View sidh-seal.md

As far as I know, none of the existing post-quantum cryptography candidates offer a viable replacement for libsodium's crypto_box_seal() functionality. That is: Anonymous public-key encryption.

An example for where this would be useful is encrypting credit card numbers in a database, but only being able to decrypt them with a key that is kept offline.

An attractive solution would be to use SIDH in place of ECDH, building a similar protocol (i.e. ECDH with one ephemeral keypair and one static keypair, then an authenticated cipher). However, as noted in this paper by Galbraith, et al., an active attack against SIDH with static keys is possible.

View client.php
<?php
namespace ChronicleClient;
use GuzzleHttp\Client;
use ParagonIE\Chronicle\Chronicle;
use ParagonIE\ConstantTime\Base64UrlSafe;
use ParagonIE\Sapient\Adapter\Guzzle;
use ParagonIE\Sapient\CryptographyKeys\{
SigningPublicKey,
SigningSecretKey
View rsa-mult.php
<?php
/* Key generation */
$keypair = openssl_pkey_new([
"digest_alg" => "sha512",
"private_key_type" => OPENSSL_KEYTYPE_RSA,
'private_key_bits' => 1024
]);
$secret = null;
if (!openssl_pkey_export($keypair, $secret)) {
View autoload.php
<?php
define('DEFUSE_CRYPTO_BASEDIR', __DIR__.'/src/');
/**
* PSR-4 compatible autoloader
*
*/
\spl_autoload_register(function ($class) {
// Project-specific namespace prefix
View jose-security.md

Changes to JOSE that will prevent insecurity

Deletions

JWS and JWE

Drop the alg header

Neither JOSE users nor JOSE library designers should be required to understand cryptography primitives. At a lower level, this can lead to badly implemented primitives. On a higher level, this can lead to reasoning by lego.

View gist:ea83edfb08af6505d77d1d4bb4e9261a
DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB22C583AB
View Trololol.php
<?php
declare(strict_types=1);
class Foo
{
/**
* Even if the code that calls isn't using strict_types, it will still TypeError
* if the wrong type is passed.
*/
public function bar($param, $secondParam)
View JWTKiller.php
<?php
declare(strict_types=1);
use ParagonIE\ConstantTime\Base64UrlSafe;
class JWTKiller
{
public static function sign(string $message, Key $key): string
{
$mac = sodium_crypto_auth($message, $key->getRaw());
View auto-update.md

This is a more "how" to the "what": https://paragonie.com/blog/2016/10/guide-automatic-security-updates-for-php-developers

HTTPS + Digital Signatures

This is a minimalistic secure auto update approach.

  1. Make an API call to a server to get the latest version information. This should be delivered over HTTPS, possibly with HPKP.
  2. If an update is available, the client software should download the update file.
  3. An Ed25519 signature should be available, either as a separate API call or as an HTTP header with the downloaded file.
  4. Verify that the signature is valid for one of the hard-coded Ed25519 public keys.
View sodium-compat-aes-gcm.php
<?php
$message = random_bytes(1024);
$key = random_bytes(32);
$nonce = random_bytes(12);
$tag = '';
$aad = random_bytes(random_int(1, 127));
$cipher = openssl_encrypt($message, 'aes-256-gcm', $key, OPENSSL_RAW_DATA, $nonce, $tag, $aad, 16);