I am looking into php openSSL library and need to sign a string using pub and priv key. The function openssl_pkcs7_sign() from documentation it seem to take the file path as a file parameter but I have string in a variable that I need to encrypt. I see all of its examples points to writing files.
Is there any way I can pass the string into the function? Or perhaps some other functions available? Writing file to disk doesn't seem very practical for my use cases.
As far as I know, it's not possible.
According to the source code of OpenSSL PHP extension, they use openssl library function PKCS7_sign.
This function takes a BIO stream as input, which can be a buffer.
However, in OpenSSL PHP extension, the BIO stream is created as a file, taking the filename as a parameter.
You can ask for the implementation of this new feature through an RFC, but you probably want to discuss the matter in the internals mailing list first.
Related
When using PHP with get_file_contents() to read in a file that has been encrypted, it doesn't change any of the encrypted contents.
When replicating it in NodeJS though through fs.readFile(file, "utf8") or even fs.readFileSync(file, "utf8") the encryption is somehow manipulated as when being checked the same way as the PHP version it fails.
Reading in that same file without encryption works with fs.readFile(file, "utf8").
I have tried ignoring encoding all together, swapping to binary encoding and nothing seems to work.
Is there a way to keep fs.readFile() or fs.readFileSync() from change encryption characters?
You should not use the "utf8" parameter in fs.readFile(file, "utf8").
It seems like the right parameter for you would be "latin1" or its legacy alias "binary" which communicates your intention more clearly.
You can check the available encodings here.
I'm trying to extract some files out of a tar.gz file.
But the filename seems to cause problems:
xxx.some-random-number.tar.gz
When I use \PharData::isValidPharFilename('xxx.some-random-number.tar.gz', false) the function returns false. When I omit the first part (i.e. \PharData::isValidPharFilename('some-random-number.tar.gz', false) it returns true.
I can't use different filenames as they are provided from a third-party service (and I don't wanna rename them on the fly, either (tedious).
Any ideas how to solve this?
I believe the extension needs to be phar, tar or zip. I just answered a similar question here where I provided a bit more detail.
I need to download a file via PHP ftp_get(), but the foolish provider is using directories and file names contaning whitespace.. The file path I'm dealing with is similar to /product info/more stuff/inventory and stuff.csv
The spaces in the path and in the filename itself is making it difficult to retrieve anything. I already tried the following without success:
$path = "/product\ info/more\ stuff/inventory\ and\ stuff.csv";
$path = "/product%20info/more%20stuff/inventory%20and%20stuff.csv";
$path = '"/product info/more stuff/inventory and stuff.csv"';
Thanks again for taking the time to help me out.
Your third attempt, quoting the complete path, was already the recommended approach. Though it very much depends on the actual server implementation.
FTP per RFC859 is comprised of a terminal session and a data transfer channel. Basically the FTP server provides a mini-shell on the command port. As such, typical shell string escaping rules do apply. URL encoding can be ruled out here.
I'd advise first to use single quotes however. Preferrably use escapeshellarg() to apply them. And try ftp_nb_get() while at it.
$path = "/foo foo/bar bar/baz baz.csv";
ftp_nb_get($con, "save.csv", escapeshellarg($path), 2);
If that doesn't work, further debugging is necessary. While all ftp_* function arguments are left unprocessed, you could as well try to send a ftp_raw request. This won't actually activate the data channel reading, but might return a more concrete error response.
print_r(ftp_raw($con, "RETR '/path to/some file.csv'\r\n"));
And I'm just gonna say it, if you're still getting a file not found error then; it's entirely possible that the file really doesn't exist at the presumed location. In that case manually traverse the directory structure with ftp_nlist and ftp_rawlist with var_dump (in case of extra trailing spaces for subdirs).
Alternatively just use PHPs ftp:// stream wrapper (which also supports PASV mode). Whose implementation is distinct from that of the ext/ftp functions. Here funnily enough, URL encoding is again the correct approach, but quoting still necessary (ftp_fopen_wrapper.c does not quote itself):
= file_get_contents("ftp://user:pw#example.org/'path%20to/file%20and.csv'");
// Inline quotes may likely trip up some FTP server implementations..
