ParagonIE\Paserk\Types\Lid;
use ParagonIE\Paserk\Types\Seal;
use ParagonIE\Paseto\Parser as PasetoParser;
use ParagonIE\Paseto\ProtocolCollection;

$version = new Version4();

// From previous example:
$paserk = "k4.seal.F2qE4x0JfqT7JYhOB7S12SikvLaRuEpxRkgxxHfh4hVpE1JfwIDnreuhs9v5gjoBl3WTVjdIz6NkwQdqRoS2EDc3yGvdf_Da4K1xUSJ8IVTn4HQeol5ruYwjQlA_Ph4N";
$paseto = "v4.local.hYG-BfpTTM3bb-xZ-q5-w77XGayS4WA8kA5R5ZL85u3nzgrWba5NdqgIouFn71CJyGAff1eloirzz3sWRdVXnDeSIYxXDIerNkbLI5ALn24JehhSLKrv8R2-yhfo_XZF9XEASXtwrOyMNjeEAan5kqO6Dg.eyJraWQiOiJrNC5saWQueDAycGJDRmhxU1Q4endnbEJyR3VqWE9LYU5kRkJjY1dsTFFRN0pzcGlZM18ifQ";

// Keys for unsealing:
$sealingSecret = SealingSecretKey::fromEncodedString(
    "j043XiZTuGLleB0kAy8f3Tz-lEePK_ynEWPp4OyB-lS913WbYSuLyCBhhHli2eYSeKeiILEfV6C4Y0p7il6zeA",
    $version
);
$sealingPublic = $sealingSecret->getPublicKey();

// Unwrap the sytmmetric key for `v4.local.` tokens.
$sealer = new Seal($sealingPublic, $sealingSecret);
$unwrapped = $sealer->decode($paserk);

// Parse the PASETO
$parsed = PasetoParser::getLocal($unwrapped, ProtocolCollection::v4())
    ->parse($paseto);

// Get the claims from the parsed and validated token:
var_dump($parsed->getClaims());
/*
array(2) {
  ["test"]=>
  string(6) "readme"
  ["exp"]=>
  string(25) "2038-01-19T03:14:08+00:00"
}
*/

// Observe the Key ID is the same as the value stored in the footer.
var_dump(Lid::encode($version, $paserk));
var_dump($parsed->getFooterArray()['kid']);
/*
string(51) "k4.lid.x02pbCFhqST8zwglBrGujXOKaNdFBccWlLQQ7JspiY3_"
string(51) "k4.lid.x02pbCFhqST8zwglBrGujXOKaNdFBccWlLQQ7JspiY3_"
*/

PASERK Feature Coverage


  Files folder image Files (99)  
File Role Description
Files folder image.github (1 directory)
Files folder imagedocs (1 file, 2 directories)
Files folder imagesrc (6 files, 2 directories)
Files folder imagetests (2 files, 4 directories)
Accessible without login Plain text file composer.json Data Auxiliary data
Accessible without login Plain text file LICENSE Lic. License text
Accessible without login Plain text file phpunit.xml Data Auxiliary data
Accessible without login Plain text file psalm.xml Data Auxiliary data
Accessible without login Plain text file README.md Doc. Read me

  Files folder image Files (99)  /  .github  
File Role Description
Files folder imageworkflows (1 file)

  Files folder image Files (99)  /  .github  /  workflows  
File Role Description
  Accessible without login Plain text file ci.yml Data Auxiliary data

  Files folder image Files (99)  /  docs  
File Role Description
Files folder imageTypes (11 files)
Files folder imageWrap (2 files)
  Accessible without login Plain text file README.md Doc. Documentation

