public static deriveSignatureKeyPair ( |
||
$password | ||
$salt | string | |
$level | string | Security level for KDF |
리턴 |
public static function deriveSignatureKeyPair(HiddenString $password, string $salt, string $level = self::INTERACTIVE) : SignatureKeyPair
{
$kdfLimits = self::getSecurityLevels($level);
// VERSION 2+ (argon2)
if (Util::safeStrlen($salt) !== \Sodium\CRYPTO_PWHASH_SALTBYTES) {
throw new CryptoException\InvalidSalt('Expected ' . \Sodium\CRYPTO_PWHASH_SALTBYTES . ' bytes, got ' . Util::safeStrlen($salt));
}
// Digital signature keypair
$seed = \Sodium\crypto_pwhash(\Sodium\CRYPTO_SIGN_SEEDBYTES, $password->getString(), $salt, $kdfLimits[0], $kdfLimits[1]);
$keyPair = \Sodium\crypto_sign_seed_keypair($seed);
$secretKey = \Sodium\crypto_sign_secretkey($keyPair);
// Let's wipe our $kp variable
\Sodium\memzero($keyPair);
return new SignatureKeyPair(new SignatureSecretKey(new HiddenString($secretKey)));
}
public function testDeriveSigningKey() { $keypair = KeyFactory::deriveSignatureKeyPair('apple', "\t\n\v\f\r"); $sign_secret = $keypair->getSecretKey(); $sign_public = $keypair->getPublicKey(); $this->assertTrue($sign_secret instanceof ASecretKey); $this->assertTrue($sign_public instanceof APublicKey); // Can this be used? $message = 'This is a test message'; $signed = Asymmetric::sign($message, $sign_secret); $this->assertTrue(Asymmetric::verify($message, $sign_public, $signed)); $this->assertEquals($sign_public->getRawKeyMaterial(), ".À>¸t\fÿ³ŽêßþŒé9" . "7}ýî¤mÉKƒëT sOº"); }