A much better alternative though is just using cURL.
// You'll have to use the long-winded PHP curl functions of course.
print curl("ftp://.../file with spaces.csv")->exec();
Last option is just resorting to calling a Unixland client. (If not wget, than a plain ftp client.)
$url = escapeshellarg("ftp://user:pw#ftp.example.org/$path");
$file = `wget $url`;
If you still can't retrieve any files, you'll have to look for an alternative FTP client in PHP for further debugging. Guess who wrote one.
To get a list of files or folders with spaces in the path.
ftp_chdir($conn, $path);
$children = ftp_rawlist($conn,'-a .');
Source
Is there a PHP lib that provides similar functionality as the argparse module of Python? PHP's getopt certainly doesn't cut it.
What I need:
required param check and automatic error msg generation.
correct exit status on error ( > 0 if param parse error).
error msg's to STDERR.
help msg generation of all accepted params.
param type checking is a bonus.
Basically how a *NIX CLI script should behave.
The most comprehensive library i know of (and the only one i've actually used) is Console_CommandLine. I have not used argparse so I can't tell you if it is as featured or compare them.
You can use Zend_Console_GetOpt.
Docopt, an altogether beautiful command parser, has a PHP version.
I have a string that I would like to encrypt in Python, store it as a cookie, then in a PHP file I'd like to retrieve that cookie, and decrypt it in PHP. How would I go about doing this?
I appreciate the fast responses.
All cookie talk aside, lets just say I want to encrypt a string in Python and then decrypt a string in PHP.
Are there any examples you can point me to?
Use a standard encryption scheme. The implementation is going to be equivalent in either language.
RSA is available (via third party libraries) in both languages, if you need asymmetric key crypto. So is AES, if you need symmetric keys.
There is a good example here:
http://www.codekoala.com/blog/2009/aes-encryption-python-using-pycrypto/
Other links that may help:
http://www.phpclasses.org/browse/package/4238.html
http://www.chilkatsoft.com/p/php_aes.asp
If you're not talking about encryption but encoding to make sure the contents make it through safely regardless of quoting issues, special characters, and line breaks, I think base64 encoding is your best bet. PHP has base64_encode / decode() out of the box, and I'm sure Python has, too.
Note that base64 encoding obviously does nothing to encrypt your data (i.e. to make it unreadable to outsiders), and base64 encoded data grows by 33%.
Well, my first thought would be to use a web server that uses SSL and set the cookie's secure property to true, meaning that it will only be served over SSL connections.
However, I'm aware that this probably isn't what you're looking for.
Although a bit late. Find sample code below using the Fernet library
#Python Code - fernet 1.0 library
from cryptography.fernet import Fernet
key = b"Gm3wFh9OiQHcVc8rcAMm8IOqKOJtk7CbrGRKVhrvXhg="
f = Fernet(key)
token = f.encrypt(b'the quick brown fox jumps over the lazy hare')
print(token)
##gAAAAABiMWVPsStLo42ExcmIqcGvRvCCmnhB5B6dc2JsOm4w-VsE9oJOuk_qYuZvHv5quQR4t_6ZjNJzAdCiDPOtESNzCreJZLwc2X-_apbqKKnBwc3KhmqL-K5X7t1uR1WXuyUEYUtW
<?php
//PHP - kelvinmo/fernet-php v1.0.1 A
require 'vendor/autoload.php';
use Fernet\Fernet;
$key = "Gm3wFh9OiQHcVc8rcAMm8IOqKOJtk7CbrGRKVhrvXhg=" ;
$fernet = new Fernet($key);
$token = "gAAAAABiMWVPsStLo42ExcmIqcGvRvCCmnhB5B6dc2JsOm4w-VsE9oJOuk_qYuZvHv5quQR4t_6ZjNJzAdCiDPOtESNzCreJZLwc2X-_apbqKKnBwc3KhmqL-K5X7t1uR1WXuyUEYUtW";
echo $fernet->decode($token);
?>