Add test_encrypt and test_hash php files to the app just for completion.
This commit is contained in:
parent
f395e5ac6f
commit
296bda7f76
84
passman-dev/php/passman/test_encrypt.php
Normal file
84
passman-dev/php/passman/test_encrypt.php
Normal file
@ -0,0 +1,84 @@
|
||||
<?php
|
||||
// Simple example of encrypting/decrypting data using a password
|
||||
|
||||
function getPasswordHash_Bin($username, $password) {
|
||||
$salt = hash('sha256', $username, true); // Compute salt as the hash of the username (parameter 'true' computes hash in bin format, default is hex)
|
||||
$saltedPwd = $salt . $password; // Get a salted password by combining salt and password
|
||||
$hashedPwd = hash('sha256', $saltedPwd, true); // Hash the salted password using SHA-256
|
||||
// Return the password hash and the salt
|
||||
return [
|
||||
'hash' => $hashedPwd,
|
||||
'salt' => $salt
|
||||
];
|
||||
}
|
||||
|
||||
function deriveEncryptionKey($username, $password) {
|
||||
// Compute binary hash of salted-password (and salt) from username and password
|
||||
$pwdHash = getPasswordHash_Bin($username, $password);
|
||||
|
||||
// Derive a secure key using PBKDF2
|
||||
$iterations = 100000; // Number of iterations for PBKDF2
|
||||
$keyLength = 32; // Key length = 32 bytes for AES-256
|
||||
$key = hash_pbkdf2('sha256', $pwdHash['hash'], $pwdHash['salt'], $iterations, $keyLength, true); // Parameter 'true' computes hash_pbkdf2 in bin
|
||||
return $key;
|
||||
}
|
||||
|
||||
// Encrypt data using AES-256-GCM
|
||||
function encryptData($data, $key) {
|
||||
$nonce = random_bytes(12); // 12 bytes for AES-GCM nonce
|
||||
$cipher = "aes-256-gcm";
|
||||
|
||||
// Encrypt the data
|
||||
$ciphertext = openssl_encrypt($data, $cipher, $key, OPENSSL_RAW_DATA, $nonce, $tag);
|
||||
|
||||
//echo "nonce: " . bin2hex($nonce) . "<br>";;
|
||||
//echo "tag: " . bin2hex($tag) . "<br>";;
|
||||
|
||||
// Concatenate nonce, tag, and ciphertext for storage
|
||||
$result = $nonce . $tag . $ciphertext;
|
||||
return base64_encode($result); // Encode to make it suitable for storage or transmission
|
||||
}
|
||||
|
||||
// Decrypt data using AES-256-GCM, extracting nonce, tag, and ciphertext from the concatenated string
|
||||
function decryptData($encryptedData, $key) {
|
||||
$cipher = "aes-256-gcm";
|
||||
|
||||
// Decode the base64-encoded data
|
||||
$encryptedData = base64_decode($encryptedData);
|
||||
|
||||
// Extract nonce (12 bytes), tag (16 bytes), and ciphertext
|
||||
$nonce = substr($encryptedData, 0, 12);
|
||||
$tag = substr($encryptedData, 12, 16);
|
||||
$ciphertext = substr($encryptedData, 28);
|
||||
|
||||
// Decrypt the data
|
||||
$decryptedData = openssl_decrypt($ciphertext, $cipher, $key, OPENSSL_RAW_DATA, $nonce, $tag);
|
||||
|
||||
return $decryptedData;
|
||||
}
|
||||
|
||||
|
||||
// Example Usage
|
||||
$username = "user123";
|
||||
$password = "securepassword";
|
||||
$dataToEncrypt = "Sensitive Data";
|
||||
|
||||
// Derive a symmetric encryption/dec key by hashing the password (and username as the salt) using PBKDF2 algorithm
|
||||
$encryptionKey = deriveEncryptionKey($username, $password);
|
||||
|
||||
// Encrypt the data
|
||||
$encrypted = encryptData($dataToEncrypt, $encryptionKey);
|
||||
|
||||
// Decrypt the data
|
||||
$decrypted = decryptData($encrypted, $encryptionKey);
|
||||
|
||||
// Display results
|
||||
echo "Original Data: $dataToEncrypt<br>";
|
||||
//echo "Encryption Key (in bin): " . $encryptionKey . "<br>";
|
||||
//echo "Encryption Key (in hex): " . bin2hex($encryptionKey) . "<br>";
|
||||
echo "Encrypted Data (in base64): " . $encrypted . "<br>";
|
||||
//echo "Encrypted Data (in bin): " . base64_decode($encrypted) . "<br>";
|
||||
//echo "Encrypted Data (in hex): " . bin2hex(base64_decode($encrypted)) . "<br>";
|
||||
echo "Decrypted Data: $decrypted<br>";
|
||||
|
||||
?>
|
||||
46
passman-dev/php/passman/test_hash.php
Normal file
46
passman-dev/php/passman/test_hash.php
Normal file
@ -0,0 +1,46 @@
|
||||
<?php
|
||||
// Simple example of hashing password
|
||||
|
||||
$username = "user123";
|
||||
$password = "securepassword";
|
||||
|
||||
// Compute salt as the hash of the username
|
||||
$salt = hash('sha256', $username);
|
||||
|
||||
// Get a salted password by combining salt and password
|
||||
$saltedPwd = $salt . $password;
|
||||
|
||||
// Hash the salted password using SHA-256
|
||||
$hashedPwd = hash('sha256', $saltedPwd);
|
||||
|
||||
// Display variables
|
||||
echo "Username: $username<br>";
|
||||
echo "Password: $password<br>";
|
||||
|
||||
echo "Salt (computed as the username's hash): $salt<br>";
|
||||
echo "Salted password: $saltedPwd<br>";
|
||||
echo "Hash of salted password: $hashedPwd<br>";
|
||||
echo "<p>";
|
||||
|
||||
|
||||
// Same as above but using a function
|
||||
|
||||
function getPasswordHash_Hex($username, $password) {
|
||||
// Compute hash of salted-password (and salt) from username and password (in hex format)
|
||||
$salt = hash('sha256', $username); // Compute salt as the hash of the username
|
||||
$saltedPwd = $salt . $password; // Get a salted password by combining salt and password
|
||||
$hashedPwd = hash('sha256', $saltedPwd); // Hash the salted password using SHA-256
|
||||
// Return the password hash and the salt
|
||||
return [
|
||||
'hash' => $hashedPwd,
|
||||
'salt' => $salt
|
||||
];
|
||||
}
|
||||
|
||||
// Example usage of function getPasswordHash
|
||||
$getHasedPwd = getPasswordHash_Hex($username, $password);
|
||||
// Display results
|
||||
echo "Salt (in hex) computed using function getPasswordHash_Hex: " . $getHasedPwd['salt'] . "<br>";
|
||||
echo "Hash (in hex) computed using function getPasswordHash_Hex: " . $getHasedPwd['hash'] . "<br>";
|
||||
|
||||
?>
|
||||
Loading…
x
Reference in New Issue
Block a user