PHP download

Download the PHP package komputerwiz/secure-token without Composer

On this page you can find all versions of the php package komputerwiz/secure-token. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.

Table of contents
Download komputerwiz/secure-token
More information about komputerwiz/secure-token
Files in komputerwiz/secure-token

Vendor komputerwiz
Package secure-token
Short Description Cryptographically secure encoded tokens
License Apache-2.0
Homepage https://github.com/komputerwiz/secure-token

Keywords security cryptography token

FAQ

After the download, you have to make one include require_once('vendor/autoload.php');. After that you have to import the classes with use statements.

Example:

If you use only one package a project is not needed. But if you use more then one package, without a project it is not possible to import the classes with use statements.

In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.

Some PHP packages are not free to download and because of that hosted in private repositories. In this case some credentials are needed to access such packages. Please use the auth.json textarea to insert credentials, if a package is coming from a private repository. You can look here for more information.

Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
To use Composer is sometimes complicated. Especially for beginners.
Composer needs much resources. Sometimes they are not available on a simple webspace.
If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.

Please rate this library. Is it a good library?

Example code of komputerwiz/secure-token

Informations about the package secure-token

SecureToken Library

Encrypt sensitive data and use the resulting ciphertext as a memento for your applications.

In circumstances of user import or generation, email verification, and/or lost credentials, it is commonplace to send an email with a temporary link to a page where the target user can reset his or her password. Sometimes the state (a generated nonce, request expiration, etc.) of such a transaction is stored on the user account in the server's database. This requires extra maintenance. Instead, the pertinent transaction information can be externalized in a token. If done incorrectly, intercepting and tampering with tokens could allow an attacker to gain unwanted access to an account. The solution presented by this library offers a cryptographically secure means of externalizing state in a token: data is encrypted to ensure confidentiality and then signed to ensure integrity.

Installation

Add the following to your composer.json:

require: {
    "komputerwiz/secure-token": "dev-master"
}

Usage

Available encryption methods are:

AES 256 in CBC mode with SHA-512 HMAC signature (Komputerwiz\Security\Token\SecureToken\Aes256CbcSha512SecureToken)
AES 256 in CBC mode with SHA-256 HMAC signature (Komputerwiz\Security\Token\SecureToken\Aes256CbcSha256SecureToken)

I will try to implement more as PHP cryptography improves (e.g. once AES 256 GCM is supported). Feel free to implement your own and submit a pull request, too!

Available Decorators:

Komputerwiz\Security\Token\SecureToken\ExpiringSecureToken - tokens become invalid (and trigger TokenExceptions on decode) after a set interval
Komputerwiz\Security\Token\SecureToken\TimestampedSecureToken - record a timestamp of when the token was issued. Retrieve this timestamp with the getTimestamp($token) instance method.

Implementing Your Own SecureToken

There are two ways to implement your own SecureToken encoder:

Implement Komputerwiz\Security\Token\SecureToken\SecureTokenInterface.

This way gives you the most freedom to do what you want, but it's up to you to guarantee security. This might be better for implementing a decorator that delegates to an existing SecureToken implementation.

Extend Komputerwiz\Security\Token\SecureToken\SecureToken

This way adheres to the well-known encrypt and sign paradigm. It takes care of generating an input vector and calling out to encrypt, decrypt, and sign methods that you implement yourself.

License

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

All versions of secure-token with dependencies

PHP Build Version

Package Version

Version 1.1.1 Release 29. Jan 2018
create-project require 0 people chose require and
0 people chose create-project.

Download

Download latest version of secure-token from vendor komputerwiz

Requires php Version >=5.3.2

Composer command for our command line client (download client) This client runs in each environment. You don't need a specific PHP version etc. The first 20 API calls are free. Standard composer command

The package komputerwiz/secure-token contains the following files

Loading the files please wait ....