PHP Class Neos\Flow\Security\Cryptography\RsaWalletServicePhp

Inheritance: implements Neos\Flow\Security\Cryptography\RsaWalletServiceInterface
Datei anzeigen Open project: neos/flow-development-collection Class Usage Examples

Protected Properties

Property Type Description
$keys array
$keystorePathAndFilename string
$openSSLConfiguration array The openSSL configuration
$saveKeysOnShutdown boolean

Public Methods

Method Description
checkRSAEncryptedPassword ( string $encryptedPassword, string $passwordHash, string $salt, string $fingerprint ) : boolean Checks if the given encrypted password is correct by comparing it's md5 hash. The salt is appended to the decrypted password string before hashing.
decrypt ( string $cipher, string $fingerprint ) : string Decrypts the given cipher with the private key identified by the given fingerprint Note: You should never decrypt a password with this function. Use checkRSAEncryptedPassword() to check passwords!
destroyKeypair ( string $fingerprint ) : void Destroys the keypair identified by the given fingerprint
encryptWithPublicKey ( string $plaintext, string $fingerprint ) : string Encrypts the given plaintext with the public key identified by the given fingerprint
generateNewKeypair ( boolean $usedForPasswords = false ) : string Generates a new keypair and returns a fingerprint to refer to it
getFingerprintByPublicKey ( string $publicKeyString ) : string Generate an OpenSSH fingerprint for a RSA public key
getPublicKey ( string $fingerprint ) : OpenSslRsaKey Returns the public key for the given fingerprint
initializeObject ( ) : void Initializes the rsa wallet service by fetching the keys from the keystore file
injectSettings ( array $settings ) : void Injects the OpenSSL configuration to be used
registerKeyPairFromPrivateKeyString ( string $privateKeyString, boolean $usedForPasswords = false ) : string Adds the specified keypair to the local store and returns a fingerprint to refer to it.
registerPublicKeyFromString ( string $publicKeyString ) : string Adds the specified public key to the wallet and returns a fingerprint to refer to it.
shutdownObject ( ) : void Stores the keys array in the keystore file
sign ( string $plaintext, string $fingerprint ) : string Signs the given plaintext with the private key identified by the given fingerprint
verifySignature ( string $plaintext, string $signature, string $fingerprint ) : boolean Checks whether the given signature is valid for the given plaintext with the public key identified by the given fingerprint

Private Methods

Method Description
decryptWithPrivateKey ( string $cipher, OpenSslRsaKey $privateKey ) : string Decrypts the given ciphertext with the given private key
getModulus ( resource $keyResource ) : string Exports the public modulus HEX string from the KeyResource
getPrivateKeyString ( resource $keyResource ) : string Exports the private key string from the KeyResource
getPublicKeyString ( resource $keyResource ) : string Exports the public key string from the KeyResource
sshConvertMpint ( string $bytes ) : string Convert a binary representation of a multiple precision integer to mpint format defined for SSH RSA key exchange (used in "ssh-rsa" format).
storeKeyPair ( OpenSslRsaKey $publicKey, OpenSslRsaKey $privateKey, boolean $usedForPasswords ) : string Stores the given keypair and returns its fingerprint.

Method Details

checkRSAEncryptedPassword() public method

Checks if the given encrypted password is correct by comparing it's md5 hash. The salt is appended to the decrypted password string before hashing.
public checkRSAEncryptedPassword ( string $encryptedPassword, string $passwordHash, string $salt, string $fingerprint ) : boolean
$encryptedPassword string The received, RSA encrypted password to check
$passwordHash string The md5 hashed password string (md5(md5(password) . salt))
$salt string The salt used in the md5 password hash
$fingerprint string The fingerprint to identify the private key (RSA public key fingerprint)
return boolean TRUE if the password is correct

