feat(deps): Upgrade phpseclib to v3 #48183
Draft
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
susnux
force-pushed
the
fix/deps/php-seclin
branch
from
f25ae54 to
d9d7046
Compare
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
susnux
force-pushed
the
fix/deps/php-seclin
branch
from
d9d7046 to
25d13a4
Compare
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
susnux
force-pushed
the
fix/deps/php-seclin
branch
from
c66f090 to
9ca9c89
Compare
Contributor
Author
|
Problem with this: |
8 tasks
This was
linked to
issues
Jul 8, 2025
8 tasks
joshtrichards
added
bug
2. developing
Member
|
Perhaps |
Signed-off-by: Josh <josh.t.richards@gmail.com>
| $auth->setPassword($this->config->getSystemValue('secret', '')); | ||
| if (!$auth->loadKey($storage->getBackendOption('private_key'))) { | ||
| $auth = new RSA\PrivateKey(); | ||
| $auth->withPassword($this->config->getSystemValue('secret', '')); |
Member
There was a problem hiding this comment.
Suggested change
| $auth->withPassword($this->config->getSystemValue('secret', '')); | |
| $auth = $auth->withPassword($this->config->getSystemValue('secret', '')); |
v3 is immutable
| // Add fallback routine for a time where secret was not enforced to be exists | ||
| $auth->setPassword(''); | ||
| if (!$auth->loadKey($storage->getBackendOption('private_key'))) { | ||
| $auth->withPassword(''); |
Member
There was a problem hiding this comment.
Suggested change
| $auth->withPassword(''); | |
| $auth = $auth->withPassword(''); |
Member
There was a problem hiding this comment.
L220 for v3
private static function getCipher() {
$cipher = new AES('cbc');
Updated RSA key loading to use PSS padding and options. Signed-off-by: Josh <josh.t.richards@gmail.com>
terrafrost
reviewed
Jan 15, 2026
| $auth->setPassword($this->config->getSystemValue('secret', '')); | ||
| if (!$auth->loadKey($storage->getBackendOption('private_key'))) { | ||
| try { | ||
| $auth = RSACrypt::loadPrivateKey( |
There was a problem hiding this comment.
Might be nice to support EC / DSA keys as well. One can do that thusly:
$auth = \phpseclib3\Crypt\PublicKeyLoader::load(
$storage->getBackendOption('private_key'),
$this->config->getSystemValue('secret', '');
);
if (!$auth instanceof \phpseclib3\Crypt\Common\PrivateKey) {
throw new \Exception('A private key needs to be loaded - not a ' . $auth::class . ' key');
}I suppose it might also be worthwhile to realize that if no key can be detected (eg. you try to load a PHP file as a key) then a \phpseclib3\Exception\NoKeyLoadedException will be thrown.
That said, if more than just RSA keys are going to be supported then renaming the class would prob be appropriate as well.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
TODO
Checklist