Flourish PHP Unframework

fCryptography

static class, v1.0.0b14

Provides cryptography functionality, including hashing, symmetric-key encryption and public-key encryption

Changes:
1.0.0b14Added the base36, base56 and custom types to randomString() 8/25/11
1.0.0b13Updated documentation about symmetric-key encryption to explicitly state block and key sizes, added base64 type to randomString() 11/6/10
1.0.0b12Fixed an inline comment that incorrectly references AES-256 11/4/10
1.0.0b11Updated class to use fCore::startErrorCapture() instead of error_reporting() 8/9/10
1.0.0b10Added a missing parameter to an fProgrammerException in randomString() 7/29/10
1.0.0b9Added hashHMAC() 4/20/10
1.0.0b8Fixed seedRandom() to pass a directory instead of a file to disk_free_space() 3/9/10
1.0.0b7SECURITY FIX: fixed issue with random() and randomString() not producing random output on OSX, made seedRandom() more robust 10/6/09
1.0.0b6Changed symmetricKeyEncrypt() to throw an fValidationException when the $secret_key is less than 8 characters 9/30/09
1.0.0b5Fixed a bug where some windows machines would throw an exception when generating random strings or numbers 6/9/09
1.0.0b4Updated for new fCore API 2/16/09
1.0.0b3Changed @ error suppression operator to error_reporting() calls 1/26/09
1.0.0b2Backwards compatibility break - changed symmetricKeyEncrypt() to not encrypt the IV since we are using HMAC on it 1/26/09
1.0.0bThe initial implementation 11/27/07

Static Methods

::checkPasswordHash() public

Checks a password against a hash created with hashPassword()

Signature

boolean checkPasswordHash( string $password, string $hash )

Parameters

string $password The password to check
string $hash The hash to check against

Returns

If the password matches the hash

::hashHMAC() internal public

Please note: this method is public, however it is primarily intended for internal use by Flourish and will normally not be useful in site/application code

Provides a pure PHP implementation of hash_hmac() for when the hash extension is not installed

Signature

string hashHMAC( string $algorithm, string $data, string $key )

Parameters

string $algorithm The hashing algorithm to use: 'md5' or 'sha1'
string $data The data to create an HMAC for
string $key The key to generate the HMAC with

Returns

The HMAC

::hashPassword() public

Hashes a password using a loop of sha1 hashes and a salt, making rainbow table attacks infeasible

Signature

string hashPassword( string $password )

Parameters

string $password The password to hash

Returns

An 80 character string of the Flourish fingerprint, salt and hashed password

::publicKeyDecrypt() public

Decrypts ciphertext encrypted using public-key encryption via publicKeyEncrypt()

A public key (X.509 certificate) is required for encryption and a private key (PEM) is required for decryption.

Signature

string publicKeyDecrypt( string $ciphertext, string $private_key_file, string $password )

Parameters

string $ciphertext The content to be decrypted
string $private_key_file The path to a PEM-encoded private key
string $password The password for the private key

Returns

The decrypted plaintext

Throws

fValidationException
When the ciphertext appears to be corrupted

::publicKeyEncrypt() public

Encrypts the passed data using public key encryption via OpenSSL

A public key (X.509 certificate) is required for encryption and a private key (PEM) is required for decryption.

Signature

string publicKeyEncrypt( string $plaintext, string $public_key_file )

Parameters

string $plaintext The content to be encrypted
string $public_key_file The path to an X.509 public key certificate

Returns

A base-64 encoded result containing a Flourish fingerprint and suitable for decryption using publicKeyDecrypt()

::publicKeySign() public

Creates a signature for plaintext to allow verification of the creator

A private key (PEM) is required for signing and a public key (X.509 certificate) is required for verification.

Signature

string publicKeySign( string $plaintext, string $private_key_file, string $password )

Parameters

string $plaintext The content to be signed
string $private_key_file The path to a PEM-encoded private key
string $password The password for the private key

Returns

The base64-encoded signature suitable for verification using publicKeyVerify()

Throws

fValidationException
When the private key is invalid

::publicKeyVerify() public

Checks a signature for plaintext to verify the creator - works with publicKeySign()

A private key (PEM) is required for signing and a public key (X.509 certificate) is required for verification.

Signature

boolean publicKeyVerify( string $plaintext, string $signature, string $public_key_file )

Parameters

string $plaintext The content to check
string $signature The base64-encoded signature for the plaintext
string $public_key_file The path to an X.509 public key certificate

Returns

If the public key file is the public key of the user who signed the plaintext

::random() public

Generates a random number using mt_rand() after ensuring a good PRNG seed

Signature

integer random( integer $min=NULL, integer $max=NULL )

Parameters

integer $min The minimum number to return
integer $max The maximum number to return

Returns

The psuedo-random number

::randomString() public

Returns a random string of the type and length specified

Signature

string randomString( integer $length, string $type='alphanumeric' )

Parameters

integer $length The length of string to return
string $type The type of string to return: 'base64', 'base56', 'base36', 'alphanumeric', 'alpha', 'numeric', or 'hexadecimal', if a different string is provided, it will be used for the alphabet

Returns

A random string of the type and length specified

::symmetricKeyDecrypt() public

Decrypts ciphertext encrypted using symmetric-key encryption via symmetricKeyEncrypt()

Since this is symmetric-key cryptography, the same key is used for encryption and decryption.

Signature

string symmetricKeyDecrypt( string $ciphertext, string $secret_key )

Parameters

string $ciphertext The content to be decrypted
string $secret_key The secret key to use for decryption

Returns

The decrypted plaintext

Throws

fValidationException
When the ciphertext appears to be corrupted

::symmetricKeyEncrypt() public

Encrypts the passed data using symmetric-key encryption

Since this is symmetric-key cryptography, the same key is used for encryption and decryption.

Signature

string symmetricKeyEncrypt( string $plaintext, string $secret_key )

Parameters

string $plaintext The content to be encrypted
string $secret_key The secret key to use for encryption - must be at least 8 characters

Returns

An encrypted and base-64 encoded result containing a Flourish fingerprint and suitable for decryption using symmetricKeyDecrypt()

Throws

fValidationException
When the $secret_key is less than 8 characters long