DefuseCryptoKeyProtectedByPassword

The WooCommerce Germanized Defuse Crypto KeyProtectedByPassword class.

Defined (1)

The class is defined in the following location(s).

/includes/gateways/direct-debit/libraries/php-encryption/KeyProtectedByPassword.php  
  1. final class KeyProtectedByPassword 
  2. const PASSWORD_KEY_CURRENT_VERSION = "\xDE\xF1\x00\x00"; 
  3.  
  4. private $encrypted_key = null; 
  5.  
  6. /** 
  7. * Creates a random key protected by the provided password. 
  8. * @param string $password 
  9. * @throws Defuse\Crypto\Exception\EnvironmentIsBrokenException 
  10. * @return KeyProtectedByPassword 
  11. */ 
  12. public static function createRandomPasswordProtectedKey($password) 
  13. $inner_key = Key::createNewRandomKey(); 
  14. /** The password is hashed as a form of poor-man's domain separation 
  15. * between this use of encryptWithPassword() and other uses of 
  16. * encryptWithPassword() that the user may also be using as part of the 
  17. * same protocol. */ 
  18. $encrypted_key = Crypto::encryptWithPassword( 
  19. $inner_key->saveToAsciiSafeString(),  
  20. \hash(Core::HASH_FUNCTION_NAME, $password, true),  
  21. true 
  22. ); 
  23.  
  24. return new KeyProtectedByPassword($encrypted_key); 
  25.  
  26. /** 
  27. * Loads a KeyProtectedByPassword from its encoded form. 
  28. * @param string $saved_key_string 
  29. * @throws Defuse\Crypto\Exception\BadFormatException 
  30. * @return KeyProtectedByPassword 
  31. */ 
  32. public static function loadFromAsciiSafeString($saved_key_string) 
  33. $encrypted_key = Encoding::loadBytesFromChecksummedAsciiSafeString( 
  34. self::PASSWORD_KEY_CURRENT_VERSION,  
  35. $saved_key_string 
  36. ); 
  37. return new KeyProtectedByPassword($encrypted_key); 
  38.  
  39. /** 
  40. * Encodes the KeyProtectedByPassword into a string of printable ASCII 
  41. * characters. 
  42. * @throws Defuse\Crypto\Exception\EnvironmentIsBrokenException 
  43. * @return string 
  44. */ 
  45. public function saveToAsciiSafeString() 
  46. return Encoding::saveBytesToChecksummedAsciiSafeString( 
  47. self::PASSWORD_KEY_CURRENT_VERSION,  
  48. $this->encrypted_key 
  49. ); 
  50.  
  51. /** 
  52. * Decrypts the protected key, returning an unprotected Key object that can 
  53. * be used for encryption and decryption. 
  54. * @throws Defuse\Crypto\Exception\EnvironmentIsBrokenException 
  55. * @throws Defuse\Crypto\Exception\WrongKeyOrModifiedCiphertextException 
  56. * @return Key 
  57. */ 
  58. public function unlockKey($password) 
  59. try { 
  60. $inner_key_encoded = Crypto::decryptWithPassword( 
  61. $this->encrypted_key,  
  62. \hash(Core::HASH_FUNCTION_NAME, $password, true),  
  63. true 
  64. ); 
  65. return Key::loadFromAsciiSafeString($inner_key_encoded); 
  66. } catch (Ex\BadFormatException $ex) { 
  67. /** This should never happen unless an attacker replaced the 
  68. * encrypted key ciphertext with some other ciphertext that was 
  69. * encrypted with the same password. We transform the exception type 
  70. * here in order to make the API simpler, avoiding the need to 
  71. * document that this method might throw an Ex\BadFormatException. */ 
  72. throw new Ex\WrongKeyOrModifiedCiphertextException( 
  73. "The decrypted key was found to be in an invalid format. " . 
  74. "This very likely indicates it was modified by an attacker." 
  75. ); 
  76.  
  77. /** 
  78. * Constructor for KeyProtectedByPassword. 
  79. * @param string $encrypted_key 
  80. */ 
  81. private function __construct($encrypted_key) 
  82. $this->encrypted_key = $encrypted_key;