Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:63206 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 67732 invoked from network); 20 Sep 2012 14:48:13 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 20 Sep 2012 14:48:13 -0000 Authentication-Results: pb1.pair.com header.from=admin@codeangel.org; sender-id=unknown Authentication-Results: pb1.pair.com smtp.mail=admin@codeangel.org; spf=permerror; sender-id=unknown Received-SPF: error (pb1.pair.com: domain codeangel.org from 216.119.135.130 cause and error) X-PHP-List-Original-Sender: admin@codeangel.org X-Host-Fingerprint: 216.119.135.130 a2s40.a2hosting.com Windows 98 (1) Received: from [216.119.135.130] ([216.119.135.130:42071] helo=a2s40.a2hosting.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 47/FC-15057-CAC2B505 for ; Thu, 20 Sep 2012 10:48:13 -0400 Received: from c-50-129-101-144.hsd1.il.comcast.net ([50.129.101.144]:42454 helo=[10.0.1.3]) by a2s40.a2hosting.com with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.77) (envelope-from ) id 1TEi2y-0049Sg-Ad for internals@lists.php.net; Thu, 20 Sep 2012 10:48:08 -0400 Message-ID: <505B2CA7.6050505@codeangel.org> Date: Thu, 20 Sep 2012 09:48:07 -0500 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:14.0) Gecko/20120714 Thunderbird/14.0 MIME-Version: 1.0 To: internals php list Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - a2s40.a2hosting.com X-AntiAbuse: Original Domain - lists.php.net X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - codeangel.org Subject: Authenticated Encryption in PHP From: admin@codeangel.org (Chad Emrys) Hello, I was wondering how difficult it would be to add access to a standard authenticated encryption mode in openssl. I was looking and trying to figure out how to do this in PHP, seems you have to do it the old fashioned way that's way too prone to error, basically encrypt and mac yourself. This has been shown to be really easy to mess up, but now we have standards such as GCM, CCM, and EAX. GCM seems to be the popular choice since it's the fastest, unencumbered by patents, and adopted by NIST. (Also personally like GCM, because that's also what the JCE went with and I have interest in using encryption between Java and PHP). It seems openssl lib in C does have support for GCM, so I was wondering how difficult would it be to offer such cipher options in PHP's openssl functions such as "aes-128-gcm" etc... Possibly throwing an error when the tag fails (or maybe something better, as if the user has display errors on, there have been known attacks letting an attacker know if the tag failed vs other reasons decryption failed). Chad