Comments (8)
paragonie-security
commented on June 3, 2024
What do you mean by "the hex file being loaded"? Can you share a code snippet and a random throw-away example key that reproduces the same issue?
Typically when we see this error, someone thought they could just bin2hex(random_bytes(32)) some random data and load it into Halite that way.
(In reality, you're supposed to generate them within Halite, which produces a key in the form of raw_key || checksum before hex-encoding. This offers two advantages: It informs you when the key has been corrupted on disk, and it prevents people from easily using hash('sha256', $password, true) as their encryption key.)
from halite.
xwiz
commented on June 3, 2024
Interesting. So if I already have a key pair, how do I encode them to be 'halite compatible'?
from halite.
paragonie-security
commented on June 3, 2024
Lines 769 to 778 in 7596d5c
from halite.
xwiz
commented on June 3, 2024
OK thank you.
from halite.
xwiz
commented on June 3, 2024
I made a small helper as below and exported the new file to disk but it now says it's invalid (must be CRYPTO_SIGN_PUBLICKEYBYTES long).
I'm trying to load exported file as follows
\ParagonIE\Halite\KeyFactory::loadSignaturePublicKey($path);
I have attached a sample public key output from the function.
What am I doing wrong?
/**
* Export a cryptography key file to halite compatibe file format (with a checksum)
*
* @param string $key_path
* @param string $dest_path
* @return HiddenString
*
* @throws CannotPerformOperation
* @throws InvalidType
* @throws \SodiumException
* @throws \TypeError
*/
public static function exportRawKey($key_path, $dest_path)
{
$rawKey = \file_get_contents($key_path);
if ($rawKey === false) {
// @codeCoverageIgnoreStart
throw new \ParagonIE\Halite\Alerts\CannotPerformOperation(
'Cannot load file: '. $key_path
);
// @codeCoverageIgnoreEnd
}
$key = new \ParagonIE\HiddenString\HiddenString(
\ParagonIE\ConstantTime\Hex::encode(
\ParagonIE\Halite\Halite::HALITE_VERSION_KEYS . $rawKey .
\sodium_crypto_generichash(
\ParagonIE\Halite\Halite::HALITE_VERSION_KEYS . $rawKey,
'',
\SODIUM_CRYPTO_GENERICHASH_BYTES_MAX
)
)
);
\file_put_contents($dest_path, $key->getString());
return $key;
}
from halite.
paragonie-security
commented on June 3, 2024
fst_rsa_halite.txt
You cannot use RSA keys with Halite. Please generate a new keypair within Halite and use that instead.
from halite.
xwiz
commented on June 3, 2024
OK thank you. I am not familiar with the key format generated by sodium.
Assuming I want to use base64 form, is it safe to save rawkey file and encode using sodium_bin2base64?
However I noticed there's already a function to save/export in KeyFactory class
Also the documentation to generate a signature keypair references the SignatureKey class instead of KeyFactory.
from halite.
paragonie-security
commented on June 3, 2024
Yep, the documentation for KeyFactory is available here: https://github.com/paragonie/halite/blob/master/doc/Classes/KeyFactory.md
from halite.
Related Issues (20)
- Invalid message authentication code HOT 1
- export/import string Asymmetric-Key Encryption keypair? HOT 3
- password protected secretKey? And: change password without changing publicKey? HOT 2
- Switch to ChaCha20 for symmetric encryption HOT 6
- What if you already have a RSA 2048 key and you want to use it instead of generating a new key? HOT 2
- Use EC brainpoolP256r1 key for encryption/decryption HOT 6
- Asymmetric authenticated file encryption/decryption HOT 3
- Create a different key pr environment HOT 3
- PHP 8.0 < 8.1 -- real slow due to XChaCha20 polyfill HOT 8
- halite for Python HOT 2
- php opcache.preload won't work because of conditional functions HOT 2
- Decrypting a file to output buffer fails HOT 1
- 'Expected hexadecimal character' exception from $cookie->fetch() after upgrade
- Is there a reason why the result of Symmetric::encrypt() always starts with 'MUIFA'? HOT 1
- Make use of PHP 8.2's #[\SensitiveParameter] to improve security
- Invalid message authentication code HOT 1
- invalid version tag when migrating from halite 4.8.0 to 5.1.0
- Uncaught PHP Exception RangeException: \"Expected hexadecimal character\ on symfony HOT 1
- Question: Can this library be used to decrypt Web Push Notifications from Mastodon?
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from halite.