/paserk-php-wrap-aws-kms

AWS KMS Local and Secret Key Wrapping for PASERK

Primary LanguagePHPOtherNOASSERTION

PASERK Wrapper for AWS KMS

Build Status Latest Stable Version Latest Unstable Version License Downloads

Integrates PASERK with AWS KMS for key-wrapping. Requires PHP 8.1 or newer.

This repository is an extension of PASERK for PHP.

PASERK Specification

The PASERK Specification can be found in this repository.

Installing

composer require paragonie/paserk-aws-kms

Usage

Initialization

You will need a KmsClient object and a PASETO protocol version object.

<?php
use Aws\Kms\KmsClient;
use ParagonIE\Paseto\ProtocolInterface;
use ParagonIE\Paserk\Operations\Wrap\AwsKms;

/** 
 * @var KmsClient $kmsClient
 * @var ProtocolInterface $pasetoProtocol
 */

$awsKmsWrapper = new AwsKms($kmsClient, $pasetoProtocol);

If you'd like to specify custom Encryption Context:

$awsKmsWrapper->setEncryptionContex([
    'department' => '10103.0'
]);

You can then pass the AwsKms object to the constructor of the PASERK Wrap Operation class.

/**
 * @var AwsKms $awsKmsWrapper
 */ 
$wrapper = new \ParagonIE\Paserk\Operations\Wrap($awsKmsWrapper);

See the paserk-php documentation for further details.