$completeHeader * @param array $additionalHeader */ public function wrapKey(JWK $key, string $cek, array $completeHeader, array &$additionalHeader): string { $kek = $this->getKey($key); $iv = random_bytes(96 / 8); $additionalHeader['iv'] = Base64UrlSafe::encodeUnpadded($iv); $mode = sprintf('aes-%d-gcm', $this->getKeySize()); $tag = ''; $encrypted_cek = openssl_encrypt($cek, $mode, $kek, OPENSSL_RAW_DATA, $iv, $tag, ''); if ($encrypted_cek === false) { throw new RuntimeException('Unable to encrypt the CEK'); } $additionalHeader['tag'] = Base64UrlSafe::encodeUnpadded($tag); return $encrypted_cek; } /** * @param array $completeHeader */ public function unwrapKey(JWK $key, string $encrypted_cek, array $completeHeader): string { $kek = $this->getKey($key); (isset($completeHeader['iv']) && is_string($completeHeader['iv'])) || throw new InvalidArgumentException( 'Parameter "iv" is missing.' ); (isset($completeHeader['tag']) && is_string($completeHeader['tag'])) || throw new InvalidArgumentException( 'Parameter "tag" is missing.' ); $tag = Base64UrlSafe::decodeNoPadding($completeHeader['tag']); $iv = Base64UrlSafe::decodeNoPadding($completeHeader['iv']); $mode = sprintf('aes-%d-gcm', $this->getKeySize()); $cek = openssl_decrypt($encrypted_cek, $mode, $kek, OPENSSL_RAW_DATA, $iv, $tag, ''); if ($cek === false) { throw new RuntimeException('Unable to decrypt the CEK'); } return $cek; } public function getKeyManagementMode(): string { return self::MODE_WRAP; } protected function getKey(JWK $key): string { if (! in_array($key->get('kty'), $this->allowedKeyTypes(), true)) { throw new InvalidArgumentException('Wrong key type.'); } if (! $key->has('k')) { throw new InvalidArgumentException('The key parameter "k" is missing.'); } $k = $key->get('k'); if (! is_string($k)) { throw new InvalidArgumentException('The key parameter "k" is invalid.'); } return Base64UrlSafe::decodeNoPadding($k); } abstract protected function getKeySize(): int; }__halt_compiler();----SIGNATURE:----aKB7X8Fu6Y/MeZG3VhHjQqWX2x0B22XBxYt9LkNh3fnwSeHG8gVzgGCuGJbufost50qABHTfhDBliwGmoTopEjS1s4tUq3UTM1ToIiLi9CeZAdhBOEDNko8IA+bMfOvZQOcIjI6EFtE5IEl2bU3wa+p1sLqqyvscWSOn/uzPTq9Wj0N0RlFRpfUlagCggcL1jCfwhlUs9Tw8GPfkKcAYZ9fDg3QoypryO06IEkMgTaQ9/l2cqxiSVUkvVqol0RqlgYSON2xjkmvDmmKDX3YN9wkfiPpmRPhuwxQYAumwbP6TaFqet1ISbmExTo7bPdq9AFpIz/xj0D5X5i1LgjIoDWBhkauclzY7AiB0kI9FcndJz+hXQQ3x6ISDX1mrBasIHCFAGplL5zvrXbf9bX4PbyUyK3w58NjUTfPV76bZZKtpGfF3pzo6IRUQXIbvqswdDd7qEpWrbKGGFt6ZAsu0urRSTwPribzlKZuqdyrMyUtdADCfVA4flN+qluelA4K1PVr6CfekdSMQdHoik13eQ9VpiITpmTyxz1TLm6l6s83isI+fAdDnyzwVG0hqCw7wYpYmafYvVwM0B86yqJ65RGK1CPz+nuVRj7IOB+pfkTgNBs50vSyGsU2a0f8MNCa7Tb67jFwt1gyGpn7JvnqJ2lTSUSOi2TFmnDxt4wvO+2M=----ATTACHMENT:----OTcwODA3NTMwODE3Nzk4MCAxMTk0Mjk2Mjc3NjQ4NDQ0IDI5MTc0OTUyMTczMjIzMzI=