decrypt() public method

Decrypts the given cipher with the private key identified by the given fingerprint Note: You should never decrypt a password with this function. Use checkRSAEncryptedPassword() to check passwords!
public decrypt ( string $cipher, string $fingerprint ) : string
$cipher string cipher text to decrypt
$fingerprint string The fingerprint to identify the private key (RSA public key fingerprint)
return string The decrypted text

destroyKeypair() public method

Destroys the keypair identified by the given fingerprint
public destroyKeypair ( string $fingerprint ) : void
$fingerprint string The fingerprint
return void

encryptWithPublicKey() public method

Encrypts the given plaintext with the public key identified by the given fingerprint
public encryptWithPublicKey ( string $plaintext, string $fingerprint ) : string
$plaintext string The plaintext to encrypt
$fingerprint string The fingerprint to identify to correct public key
return string The ciphertext

generateNewKeypair() public method

Generates a new keypair and returns a fingerprint to refer to it
public generateNewKeypair ( boolean $usedForPasswords = false ) : string
$usedForPasswords boolean TRUE if this keypair should be used to encrypt passwords (then decryption won't be allowed!).
return string The RSA public key fingerprint for reference

getFingerprintByPublicKey() public method

See for reference of OpenSSH "ssh-rsa" key format. The fingerprint is obtained by applying an MD5 hash on the raw public key bytes. If you have a PEM encoded private key, you can generate the same fingerprint using this: ssh-keygen -yf my-key.pem > my-key.pub ssh-keygen -lf my-key.pub
public getFingerprintByPublicKey ( string $publicKeyString ) : string
$publicKeyString string RSA public key, PKCS1 encoded
return string The public key fingerprint

getPublicKey() public method

Returns the public key for the given fingerprint
public getPublicKey ( string $fingerprint ) : OpenSslRsaKey
$fingerprint string The fingerprint of the stored key
return OpenSslRsaKey The public key

initializeObject() public method

Initializes the rsa wallet service by fetching the keys from the keystore file
public initializeObject ( ) : void
return void

injectSettings() public method

Injects the OpenSSL configuration to be used
public injectSettings ( array $settings ) : void
$settings array
return void

registerKeyPairFromPrivateKeyString() public method

Adds the specified keypair to the local store and returns a fingerprint to refer to it.
public registerKeyPairFromPrivateKeyString ( string $privateKeyString, boolean $usedForPasswords = false ) : string
$privateKeyString string The private key in its string representation
$usedForPasswords boolean TRUE if this keypair should be used to encrypt passwords (then decryption won't be allowed!).
return string The RSA public key fingerprint for reference

registerPublicKeyFromString() public method

This is helpful if you have not private key and want to use this key only to verify incoming data.
public registerPublicKeyFromString ( string $publicKeyString ) : string
$publicKeyString string The public key in its string representation
return string The RSA public key fingerprint for reference

shutdownObject() public method

Stores the keys array in the keystore file
public shutdownObject ( ) : void
return void

sign() public method

Signs the given plaintext with the private key identified by the given fingerprint
public sign ( string $plaintext, string $fingerprint ) : string
$plaintext string The plaintext to sign
$fingerprint string The fingerprint to identify the private key (RSA public key fingerprint)
return string The signature of the given plaintext

verifySignature() public method

Checks whether the given signature is valid for the given plaintext with the public key identified by the given fingerprint
public verifySignature ( string $plaintext, string $signature, string $fingerprint ) : boolean
$plaintext string The plaintext to sign
$signature string The signature that should be verified
$fingerprint string The fingerprint to identify the public key (RSA public key fingerprint)
return boolean TRUE if the signature is correct for the given plaintext and public key

Property Details

$keys protected_oe property

protected array $keys
return array

$keystorePathAndFilename protected_oe property

protected string $keystorePathAndFilename
return string

$openSSLConfiguration protected_oe property

The openSSL configuration
protected array $openSSLConfiguration
return array

$saveKeysOnShutdown protected_oe property

protected bool $saveKeysOnShutdown
return boolean