PHP Class ParagonIE\Halite\File

Cryptography operations for the filesystem. This library makes heavy use of return-type declarations, which are a PHP 7 only feature. Read more about them here:

Show file Open project: paragonie/halite Class Usage Examples

Public Methods

Method	Description
checksum ( string \| resource $filePath, Key $key = null, boolean $raw = false ) : string	Calculate the BLAKE2b-512 checksum of a file. This method doesn't load the entire file into memory. You may optionally supply a key to use in the BLAKE2b hash.
checksum ( string \| resource $filePath, Key $key = null, mixed $encoding = Halite::ENCODE_BASE64URLSAFE ) : string	Calculate the BLAKE2b-512 checksum of a file. This method doesn't load the entire file into memory. You may optionally supply a key to use in the BLAKE2b hash.
decrypt ( string \| resource $input, string \| resource $output, EncryptionKey $key ) : boolean	Decrypt a file using symmetric-key authenticated encryption.
encrypt ( string \| resource $input, string \| resource $output, EncryptionKey $key ) : integer	Encrypt a file using symmetric authenticated encryption.
seal ( string \| resource $input, string \| resource $output, EncryptionPublicKey $publicKey ) : integer	Encrypt a file using anonymous public-key encryption (with ciphertext authentication).
sign ( string \| resource $filename, SignatureSecretKey $secretKey, boolean $raw_binary = false ) : string	Calculate a digital signature (Ed25519) of a file
sign ( string \| resource $filename, SignatureSecretKey $secretKey, mixed $encoding = Halite::ENCODE_BASE64URLSAFE ) : string	Calculate a digital signature (Ed25519) of a file
unseal ( string \| resource $input, string \| resource $output, EncryptionSecretKey $secretKey ) : boolean	Decrypt a file using anonymous public-key encryption. Ciphertext integrity is still assured thanks to the Encrypt-then-MAC construction.
verify ( string \| resource $filename, SignaturePublicKey $publicKey, string $signature, boolean $raw_binary = false ) : boolean	Verify a digital signature for a file.
verify ( string \| resource $filename, SignaturePublicKey $publicKey, string $signature, mixed $encoding = Halite::ENCODE_BASE64URLSAFE ) : boolean	Verify a digital signature for a file.

Protected Methods

Method	Description
checksumData ( StreamInterface $fileStream, Key $key = null, boolean $raw = false ) : string	Calculate the BLAKE2b checksum of the contents of a file
checksumData ( StreamInterface $fileStream, Key $key = null, mixed $encoding = Halite::ENCODE_BASE64URLSAFE ) : string	Calculate the BLAKE2b checksum of the contents of a file
decryptData ( ReadOnlyFile $input, MutableFile $output, EncryptionKey $key ) : boolean	Decrypt the contents of a file.
encryptData ( ReadOnlyFile $input, MutableFile $output, EncryptionKey $key ) : integer	Encrypt the contents of a file.
getConfig ( string $header, string $mode = 'encrypt' ) : Config	Get the configuration
getConfigChecksum ( integer $major, integer $minor ) : array	Get the configuration for encrypt operations
getConfigEncrypt ( integer $major, integer $minor ) : array	Get the configuration for encrypt operations
getConfigSeal ( integer $major, integer $minor ) : array	Get the configuration for seal operations
sealData ( ReadOnlyFile $input, MutableFile $output, EncryptionPublicKey $publicKey ) : integer	Seal the contents of a file.
signData ( ReadOnlyFile $input, SignatureSecretKey $secretKey, boolean $raw_binary = false ) : string	Sign the contents of a file
signData ( ReadOnlyFile $input, SignatureSecretKey $secretKey, mixed $encoding = Halite::ENCODE_BASE64URLSAFE ) : string	Sign the contents of a file
splitKeys ( Key $master, string $salt = '', Config $config = null ) : array	Split a key using HKDF-BLAKE2b
unsealData ( ReadOnlyFile $input, MutableFile $output, EncryptionSecretKey $secretKey ) : boolean	Unseal the contents of a file.
verifyData ( ReadOnlyFile $input, SignaturePublicKey $publicKey, string $signature, boolean $raw_binary = false ) : boolean	Verify the contents of a file
verifyData ( ReadOnlyFile $input, SignaturePublicKey $publicKey, string $signature, mixed $encoding = Halite::ENCODE_BASE64URLSAFE ) : boolean	Verify the contents of a file

