Skip to content

Instantly share code, notes, and snippets.

Avatar

Scott paragonie-scott

View GitHub Profile
@paragonie-scott
paragonie-scott / client.php
Last active Nov 18, 2017
Chronicle Test Client
View client.php
<?php
namespace ChronicleClient;
use GuzzleHttp\Client;
use ParagonIE\Chronicle\Chronicle;
use ParagonIE\ConstantTime\Base64UrlSafe;
use ParagonIE\Sapient\Adapter\Guzzle;
use ParagonIE\Sapient\CryptographyKeys\{
SigningPublicKey,
SigningSecretKey
@paragonie-scott
paragonie-scott / rsa-mult.php
Created May 24, 2017
RSA Encryption Homomorphism
View rsa-mult.php
<?php
/* Key generation */
$keypair = openssl_pkey_new([
"digest_alg" => "sha512",
"private_key_type" => OPENSSL_KEYTYPE_RSA,
'private_key_bits' => 1024
]);
$secret = null;
if (!openssl_pkey_export($keypair, $secret)) {
@paragonie-scott
paragonie-scott / autoload.php
Created May 14, 2017
defuse/php-encryption autoloader
View autoload.php
<?php
define('DEFUSE_CRYPTO_BASEDIR', __DIR__.'/src/');
/**
* PSR-4 compatible autoloader
*
*/
\spl_autoload_register(function ($class) {
// Project-specific namespace prefix
@paragonie-scott
paragonie-scott / jose-security.md
Last active Jun 12, 2020
Suggestions for a Secure JOSE Alternative (or Protocol Upgrade)
View jose-security.md

Changes to JOSE that will prevent insecurity

Deletions

JWS and JWE

Drop the alg header

Neither JOSE users nor JOSE library designers should be required to understand cryptography primitives. At a lower level, this can lead to badly implemented primitives. On a higher level, this can lead to reasoning by lego.

View gist:ea83edfb08af6505d77d1d4bb4e9261a
DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB22C583AB
@paragonie-scott
paragonie-scott / Trololol.php
Last active May 4, 2017
The Trolololol Design Pattern
View Trololol.php
<?php
declare(strict_types=1);
class Foo
{
/**
* Even if the code that calls isn't using strict_types, it will still TypeError
* if the wrong type is passed.
*/
public function bar($param, $secondParam)
@paragonie-scott
paragonie-scott / JWTKiller.php
Created Mar 14, 2017
PHP 7.2 Replacement for JWT
View JWTKiller.php
<?php
declare(strict_types=1);
use ParagonIE\ConstantTime\Base64UrlSafe;
class JWTKiller
{
public static function sign(string $message, Key $key): string
{
$mac = sodium_crypto_auth($message, $key->getRaw());
@paragonie-scott
paragonie-scott / auto-update.md
Last active Mar 7, 2017
PHP Auto Update Quick Start
View auto-update.md

This is a more "how" to the "what": https://paragonie.com/blog/2016/10/guide-automatic-security-updates-for-php-developers

HTTPS + Digital Signatures

This is a minimalistic secure auto update approach.

  1. Make an API call to a server to get the latest version information. This should be delivered over HTTPS, possibly with HPKP.
  2. If an update is available, the client software should download the update file.
  3. An Ed25519 signature should be available, either as a separate API call or as an HTTP header with the downloaded file.
  4. Verify that the signature is valid for one of the hard-coded Ed25519 public keys.
@paragonie-scott
paragonie-scott / sodium-compat-aes-gcm.php
Created Feb 11, 2017
Is libsodium's AES-256-GCM compatible with OpenSSL?
View sodium-compat-aes-gcm.php
<?php
$message = random_bytes(1024);
$key = random_bytes(32);
$nonce = random_bytes(12);
$tag = '';
$aad = random_bytes(random_int(1, 127));
$cipher = openssl_encrypt($message, 'aes-256-gcm', $key, OPENSSL_RAW_DATA, $nonce, $tag, $aad, 16);
@paragonie-scott
paragonie-scott / spotilocal.priv.pem
Created Jan 23, 2017 — forked from venoms/spotilocal.priv.pem
spotilocal.com private key
View spotilocal.priv.pem
Private-Key: (4096 bit)
modulus:
00:f0:71:c0:a3:bb:5f:cc:63:f9:55:33:ed:a3:d0:
78:ae:fc:ce:2e:f2:36:d1:e5:cb:64:d7:55:37:8b:
7b:a0:60:5e:31:c3:2a:b3:6e:1f:33:89:0a:ba:f5:
ab:48:0e:0d:f7:39:31:06:18:3d:66:d8:b9:0e:ba:
bb:08:46:78:3a:51:4b:61:d7:0a:9d:46:54:72:94:
71:b6:a7:82:58:5b:6d:96:11:ae:f7:d2:19:f2:b1:
20:e7:00:72:df:15:ac:1f:1e:1e:34:04:fc:0b:63:
b5:03:ff:47:34:27:c7:54:4e:ee:d7:c7:77:cd:1d: