CryptoRegistry
extends AutoService
in package
The CryptoRegistry tracks a list of available keys and cipher suites:
- A registered cipher suite is an instance of CipherSuiteInterface that provides a list of encryption options ("aes-cbc", "aes-ctr", etc) and an implementation for them.
- A registered key is an array that indicates a set of cryptographic options:
- key: string, binary representation of the key
- suite: string, e.g. "aes-cbc" or "aes-cbc-hs"
- id: string, unique (non-sensitive) ID. Usually a fingerprint.
- tags: string[], list of symbolic names/use-cases that may call upon this key
- weight: int, when choosing a key for encryption, two similar keys will be be differentiated by weight. (Low values chosen before high values.)
Tags
Table of Contents
Constants
- DEFAULT_KDF = 'hkdf-sha256'
- DEFAULT_SUITE = 'aes-cbc'
- LAST_WEIGHT = 32768
Properties
- $cipherSuites : mixed
- $kdfs : array<string|int, mixed>
- List of key-derivation functions. Used when loading keys.
- $keys : array<string|int, array<string|int, mixed>>
- List of available keys.
Methods
- __construct() : mixed
- addCipherSuite() : mixed
- addPlainText() : array<string|int, mixed>
- Enable plain-text encoding.
- addSymmetricKey() : array<string|int, mixed>
- createDefaultRegistry() : CryptoRegistry
- Initialize a default instance of the registry.
- findKey() : array<string|int, mixed>
- Locate a key in the list of available keys.
- findKeysByTag() : array<string|int, mixed>
- Find all the keys that apply to a tag.
- findSuite() : CipherSuiteInterface
- getKeys() : mixed
- isValidKeyId() : bool
- Determine if a key ID is well-formed.
- parseKey() : array<string|int, mixed>
Constants
DEFAULT_KDF
public
mixed
DEFAULT_KDF
= 'hkdf-sha256'
DEFAULT_SUITE
public
mixed
DEFAULT_SUITE
= 'aes-cbc'
LAST_WEIGHT
public
mixed
LAST_WEIGHT
= 32768
Properties
$cipherSuites
protected
mixed
$cipherSuites
= []
$kdfs
List of key-derivation functions. Used when loading keys.
protected
array<string|int, mixed>
$kdfs
= []
$keys
List of available keys.
protected
array<string|int, array<string|int, mixed>>
$keys
= []
Methods
__construct()
public
__construct() : mixed
addCipherSuite()
public
addCipherSuite(CipherSuiteInterface $cipherSuite[, array<string|int, string>|null $names = NULL ]) : mixed
Parameters
- $cipherSuite : CipherSuiteInterface
-
The encryption/decryption callback/handler
- $names : array<string|int, string>|null = NULL
-
Symbolic names. Ex: 'aes-cbc' If NULL, probe $cipherSuite->getNames()
addPlainText()
Enable plain-text encoding.
public
addPlainText(array<string|int, mixed> $options) : array<string|int, mixed>
Parameters
- $options : array<string|int, mixed>
-
Array with options:
- tags: string[]
Return values
array<string|int, mixed>addSymmetricKey()
public
addSymmetricKey(string|array<string|int, mixed> $options) : array<string|int, mixed>
Parameters
- $options : string|array<string|int, mixed>
-
Additional options:
- key: string, a representation of the key as binary
- suite: string, ex: 'aes-cbc'
- tags: string[]
- weight: int, default 0
- id: string, a unique identifier for this key. (default: fingerprint the key+suite)
Tags
Return values
array<string|int, mixed> —The full key record. (Same format as $options)
createDefaultRegistry()
Initialize a default instance of the registry.
public
static createDefaultRegistry() : CryptoRegistry
Tags
Return values
CryptoRegistryfindKey()
Locate a key in the list of available keys.
public
findKey(string|array<string|int, string> $keyIds) : array<string|int, mixed>
Parameters
- $keyIds : string|array<string|int, string>
-
List of IDs or tags. The first match in the list is returned. If multiple keys match the same tag, then the one with lowest 'weight' is returned.
Tags
Return values
array<string|int, mixed>findKeysByTag()
Find all the keys that apply to a tag.
public
findKeysByTag(string|array<string|int, string> $keyTag) : array<string|int, mixed>
Parameters
- $keyTag : string|array<string|int, string>
Return values
array<string|int, mixed> —List of keys, indexed by id, ordered by weight.
findSuite()
public
findSuite(string $name) : CipherSuiteInterface
Parameters
- $name : string
Tags
Return values
CipherSuiteInterfacegetKeys()
public
getKeys() : mixed
isValidKeyId()
Determine if a key ID is well-formed.
public
isValidKeyId(string $id) : bool
Parameters
- $id : string
Return values
boolparseKey()
public
parseKey(string $keyExpr) : array<string|int, mixed>
Parameters
- $keyExpr : string
-
String in the form "
: : ". 'aes-cbc:b64:cGxlYXNlIHVzZSAzMiBieXRlcyBmb3IgYWVzLTI1NiE=' 'aes-cbc:hkdf-sha256:ABCD1234ABCD1234ABCD1234ABCD1234' '::ABCD1234ABCD1234ABCD1234ABCD1234'
Tags
Return values
array<string|int, mixed> —Properties:
- key: string, binary representation
- suite: string, ex: 'aes-cbc'