承接 gtt/crypt-bundle 相关项目开发

从需求分析到上线部署,全程专人跟进,保证项目质量与交付效率

邮箱:yvsm@zunyunkeji.com | QQ:316430983 | 微信:yvsm316

gtt/crypt-bundle

Composer 安装命令:

composer require gtt/crypt-bundle

包简介

Provides symfony encryptor/decryptor services based on various cryptographic components

README 文档

README

Build Status Latest Stable Version Latest Unstable Version License

Provides a simple way to configure Symfony services for data encryption and decryption based on well-known encryption algorithms. With the help of this CryptBundle you can encrypt or decrypt your data as simple as operate with elementary EncryptorInterface or DecryptorInterface:

use Gtt\Bundle\CryptBundle\Encryption\EncryptorInterface;
use Gtt\Bundle\CryptBundle\Encryption\DecryptorInterface;

class MyMagicService
{    
    /**
     * Encryptor
     *
     * @var EncryptorInterface
     */
    protected $encryptor;
 
    /**
     * Decryptor
     *
     * @var DecryptorInterface
     */
    protected $decryptor;
    
    public function __construct(EncryptorInterface $encryptor, DecryptorInterface $decryptor)
    {
        $this->encryptor = $encryptor;
        $this->decryptor = $decryptor;
    }
    
    public function doSomeMagic()
    {
        $someStringData = "Crypt me!";
        $encrypted = $this->encryptor->encrypt($someStringData);
        $decrypted = $this->decryptor->decrypt($encrypted);
        
        return $someStringData == $decrypted;
    }
}

Implementations of EncryptorInterface or DecryptorInterface would be provided by CryptBundle. The choice of encryption algorithm is up to you - you can specify it in bundle config.

Requirements

Requires only PHP 5.6+ and symfony/framework-bundle.

Installation

Bundle should be installed via composer

composer require gtt/crypt-bundle

After that you need to register the bundle inside your application kernel.

Also you probably need to install specific crypto libraries such as

composer install zendframework/zend-crypt
composer install defuse/php-encryption

(You can add the libraries that you need. All of them are optional)

Encryption

Under the hood bundle provides bridges to well-known php components for encrypting data as implementations of encryptor and decryptor interfaces. This implementations are registered as a Symfony services that can be used by your code. See Usage section for details.

Configuration

Bundle configuration defines one or several cryptor-sections grouped by encryption-type (for now supported types are aes and rsa) and the name of the pair of encryptor and decryptor (aes_binary_cryptor, aes_log_cryptor and rsa_default_cryptor in example below). Each cryptor-section contains options for defining the pair of encryptor and decryptor of certain encryption type. Tou can turn on automatic encryption for database strings when using doctrine/dbal. You can see example that holds configs for 2 pairs of aes encryptor and decryptor and one pair of rsa encryptor and decryptor and uses rsa_default_cryptor for encrypting database values:

gtt_crypt:
    cryptors:
        aes:
            aes_binary_cryptor:
                key_size: 128
                key_path: "/tmp/keys/aes/first.key"
                binary_output: true
            aes_log_cryptor:
                key_size: 128
                key_path: "/tmp/keys/aes/second.key"
                binary_output: false
        rsa:
            rsa_default_cryptor:
                private_key: "/tmp/keys/rsa/priv.key"
                public_key: "/tmp/keys/rsa/pub.key"
                binary_output: false
                padding: 4
    doctrine:
        dbal:
            encrypted_string: rsa_default_cryptor

You can see reference of configuration options for supported encryption types:

RSA

  • private_key - path to RSA private key
  • pass_phrase - RSA private key passphrase
  • public_key - path to RSA public key
  • binary_output - should be result of encryption encoded with base64 algorithm or should be input string base64-decoded before decryption
  • padding - number of distinct practices which all include adding data to the message prior to encryption. Should be one of constants from list below: -- OPENSSL_PKCS1_PADDING -- OPENSSL_SSLV23_PADDING -- OPENSSL_NO_PADDING -- OPENSSL_PKCS1_OAEP_PADDING

