PHP

Installation

To install Themis for PHP, go to Themis source directory and type:

make phpthemis_install

this will build phpthemis.so extension for php. Now add this to php.ini:

extension=phpthemis.so

You're ready to go.

Usage

Key Pair Generation

Themis supports Elliptic Curve and RSA algorithms for asymmetric cryptography

$key_pair = phpthemis_gen_ec_key_pair(); # or phpthemis_gen_rsa_key_pair(); for RSA
$private_key = $key_pair['private_key'];
$public_key = $key_pair['public_key'];

Secure Message

Encrypt message:

$encrypted_message = phpthemis_secure_message_wrap($private_key, $peer_public_key, message);
if (is_null($encrypted_message)){
      #error is occured
}

Decrypt message:

$decrypted_message = phpthemis_secure_message_unwrap($private_key, $peer_public_key, encrypted_message);
if (is_null($decrypted_message)){
      #error is occured
}

Secure Cell

All Secure Cell modes has an optional parameter context. For detailed explanation of various modes and their strengths and weaknesses, see objects guide and cryptosystem description for Secure Cell.

Seal Mode

Encrypt

$encrypted_message = phpthemis_scell_full_encrypt($password, $message, $context);

Decrypt

$decrypted_message = phpthemis_scell_full_decrypt($password, $encrypted_message, $context);

Token-protect Mode

Encrypt

$encrypted_message, $additional_auth_data = phpthemis_scell_auto_split_encrypt($password, $message, $context);

Decrypt

message = phpthemis_scell_auto_split_decrypt([$encrypted_message, $additional_auth_data], $context);

Context-Imprint Mode

Encrypt

$encrypted_message = phpthemis_scell_user_split_encrypt($message, $context);

Decrypt

message = phpthemis_scell_user_split_decrypt($encrypted_message, $context);

Secure Session

Themis Secure Session bindings for PHP are included in phpthemis extension. But typical architecture of PHP applications (PHP script is invoked by Apache per every request) does not allow to organize secure interaction for session setup. Secure session object can not be serialized and stored before session establishing process was completed.

However, if you are using standalone / daemonized PHP applications, you might still try to use Secure Session at your own discretion.