  Files folder image Files (99)  /  docs  /  Types  
File Role Description
  Accessible without login Plain text file Lid.md Doc. Documentation
  Accessible without login Plain text file Local.md Doc. Documentation
  Accessible without login Plain text file LocalPW.md Doc. Documentation
  Accessible without login Plain text file LocalWrap.md Doc. Documentation
  Accessible without login Plain text file Pid.md Doc. Documentation
  Accessible without login Plain text file PublicType.md Doc. Documentation
  Accessible without login Plain text file Seal.md Doc. Documentation
  Accessible without login Plain text file SecretPW.md Doc. Documentation
  Accessible without login Plain text file SecretType.md Doc. Documentation
  Accessible without login Plain text file SecretWrap.md Doc. Documentation
  Accessible without login Plain text file Sid.md Doc. Documentation

  Files folder image Files (99)  /  docs  /  Wrap  
File Role Description
  Accessible without login Plain text file pie.md Data Auxiliary data
  Accessible without login Plain text file README.md Doc. Documentation

  Files folder image Files (99)  /  src  
File Role Description
Files folder imageOperations (6 files, 4 directories)
Files folder imageTypes (11 files)
  Accessible without login Plain text file ConstraintTrait.php Class Class source
  Accessible without login Plain text file IdCommonTrait.php Class Class source
  Accessible without login Plain text file IdInterface.php Class Class source
  Accessible without login Plain text file PaserkException.php Class Class source
  Accessible without login Plain text file PaserkTypeInterface.php Class Class source
  Accessible without login Plain text file Util.php Class Class source

  Files folder image Files (99)  /  src  /  Operations  
File Role Description
Files folder imageKey (2 files)
Files folder imagePBKW (2 files)
Files folder imagePKE (3 files)
Files folder imageWrap (1 file)
  Accessible without login Plain text file PBKW.php Class Class source
  Accessible without login Plain text file PBKWInterface.php Class Class source
  Accessible without login Plain text file PKE.php Class Class source
  Accessible without login Plain text file PKEInterface.php Class Class source
  Accessible without login Plain text file Wrap.php Class Class source
  Accessible without login Plain text file WrapInterface.php Class Class source

  Files folder image Files (99)  /  src  /  Operations  /  Key  
File Role Description
  Accessible without login Plain text file SealingPublicKey.php Class Class source
  Accessible without login Plain text file SealingSecretKey.php Class Class source

  Files folder image Files (99)  /  src  /  Operations  /  PBKW  
File Role Description
  Accessible without login Plain text file PBKWv3.php Class Class source
  Accessible without login Plain text file PBKWv4.php Class Class source

  Files folder image Files (99)  /  src  /  Operations  /  PKE  
File Role Description
  Accessible without login Plain text file PKETrait.php Class Class source
  Accessible without login Plain text file PKEv3.php Class Class source
  Accessible without login Plain text file PKEv4.php Class Class source

  Files folder image Files (99)  /  src  /  Operations  /  Wrap  
File Role Description
  Accessible without login Plain text file Pie.php Class Class source

  Files folder image Files (99)  /  src  /  Types  
File Role Description
  Accessible without login Plain text file Lid.php Class Class source
  Accessible without login Plain text file Local.php Class Class source
  Accessible without login Plain text file LocalPW.php Class Class source
  Accessible without login Plain text file LocalWrap.php Class Class source
  Accessible without login Plain text file Pid.php Class Class source
  Accessible without login Plain text file PublicType.php Class Class source
  Accessible without login Plain text file Seal.php Class Class source
  Accessible without login Plain text file SecretPW.php Class Class source
  Accessible without login Plain text file SecretType.php Class Class source
  Accessible without login Plain text file SecretWrap.php Class Class source
  Accessible without login Plain text file Sid.php Class Class source

  Files folder image Files (99)  /  tests  
File Role Description
Files folder imageKAT (11 files)
Files folder imageOperations (3 files, 1 directory)
Files folder imagetest-vectors (23 files)
Files folder imageTypes (8 files)
  Accessible without login Plain text file KnownAnswers.php Class Class source
  Accessible without login Plain text file UtilTest.php Class Class source

  Files folder image Files (99)  /  tests  /  KAT  
File Role Description
  Accessible without login Plain text file LidTest.php Class Class source
  Accessible without login Plain text file LocalPWTest.php Class Class source
  Accessible without login Plain text file LocalTest.php Class Class source
  Accessible without login Plain text file LocalWrapPieTest.php Class Class source
  Accessible without login Plain text file PidTest.php Class Class source
  Accessible without login Plain text file PublicTest.php Class Class source
  Accessible without login Plain text file SealTest.php Class Class source
  Accessible without login Plain text file SecretPWTest.php Class Class source
  Accessible without login Plain text file SecretTest.php Class Class source
  Accessible without login Plain text file SecretWrapPieTest.php Class Class source
  Accessible without login Plain text file SidTest.php Class Class source

  Files folder image Files (99)  /  tests  /  Operations  
File Role Description
Files folder imageWrap (1 file)
  Accessible without login Plain text file PBKWTest.php Class Class source
  Accessible without login Plain text file PKETest.php Class Class source
  Accessible without login Plain text file WrapTest.php Class Class source

  Files folder image Files (99)  /  tests  /  Operations  /  Wrap  
File Role Description
  Accessible without login Plain text file PieTest.php Class Class source

  Files folder image Files (99)  /  tests  /  test-vectors  
File Role Description
  Accessible without login Plain text file k3.lid.json Data Auxiliary data
  Accessible without login Plain text file k3.local-pw.json Data Auxiliary data
  Accessible without login Plain text file k3.local-wrap.pie.json Data Auxiliary data
  Accessible without login Plain text file k3.local.json Data Auxiliary data
  Accessible without login Plain text file k3.pid.json Data Auxiliary data
  Accessible without login Plain text file k3.public.json Data Auxiliary data
  Accessible without login Plain text file k3.seal.json Data Auxiliary data
  Accessible without login Plain text file k3.secret-pw.json Data Auxiliary data
  Accessible without login Plain text file k3.secret-wrap.pie.json Data Auxiliary data
  Accessible without login Plain text file k3.secret.json Data Auxiliary data
  Accessible without login Plain text file k3.sid.json Data Auxiliary data
  Accessible without login Plain text file k4.lid.json Data Auxiliary data
  Accessible without login Plain text file k4.local-pw.json Data Auxiliary data
  Accessible without login Plain text file k4.local-wrap.pie.json Data Auxiliary data
  Accessible without login Plain text file k4.local.json Data Auxiliary data
  Accessible without login Plain text file k4.pid.json Data Auxiliary data
  Accessible without login Plain text file k4.public.json Data Auxiliary data
  Accessible without login Plain text file k4.seal.json Data Auxiliary data
  Accessible without login Plain text file k4.secret-pw.json Data Auxiliary data
  Accessible without login Plain text file k4.secret-wrap.pie.json Data Auxiliary data
  Accessible without login Plain text file k4.secret.json Data Auxiliary data
  Accessible without login Plain text file k4.sid.json Data Auxiliary data
  Accessible without login Plain text file README.md Doc. Documentation

  Files folder image Files (99)  /  tests  /  Types  
File Role Description
  Accessible without login Plain text file LocalPWTest.php Class Class source
  Accessible without login Plain text file LocalTest.php Class Class source
  Accessible without login Plain text file LocalWrapTest.php Class Class source
  Accessible without login Plain text file PublicTest.php Class Class source
  Accessible without login Plain text file SealTest.php Class Class source
  Accessible without login Plain text file SecretPWTest.php Class Class source
  Accessible without login Plain text file SecretTest.php Class Class source
  Accessible without login Plain text file SecretWrapTest.php Class Class source

The PHP Classes site has supported package installation using the Composer tool since 2013, as you may verify by reading this instructions page.
Install with Composer Install with Composer
 Version Control Unique User Downloads Download Rankings  
 100%
Total:24
This week:0
All time:11,230
This week:571Up