For a project, I needed to make sure that a particular piece of data actually came from a specific source. There are already many packages that allow you to do this, but most are not fun or easy to use. That's why we created a new package called
spatie/crypto to do this.
Using this package, it's easy to generate a private and public key.
[$privateKey, $publicKey] = (new Spatie\Crypto\RsaKeyPair())->generate();
When passing paths, the generated keys will be passed to those paths.
(new KeyPair())->generate($pathToPrivateKey, $pathToPublicKey);
Using a private key, you can sign a message.
$privateKey = Spatie\Crypto\Rsa\PrivateKey::fromFile($pathToPrivateKey); $signature = $privateKey->sign('my message'); // returns a string
The public key can use the signature to determine that the message was not tampered with.
$publicKey = Spatie\Crypto\Rsa\PublicKey::fromFile($pathToPublicKey); $publicKey->verify('my message', $signature) // returns true; $publicKey->verify('my modified message', $signature) // returns false; $publicKey->verify('my message', 'invalid signature') // returns false;
This package aims to be very lightweight and easy to use. If you need more features, consider using of one these alternatives:
A word on the usage of RSA
At the time of writing, RSA is secure enough for the use case we've built this package for.
To know more about why RSA might not be good enough for you, read this post on public-key encryption at Paragonie.com
Spatie/crypt can also encrypt and decrypt messages. To learn more, head over to the readme of spatie/crypto on GitHub.