PHP-EXT-SQRL
This is an implementation of parts of the (as yet incomplete) Secure QR Login Specification implemented in C as a PHP extension. Specifically the ed25519 signature verification function.
This is much faster than it's pure PHP counterpart... Passes all 1024 ed25519.cr.yp.to tests in 0.35 seconds total on an old Core 2 machine.
Features
- Generate Secret Key (bad rng, not for production work)
- Derive Public Key from Secret Key
- Sign Message
- Verify Message Signature
- Encode/Decode base64url
Installation Requirements
- Linux build environment (autotools, etc)
- php5
- php5-dev
Installation
- Download, configure, and make:
git clone https://github.com/ramriot/php-ext-sqrl.git
cd php-ext-sqrl
phpize && ./configure && make
- Run Tests:
make test
- Install:
sudo make install
- Enable the sqrl extension in php.ini:
extension=sqrl.so
Documentation
- Encode / Decode base64url
$encoded = sqrl_encode( $plain );
$decoded = sqrl_decode( $encoded );
$decoded == plain // true
- Verify Signature
$result = sqrl_verify( $message, $signature, $pk );
// $message = plain text of signed message
// $signature = base64url-encoded signature
// $pk = base64url-encoded Public Key
Acknowledgments
- crypto code is from ed25519-donna.
- github user Novartors for providing the root of this fork
License
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.