Private Methods

Method	Description
__construct ( )	Don't allow this to be instantiated.
streamDecrypt ( ReadOnlyFile $input, MutableFile $output, EncryptionKey $encKey, string $nonce, string $mac, Config $config, array &$chunk_macs ) : boolean	Stream decryption - Do not call directly
streamEncrypt ( ReadOnlyFile $input, MutableFile $output, EncryptionKey $encKey, string $nonce, string $mac, Config $config ) : integer	Stream encryption - Do not call directly
streamVerify ( ReadOnlyFile $input, resource \| string $mac, Config $config ) : array	Recalculate and verify the HMAC of the input file

Method Details

checksum() public static method

Calculate the BLAKE2b-512 checksum of a file. This method doesn't load the entire file into memory. You may optionally supply a key to use in the BLAKE2b hash.

public static checksum ( string \| resource $filePath, Key $key = null, boolean $raw = false ) : string
$filePath	string \| resource	The file
$key	Key	(optional; expects SignaturePublicKey or AuthenticationKey)
$raw	boolean	Defaults to returning a hexadecimal string.
return	string	The checksum

checksum() public static method

Calculate the BLAKE2b-512 checksum of a file. This method doesn't load the entire file into memory. You may optionally supply a key to use in the BLAKE2b hash.

public static checksum ( string \| resource $filePath, Key $key = null, mixed $encoding = Halite::ENCODE_BASE64URLSAFE ) : string
$filePath	string \| resource	The file
$key	Key	(optional; expects SignaturePublicKey or AuthenticationKey)
$encoding	mixed	Which encoding scheme to use for the checksum?
return	string	The checksum

checksumData() protected static method

Calculate the BLAKE2b checksum of the contents of a file

protected static checksumData ( StreamInterface $fileStream, Key $key = null, boolean $raw = false ) : string
$fileStream	StreamInterface
$key	Key
$raw	boolean
return	string

checksumData() protected static method

Calculate the BLAKE2b checksum of the contents of a file

protected static checksumData ( StreamInterface $fileStream, Key $key = null, mixed $encoding = Halite::ENCODE_BASE64URLSAFE ) : string
$fileStream	StreamInterface
$key	Key
$encoding	mixed	Which encoding scheme to use for the checksum?
return	string

decrypt() public static method

Decrypt a file using symmetric-key authenticated encryption.

public static decrypt ( string \| resource $input, string \| resource $output, EncryptionKey $key ) : boolean
$input	string \| resource	File name or file handle
$output	string \| resource	File name or file handle
$key	EncryptionKey	Symmetric encryption key
return	boolean	TRUE if successful

decryptData() protected static method

Decrypt the contents of a file.

protected static decryptData ( ReadOnlyFile $input, MutableFile $output, EncryptionKey $key ) : boolean
$input	ReadOnlyFile
$output	MutableFile
$key	EncryptionKey
return	boolean

encrypt() public static method

Encrypt a file using symmetric authenticated encryption.

public static encrypt ( string \| resource $input, string \| resource $output, EncryptionKey $key ) : integer
$input	string \| resource	File name or file handle
$output	string \| resource	File name or file handle
$key	EncryptionKey	Symmetric encryption key
return	integer	Number of bytes written

encryptData() protected static method

Encrypt the contents of a file.

protected static encryptData ( ReadOnlyFile $input, MutableFile $output, EncryptionKey $key ) : integer
$input	ReadOnlyFile
$output	MutableFile
$key	EncryptionKey
return	integer

getConfig() protected static method

Get the configuration

protected static getConfig ( string $header, string $mode = 'encrypt' ) : Config
$header	string
$mode	string
return	Config

getConfigChecksum() protected static method

Get the configuration for encrypt operations

protected static getConfigChecksum ( integer $major, integer $minor ) : array
$major	integer
$minor	integer
return	array

getConfigEncrypt() protected static method

Get the configuration for encrypt operations

protected static getConfigEncrypt ( integer $major, integer $minor ) : array
$major	integer
$minor	integer
return	array

getConfigSeal() protected static method

Get the configuration for seal operations

protected static getConfigSeal ( integer $major, integer $minor ) : array
$major	integer
$minor	integer
return	array

seal() public static method

Encrypt a file using anonymous public-key encryption (with ciphertext authentication).

public static seal ( string \| resource $input, string \| resource $output, EncryptionPublicKey $publicKey ) : integer
$input	string \| resource	File name or file handle
$output	string \| resource	File name or file handle
$publicKey	EncryptionPublicKey	Recipient's encryption public key
return	integer	Number of bytes written

sealData() protected static method

Seal the contents of a file.