AES

  • key_size - AES key size. Should be 128 for 1.x or 256 for 2.x version of defuse/php-encryption
  • key_path - path to AES private key. Can be generated by built in crypt:aes:generate-key command
  • binary_output - should be result of encryption encoded with base64 algorithm or should be input string base64-decoded before decryption

Usage

In order to use encryptos and decryptors in your code you have 3 availabilities:

Tag your service (recommended)

The prefered way to receive encryptor or decryptor in you service is to implement in the service's class very simple EncryptorAwareInterface or DecryptorAwareInterface. You can also use traits in most cases if you are too lazy: SingleDecryptorAwareTrait and SingleEncryptorAwareTrait. After that you should tag the service with gtt.crypt.encryptor.aware or gtt.crypt.decryptor.aware tag (depends on whether you want to get encryptor or decryptor) and specify cryptor name in tag attribute cryptor_name. For example if you use configuration such as in Configuration section the cryptor_name attribute value can be one of aes_binary_cryptor, aes_log_cryptor or rsa_default_cryptor. The setter injection (setters are defined in EncryptorAwareInterface/DecryptorAwareInterface interfaces) would be done by CryptorInjectorPass.

services:
    gtt_encryptor_holder:
        class: Your\Class\That\Wants\To\Receive\Encryptor
        tags:
            - { name: gtt.crypt.encryptor.aware, cryptor_name: "aes_binary_cryptor" }
    gtt_decryptor_holder:
        class: Your\Class\That\Wants\To\Receive\Decryptor
        tags:
            - { name: gtt.crypt.decryptor.aware, cryptor_name: "aes_binary_cryptor" }

Inject cryptors directly by service id

Each encryptor or decryptor configured by CryptBundle is a service with id constructed in accordance with the following pattern: gtt.crypt.encryptor.<name> for encryptors and gtt.crypt.decryptor.<name>, where holds corresponding cryptor name defined in bundle config. For example if you use configuration such as in Configuration section the value can be one of aes_binary_cryptor, aes_log_cryptor or rsa_default_cryptor. You can simply inject these services in DI-configs of your bundles.

Use cryptor registry

Crypt-bundle also registers CryptorRegistry service with id gtt.crypt.registry that collects all the encryptors and decryptors configured. You can use it to get cryptors by calling getEncryptor or getDecryptor methods with name of the encryptor or decryptor specified. For example if you use configuration such as in Configuration section the name can be one of aes_binary_cryptor, aes_log_cryptor or rsa_default_cryptor.

Encrypting database values

When database value encryption is enabled the encrypted_string dbal type is automatically registered. You can use this type inside doctrine entities or direct dbal queries.

use Gtt\Bundle\CryptBundle\Bridge\Doctrine\DBAL\Enum\TypeEnum;

$this->connection->executeQuery(
    'INSERT INTO something VALUES(:my_secret)',
    ['my_secret' => 'A very secret value'],
    ['my_secret' => TypeEnum::ENCRYPTED_STRING]
)

Supported encryption components

gtt/crypt-bundle 适用场景与选型建议

gtt/crypt-bundle 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 190 次下载、GitHub Stars 达 6, 最近一次更新时间为 2015 年 12 月 29 日, 在 PHP 生态内属于活跃度较高的组件。

我们在过去多个企业项目中使用过 gtt/crypt-bundle 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。

围绕 gtt/crypt-bundle 我们能提供哪些服务?
定制开发 / 二次开发

基于 gtt/crypt-bundle 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。

BUG 修复 & 性能优化

线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。

项目外包 & 长期维护

承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。

yvsm@zunyunkeji.com QQ:316430983 微信:yvsm316 西安尊云信息科技 · 专注 PHP / Go / 分布式系统研发

统计信息

  • 总下载量: 190
  • 月度下载量: 0
  • 日度下载量: 0
  • 收藏数: 6
  • 点击次数: 1
  • 依赖项目数: 0
  • 推荐数: 0

GitHub 信息

  • Stars: 6
  • Watchers: 6
  • Forks: 3
  • 开发语言: PHP

其他信息

  • 授权协议: MIT
  • 更新时间: 2015-12-29