Download the PHP package uwdoem/secure-upload without Composer

On this page you can find all versions of the php package uwdoem/secure-upload. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.

FAQ

After the download, you have to make one include require_once('vendor/autoload.php');. After that you have to import the classes with use statements.

Example:
If you use only one package a project is not needed. But if you use more then one package, without a project it is not possible to import the classes with use statements.

In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
Some PHP packages are not free to download and because of that hosted in private repositories. In this case some credentials are needed to access such packages. Please use the auth.json textarea to insert credentials, if a package is coming from a private repository. You can look here for more information.

  • Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
  • To use Composer is sometimes complicated. Especially for beginners.
  • Composer needs much resources. Sometimes they are not available on a simple webspace.
  • If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
  • Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Please rate this library. Is it a good library?

Example code of uwdoem/secure-upload

Informations about the package secure-upload

Build Status

Secure-Upload

This library is intended to help protect the contents of uploaded documents against an attacker who might gain file-system read-access to a PHP web application.

Using this library involves three main components:

  1. A public/private key pair.
  2. A web server for receiving uploaded documents. Uploaded documents are encrypted using the public key immediately upon upload, and then the unencrypted document is immediately destroyed.
  3. A file server from which your authorized users can retrieve uploaded documents. You will provide a process which retrieves encrypted documents from the web server and decrypts these documents onto the file server using the private key. Of course, you are responsible for maintaining a file server which you trust to host these unencrypted documents.

Note that the private key does not live on web server. If an attacker were to gain read-access to your web server while there were documents waiting to be moved to your file server, then the attacker would only see a set of encrypted documents and they would not be able to retrieve the private key which would give them the ability to decrypt these documents.

Example

For this example, we assume that:

  1. Your web server is running Apache, *nix, and of course PHP.
  2. Your file server may be either *nix or Windows.
  3. We use (Composer)[https://getcomposer.org/] for package management, but you can modify the example to work without Composer.

This example does not answer how to move the encrypted files from the web server to the file server. On *nix, you might choose to move them with an rsync --delete ... command. On Windows, you could use WinSCP. Using an authorized_keys file, it's possible to create an automated job on either *nix or Windows which could move these files over automatically.

Create a Private/Public Key Pair

To create a private, public key pair in *nix:

You should put the public copy of your key (my_key_name.pub) onto your web server. But you should not put the private copy of your key (my_key_name.pem) onto your web server. The private copy of your key will need to be on your file server.

Sample Web Application

Web application structure:

The uploads directory must be writable to your Apache user. For example, you might use chmod o+w uploads.

The composer.json specifies the uwdoem/secure-upload package as a requirement. You'll need to run composer install to install this package and the vendor directory.

composer.json:

We place .htaccess files that block visitor access to the cert and uploads directories.

cert/.htaccess:

uploads/.htaccess:

The index.php is our primary page.

index.php:

For each file that is uploaded, four encryption files will be created. For example 719b5e92a27aefb858982131e8d3be56.data, 719b5e92a27aefb858982131e8d3be56.data.key, 719b5e92a27aefb858982131e8d3be56.info, and 719b5e92a27aefb858982131e8d3be56.info.key. Each uploaded file will have its own unique hash, prefixing the .data, .data.key, .info, and .info.key files.

All four of these files must be moved to your decryption script in order to decrypt the uploaded file.

Sample Decryption Script

In the tree below, I have uploaded two documents using the web application above and moved the resulting files into my decryption scrypt:

The composer.json specifies the uwdoem/secure-upload package as a requirement. You'll need to run composer install to install this package and the vendor directory.

composer.json:

Here is the script which performs the decryption. Having placed your encrypted data files into the in directory, you would invoke the script using php decrypt.php.

decrypt.php:

All versions of secure-upload with dependencies

PHP Build Version
Package Version
No informations.
Composer command for our command line client (download client) This client runs in each environment. You don't need a specific PHP version etc. The first 20 API calls are free. Standard composer command

The package uwdoem/secure-upload contains the following files

Loading the files please wait ....