High-level cryptography interface powered by libsodium
MPL-2.0 License
Bot releases are hidden (Show)
Published by paragonie-scott over 6 years ago
SignatureKeyPair
object into a birationallygetEncryptionKeyPair()
Published by paragonie-scott almost 7 years ago
Asymmetric::signAndEncrypt()
and Asymmetric::verifyAndDecrypt()
,substr
and strlen
inPublished by paragonie-scott almost 7 years ago
Added support for libsodium 1.0.15, which was previously broken in 4.0.x.
Passwords should be autoamtically migrated, but if keys were being generated via
KeyFactory::derive______Key()
(fill in the blank), you'll need to change your
usage of this API to get the same key as previously. Namely, you'll need to pass
the SODIUM_CRYPTO_PWHASH_ALG_ARGON2I13
constant to the fourth argument after the
password, salt, and security level.
$key = KeyFactory::deriveEncryptionKey(
new HiddenString('correct horse barry staple'),
- "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
+ "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f",
+ KeyFactory::INTERACTIVE,
+ SODIUM_CRYPTO_PWHASH_ALG_ARGON2I13
);
If you previously specified a security level, your diff might look like this:
$key = KeyFactory::deriveEncryptionKey(
new HiddenString('correct horse barry staple'),
"\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f",
- KeyFactory::SENSITIVE
+ KeyFactory::SENSITIVE,
+ SODIUM_CRYPTO_PWHASH_ALG_ARGON2I13
);
Published by paragonie-scott almost 7 years ago
This is mostly a boyscouting/documentation release. However, we now pass Psalm under the
strictest setting (totallyTyped = true
). This means that not only is our public interface
totally type-safe, but Halite's internals are as well.
Published by paragonie-scott about 7 years ago
Published by paragonie-scott about 7 years ago
Halite will attempt to use sodium_compat where ever it can. However, for best results, install version 1.0.6 of the libsodium extension from PECL.
The 1.x branch of Halite is the only version that still supports PHP 5. All future versions require PHP 7 or higher. Version 4 requires PHP 7.2.
Published by paragonie-scott about 7 years ago
encryptWithAd()
and decryptWithAd()
, for satisfying true AEAD needsPassword
class can also accept an optional,HiddenString
objects can now be directly compared
$hiddenString->equals($otherHiddenString)
Published by paragonie-scott about 7 years ago
Fixes #61, Halite now works with the new libsodium v2 API from PECL. It also still works on the old v1 API.
Published by paragonie-scott almost 8 years ago
HiddenString
defend against serialize()
leaks.File
API now supports different encodings for signatures andPublished by paragonie-scott almost 8 years ago
Published by paragonie-scott about 8 years ago
export()
method to KeyFactory
, and congruent import*()
export($key)
returns a HiddenString
with a versioned andimportEncryptionKey($hiddenString)
expects an EncryptionKey
TypeError
Published by paragonie-scott about 8 years ago
export()
method to KeyFactory
, and congruent import*()
export($key)
returns a string
with a versioned andimportEncryptionKey($string)
expects an EncryptionKey
TypeError
Published by paragonie-scott about 8 years ago
Workaround for Suhosin bug (see #39).
Published by paragonie-scott about 8 years ago
Workaround for Suhosin bug (see #39).
Published by paragonie-scott about 8 years ago
Version 3.0.0 is a breaking change in several ways:
HiddenString
object to hide it from stack traces in case an uncaught exception occurs.The minimum PHP version for Halite 3 remains PHP 7.0.
HiddenString
KeyFactory
no longer accepts a $legacy
argument.TrimmedMerkleTree
to Structures
.is_callable()
instead of function_exists()
for betterPublished by paragonie-scott over 8 years ago
No functional changes from 2.1.1, just cleaning our plate before switching gears to v3.
Published by paragonie-scott over 8 years ago
Prevent an undefined index error when calculating the root of an empty MerkleTree.
Published by paragonie-scott over 8 years ago
KeyFactory
) can now accept an extra argument toINTERACTIVE
or SENSITIVE
INTERACTIVE
, MODERATE
, or SENSITIVE
Password
can now accept a security level argument. We recommendINTERACTIVE
for end users, but if you'd rather makeMerkleTree
can now accept a personalization string for the hashMerkleTree
can output a specific hash length (between 16 and 64).MerkleTree
and Node
now lazily calculate the Merkle rootKey
classes. Now they only acceptPublished by paragonie-scott over 8 years ago
File::decrypt()
to fail in PHP-FPM.Util::safeStrcpy()
, to facilitate safe string duplication without triggering the optimizer.Published by paragonie-scott over 8 years ago
Halite::isLibsodiumSetupCorrectly()
to verify theKey
object toSymmetric\Crypto::encrypt()
expects an instance ofSymmetric\Crypto\EncryptionKey
.File
now uses a keyed BLAKE2b hash instead of HMAC-SHA256.Key->get()
was renamed to Key->getRawKeyMaterial()
Password
now has a needsRehash()
method which will return true
Util
now has several new methods for generating BLAKE2b hashes:
hash()
keyed_hash()
raw_hash()
raw_keyed_hash()
Contract