rnp Write PHP module which makes use of RNP functionality.

Description

It appears that there are not much of OpenPGP implementations, available for the PHP language. Given that Drupal and Wordpress are quite popular as a site backend there could be some demand for PHP PGP module. Hopefully somebody from the PHP world would give us sime insights on this so we may prioritize this issue.

Jan 17 '22 17:01 ni4

I can try to write such module, I had some experience with PHP module API. However, PHP code can always call external command line tool, like gpg or rnp.

Jan 17 '22 21:01 antonsviridenko

@antonsviridenko that's great! Can you help do this?

Jan 18 '22 09:01 ronaldtse

However, PHP code can always call external command line tool, like gpg or rnp.

This would not be a good approach for high-loaded servers, and may lead to some vulnerabilities, like this one: https://ubuntu.com/security/CVE-2018-12020

Jan 18 '22 10:01 ni4

ok, how it should look like? All API functions from <rnp/rnp.h> exported as close as possible to original C version?

Jan 20 '22 08:01 antonsviridenko

ok, how it should look like? All API functions from <rnp/rnp.h> exported as close as possible to original C version?

It should be something similar to ruby-rnp/py-rnp : first part is a raw lib which just imports C functions, and second is native PHP wrapper with classes, native types and so on. I doubt that PHP users will strictly follow FFI API rules for object and buffer destroying, use raw C strings and so on :)

Jan 20 '22 10:01 ni4

Which PHP version should be targeted? https://www.php.net/supported-versions.php PHP 7.4 probably is going to be EOL-ed when this module becomes ready and reaches repositories.

Jan 27 '22 04:01 antonsviridenko

@antonsviridenko perhaps let's leave that decision to you since you are definitely more familiar with PHP than I am 😄

Jan 27 '22 06:01 ronaldtse

Actually 3rd party module for interaction with gnupg does exist. https://pecl.php.net/package/gnupg https://github.com/php-gnupg/php-gnupg

Jan 28 '22 05:01 antonsviridenko

@antonsviridenko Yeah, but it uses gpgme which invokes gnupg executable. Also it would restrict user to the LGPL license.

Jan 28 '22 09:01 ni4

How language bindings (py-rnp, ruby-rnp, swift-rnp) are synchronized with RNP API updates?

Feb 06 '22 19:02 antonsviridenko

How language bindings (py-rnp, ruby-rnp, swift-rnp) are synchronized with RNP API updates?

Manually :) There is no any formal process yet. Probably we should make one, or add some CI, so bindings would track newly added FFI functions.

Feb 07 '22 10:02 ni4

Started to work on PHP module, 5 API functions are implemented so far :) https://github.com/rnpgp/php-rnp

Mar 20 '22 23:03 antonsviridenko

Thank you @antonsviridenko !

Mar 29 '22 01:03 ronaldtse

Any ideas about password provider implementations for PHP? :)

If PHP script runs as a command line, it can use stdin password provider, like default in CLI, but most frequent use is in context of web server process.

May 29 '22 17:05 antonsviridenko

@antonsviridenko In web server context I see only two ways - via some callback (is it possible for PHP?), or via string constant. The second option however would need to know in advance to which key(s) or/and passwords data is encrypted. Probably we should extend our API with some rnp_get_recipients() call to be able to analyze input data for recipients.

May 30 '22 09:05 ni4

Yeah, it appears callbacks are available in PHP.

https://www.php.net/manual/en/language.types.callable.php

Btw, how it is done in other language bindings?

Jun 05 '22 22:06 antonsviridenko

@antonsviridenko ruby-rnp uses callback or predefined password approach, please see this example: https://github.com/rnpgp/ruby-rnp/blob/main/examples/password_provider.rb

Jun 06 '22 10:06 ni4

Let's talk about the license of this module. If we want it to be included into the PECL, "The PHP License, version 3.01" is preferred.

https://pecl.php.net/account-request.php

Jul 17 '22 14:07 antonsviridenko

@antonsviridenko it looks like they support the BSD license too? Let’s use the same BSD license for simplicity in managing our project. Thanks!

Jul 19 '22 07:07 ronaldtse

@ronaldtse ok, added LICENSE file with Ribose license text https://github.com/rnpgp/php-rnp/blob/main/LICENSE

Aug 14 '22 16:08 antonsviridenko

So, minimal amount of required APIs for key generation/sign/verify/encrypt/decrypt operations is implemented so far. PHP API looks like this now - https://github.com/rnpgp/php-rnp/blob/main/rnp.stub.php. Time to write some PHP documentation :)

Aug 14 '22 16:08 antonsviridenko

Keys are referenced using fingerprint strings or arrays containing such strings ($keys_fp, $recipient_keys_fp, return value of rnp_op_generate_key())

Aug 14 '22 16:08 antonsviridenko

Thank you @antonsviridenko !

Aug 14 '22 18:08 ronaldtse

@ronaldtse Did you receive any response from PECL-Dev? Probably you need to subscribe to this mailing list first, your email is not visible in mailing list archives, probably it did not reach them

https://marc.info/?l=pecl-dev&r=1&b=202208&w=2

Sep 04 '22 08:09 antonsviridenko

@antonsviridenko you're absolutely right -- I've just re-done it and the message is now on the list. Thanks!

Sep 05 '22 02:09 ronaldtse

@ronaldtse any news about the PECL account?

Sep 14 '22 12:09 antonsviridenko

What version number should we assign to the first release of this module? PECL requires versioned releases as I see.

Sep 15 '22 06:09 antonsviridenko

Let it be version 0.1

Sep 18 '22 17:09 antonsviridenko

rnp rnp copied to clipboard

Write PHP module which makes use of RNP functionality.

Description

rnp
rnp copied to clipboard