![]() If you are using PHP >= 7.2 consider using inbuilt sodium core extension for encrption. Instead of implementing this yourself, check out EasyRSA.įurther reading: Doing RSA in PHP correctly. Concatenate your RSA-encrypted AES key (step 3) and AES-encrypted message (step 2).Encrypt your AES key (step 1) with your RSA public key, using RSAES-OAEP + MGF1-SHA256.Encrypt your plaintext message with the AES key, using an AEAD encryption mode or, failing that, CBC then HMAC-SHA256.Your protocol should look something like this: The only reason to use RSA in 2017 is, "I'm forbidden to install PECL extensions and therefore cannot use libsodium, and for some reason cannot use paragonie/sodium_compat either." If you need a pure-PHP polyfill, get paragonie/sodium_compat. Libsodium will be available in PHP 7.2, or through PECL for earlier versions of PHP. $decrypted = sodium_crypto_box_seal_open( $publicKey = sodium_crypto_box_publickey($keypair) The Best Alternative: sodium_crypto_box_seal() (libsodium) $keypair = sodium_crypto_box_keypair() Since RSA cannot, by itself, encrypt very long strings, developers will often break a string into small chunks and encrypt each chunk independently.Developers choose the wrong padding mode.There are two big mistakes that people make when they decide to encrypt with RSA: ![]() There are better options for PHP public-key cryptography. No application written in 2017 (or thereafter) that intends to incorporate serious cryptography should use RSA any more. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |