PASERK Wrapper for AWS KMS
Integrates PASERK with AWS KMS for key-wrapping. Requires PHP 8.1 or newer.
This repository is an extension of PASERK for PHP.
PASERK Specification
The PASERK Specification can be found in this repository.
Installing
composer require paragonie/paserk-aws-kms
Usage
Initialization
You will need a KmsClient
object and
a PASETO protocol version object.
<?php
use Aws\Kms\KmsClient;
use ParagonIE\Paseto\ProtocolInterface;
use ParagonIE\Paserk\Operations\Wrap\AwsKms;
/**
* @var KmsClient $kmsClient
* @var ProtocolInterface $pasetoProtocol
*/
$awsKmsWrapper = new AwsKms($kmsClient, $pasetoProtocol);
If you'd like to specify custom Encryption Context:
$awsKmsWrapper->setEncryptionContex([
'department' => '10103.0'
]);
You can then pass the AwsKms
object to the constructor of the PASERK Wrap
Operation class.
/**
* @var AwsKms $awsKmsWrapper
*/
$wrapper = new \ParagonIE\Paserk\Operations\Wrap($awsKmsWrapper);
See the paserk-php documentation for further details.