PHP implementation of RFC8188 to encrypt HTTP messages.
Note: RFC8188 relies heavily on base64 URL encoding.
require_once "vendor/autoload.php";
use Base64Url\Base64Url as b64;
$message = "I am the walrus";
$encoded = RFC8188::rfc8188_encode(
$message, // plaintext
b64::decode("yqdlZ-tYemfogSmv7Ws5PQ"), // encryption key
null, // key ID
123 // record size.
);
$decoded = RFC8188::rfc8188_decode(
$encoded, // data to decode
function($keyid) { return b64::decode('yqdlZ-tYemfogSmv7Ws5PQ'); }
);
$this->assertEquals($message, $decoded);In this example we use a simple incovable class to provide key lookup. This may be more useful in complex framework integrations such as providing middleware that looks up keys from a database. This sample does not cover service injection to the key lookup class.
use DevJack\EncryptedContentEncoding\RFC8188;
use DevJack\EncryptedContentEncoding\Exception\EncryptionKeyNotFound;
use Base64Url\Base64Url as b64;
class MockKeyLookupProvider {
protected $keys = [];
public function addKey($key, $keyid='') {
$this->keys[$keyid] = $key;
}
public function __invoke($keyid) {
if (in_array($keyid, array_keys($this->keys))) {
return $this->keys[$keyid];
}
throw new EncryptionKeyNotFound("Encryption key not found.");
}
}
$encoded = b64::decode("uNCkWiNYzKTnBN9ji3-qWAAAABkCYTHOG8chz_gnvgOqdGYovxyjuqRyJFjEDyoF1Fvkj6hQPdPHI51OEUKEpgz3SsLWIqS_uA");
$keyProvider = new MockKeyLookupProvider();
$keyProvider->addKey(b64::decode("BO3ZVPxUlnLORbVGMpbT1Q"), 'a1');
$decoded = RFC8188::rfc8188_decode(
$encoded, // data to decode
$keyProvider
);Available via composer.
composer require devjack/encrypted-content-encoding
Additionally, install a polyfill for random_bytes such as:
composer require paragonie/random_compat