Comments (8)
What do you mean by "the hex file being loaded"? Can you share a code snippet and a random throw-away example key that reproduces the same issue?
Typically when we see this error, someone thought they could just bin2hex(random_bytes(32))
some random data and load it into Halite that way.
(In reality, you're supposed to generate them within Halite, which produces a key in the form of raw_key || checksum
before hex-encoding. This offers two advantages: It informs you when the key has been corrupted on disk, and it prevents people from easily using hash('sha256', $password, true)
as their encryption key.)
from halite.
Interesting. So if I already have a key pair, how do I encode them to be 'halite compatible'?
from halite.
Lines 769 to 778 in 7596d5c
from halite.
OK thank you.
from halite.
I made a small helper as below and exported the new file to disk but it now says it's invalid (must be CRYPTO_SIGN_PUBLICKEYBYTES long).
I'm trying to load exported file as follows
\ParagonIE\Halite\KeyFactory::loadSignaturePublicKey($path);
I have attached a sample public key output from the function.
What am I doing wrong?
/**
* Export a cryptography key file to halite compatibe file format (with a checksum)
*
* @param string $key_path
* @param string $dest_path
* @return HiddenString
*
* @throws CannotPerformOperation
* @throws InvalidType
* @throws \SodiumException
* @throws \TypeError
*/
public static function exportRawKey($key_path, $dest_path)
{
$rawKey = \file_get_contents($key_path);
if ($rawKey === false) {
// @codeCoverageIgnoreStart
throw new \ParagonIE\Halite\Alerts\CannotPerformOperation(
'Cannot load file: '. $key_path
);
// @codeCoverageIgnoreEnd
}
$key = new \ParagonIE\HiddenString\HiddenString(
\ParagonIE\ConstantTime\Hex::encode(
\ParagonIE\Halite\Halite::HALITE_VERSION_KEYS . $rawKey .
\sodium_crypto_generichash(
\ParagonIE\Halite\Halite::HALITE_VERSION_KEYS . $rawKey,
'',
\SODIUM_CRYPTO_GENERICHASH_BYTES_MAX
)
)
);
\file_put_contents($dest_path, $key->getString());
return $key;
}
from halite.
fst_rsa_halite.txt
You cannot use RSA keys with Halite. Please generate a new keypair within Halite and use that instead.
from halite.
OK thank you. I am not familiar with the key format generated by sodium.
Assuming I want to use base64 form, is it safe to save rawkey file and encode using sodium_bin2base64
?
However I noticed there's already a function to save/export in KeyFactory class
Also the documentation to generate a signature keypair references the SignatureKey
class instead of KeyFactory
.
from halite.
Yep, the documentation for KeyFactory
is available here: https://github.com/paragonie/halite/blob/master/doc/Classes/KeyFactory.md
from halite.
Related Issues (20)
- Invalid message authentication code HOT 1
- export/import string Asymmetric-Key Encryption keypair? HOT 3
- password protected secretKey? And: change password without changing publicKey? HOT 2
- Switch to ChaCha20 for symmetric encryption HOT 6
- What if you already have a RSA 2048 key and you want to use it instead of generating a new key? HOT 2
- Use EC brainpoolP256r1 key for encryption/decryption HOT 6
- Asymmetric authenticated file encryption/decryption HOT 3
- Create a different key pr environment HOT 3
- PHP 8.0 < 8.1 -- real slow due to XChaCha20 polyfill HOT 8
- halite for Python HOT 2
- php opcache.preload won't work because of conditional functions HOT 2
- Decrypting a file to output buffer fails HOT 1
- 'Expected hexadecimal character' exception from $cookie->fetch() after upgrade
- Is there a reason why the result of Symmetric::encrypt() always starts with 'MUIFA'? HOT 1
- Make use of PHP 8.2's #[\SensitiveParameter] to improve security
- Invalid message authentication code HOT 1
- invalid version tag when migrating from halite 4.8.0 to 5.1.0
- Uncaught PHP Exception RangeException: \"Expected hexadecimal character\ on symfony HOT 1
- Question: Can this library be used to decrypt Web Push Notifications from Mastodon?
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from halite.