protected static sealData ( ReadOnlyFile $input, MutableFile $output, EncryptionPublicKey $publicKey ) : integer
$input	ReadOnlyFile
$output	MutableFile
$publicKey	EncryptionPublicKey
return	integer

sign() public static method

Specifically: 1. Calculate the BLAKE2b-512 checksum of the file, with the signer's Ed25519 public key used as a BLAKE2b key. 2. Sign the checksum with Ed25519, using the corresponding public key.

public static sign ( string \| resource $filename, SignatureSecretKey $secretKey, boolean $raw_binary = false ) : string
$filename	string \| resource	File name or file handle
$secretKey	SignatureSecretKey	Secret key for digital signatures
$raw_binary	boolean	Default: return hexadecimal
return	string	Detached signature for the file

sign() public static method

Specifically: 1. Calculate the BLAKE2b-512 checksum of the file, with the signer's Ed25519 public key used as a BLAKE2b key. 2. Sign the checksum with Ed25519, using the corresponding public key.

public static sign ( string \| resource $filename, SignatureSecretKey $secretKey, mixed $encoding = Halite::ENCODE_BASE64URLSAFE ) : string
$filename	string \| resource	File name or file handle
$secretKey	SignatureSecretKey	Secret key for digital signatures
$encoding	mixed	Which encoding scheme to use for the signature?
return	string	Detached signature for the file

signData() protected static method

Sign the contents of a file

protected static signData ( ReadOnlyFile $input, SignatureSecretKey $secretKey, boolean $raw_binary = false ) : string
$input	ReadOnlyFile
$secretKey	SignatureSecretKey
$raw_binary	boolean	Don't hex encode?
return	string

signData() protected static method

Sign the contents of a file

protected static signData ( ReadOnlyFile $input, SignatureSecretKey $secretKey, mixed $encoding = Halite::ENCODE_BASE64URLSAFE ) : string
$input	ReadOnlyFile
$secretKey	SignatureSecretKey
$encoding	mixed	Which encoding scheme to use for the signature?
return	string

splitKeys() protected static method

Split a key using HKDF-BLAKE2b

protected static splitKeys ( Key $master, string $salt = '', Config $config = null ) : array
$master	Key
$salt	string
$config	Config
return	array

unseal() public static method

Decrypt a file using anonymous public-key encryption. Ciphertext integrity is still assured thanks to the Encrypt-then-MAC construction.

public static unseal ( string \| resource $input, string \| resource $output, EncryptionSecretKey $secretKey ) : boolean
$input	string \| resource	File name or file handle
$output	string \| resource	File name or file handle
$secretKey	EncryptionSecretKey	Recipient's encryption secret key
return	boolean	TRUE on success

unsealData() protected static method

Unseal the contents of a file.

protected static unsealData ( ReadOnlyFile $input, MutableFile $output, EncryptionSecretKey $secretKey ) : boolean
$input	ReadOnlyFile
$output	MutableFile
$secretKey	EncryptionSecretKey
return	boolean

verify() public static method

Verify a digital signature for a file.

public static verify ( string \| resource $filename, SignaturePublicKey $publicKey, string $signature, boolean $raw_binary = false ) : boolean
$filename	string \| resource	File name or file handle
$publicKey	SignaturePublicKey	Other party's signature public key
$signature	string	The signature we received
$raw_binary	boolean	TRUE if the signature is raw binary
return	boolean

verify() public static method

Verify a digital signature for a file.

public static verify ( string \| resource $filename, SignaturePublicKey $publicKey, string $signature, mixed $encoding = Halite::ENCODE_BASE64URLSAFE ) : boolean
$filename	string \| resource	File name or file handle
$publicKey	SignaturePublicKey	Other party's signature public key
$signature	string	The signature we received
$encoding	mixed	Which encoding scheme to use for the signature?
return	boolean

verifyData() protected static method

Verify the contents of a file

protected static verifyData ( ReadOnlyFile $input, SignaturePublicKey $publicKey, string $signature, boolean $raw_binary = false ) : boolean
$input	ReadOnlyFile	(file handle)
$publicKey	SignaturePublicKey
$signature	string
$raw_binary	boolean	Don't hex encode?
return	boolean

verifyData() protected static method

Verify the contents of a file

protected static verifyData ( ReadOnlyFile $input, SignaturePublicKey $publicKey, string $signature, mixed $encoding = Halite::ENCODE_BASE64URLSAFE ) : boolean
$input	ReadOnlyFile	(file handle)
$publicKey	SignaturePublicKey
$signature	string
$encoding	mixed	Which encoding scheme to use for the signature?
return	boolean