Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:87599 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 38599 invoked from network); 4 Aug 2015 11:54:19 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 4 Aug 2015 11:54:19 -0000 Authentication-Results: pb1.pair.com header.from=scott@paragonie.com; sender-id=unknown Authentication-Results: pb1.pair.com smtp.mail=scott@paragonie.com; spf=permerror; sender-id=unknown Received-SPF: error (pb1.pair.com: domain paragonie.com from 209.85.192.49 cause and error) X-PHP-List-Original-Sender: scott@paragonie.com X-Host-Fingerprint: 209.85.192.49 mail-qg0-f49.google.com Received: from [209.85.192.49] ([209.85.192.49:35999] helo=mail-qg0-f49.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 85/22-24673-BE7A0C55 for ; Tue, 04 Aug 2015 07:54:19 -0400 Received: by qgeh16 with SMTP id h16so4041838qge.3 for ; Tue, 04 Aug 2015 04:54:16 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=j6ByjAKNnWWtuD06MMfSzkfAE+V1bq5GoiLr+V3++zM=; b=l0i6u6O8AGon2/GxZULaw75LbNDmldBIAY7IOIwNXam1I3neHCbIZq5T8y6j3J1cyv 4naCOdq0ndkf1VhpNGEV8KzM75Ju2rSuR+hAv9EeOYpsqRzDRLLeUVUmAh1UEq2/7t5n L5TkJJUyLjykyEpMTmBYXoQQ/ZndLKAMuW3dRMbwlC8EtahUQoHVYsp8Qazxf/au19rZ Hl2l2yLV5wl3vD/nKNMOFKcjA9jR0Y9ddrsxuL82j1LZ/dAKol9ChY1U2fJ5QkPZrF64 UA5V9JHYAil29jnLvC7Mfkkji45EXyA4vTA/1vQGjvFEfUMwdfOtEMu5gh+ruAZXA1ri ua0w== X-Gm-Message-State: ALoCoQktLVPiRiXuWu/ylrLf+ipkrev6UzM8K4BoY44NfeL6xnJb0taHl47Usdq/hLtaz5na8bPf MIME-Version: 1.0 X-Received: by 10.140.86.41 with SMTP id o38mr5655074qgd.102.1438689256134; Tue, 04 Aug 2015 04:54:16 -0700 (PDT) Received: by 10.96.83.102 with HTTP; Tue, 4 Aug 2015 04:54:16 -0700 (PDT) In-Reply-To: <9996b5784a1bfbca80b07de01f1a7a94@k-piste.dy.fi> References: <9996b5784a1bfbca80b07de01f1a7a94@k-piste.dy.fi> Date: Tue, 4 Aug 2015 07:54:16 -0400 Message-ID: To: =?UTF-8?Q?Lauri_Kentt=C3=A4?= Cc: PHP Internals Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Subject: Re: [PHP-DEV] PHP 7.1 Cryptography Projects From: scott@paragonie.com (Scott Arciszewski) On Tue, Aug 4, 2015 at 4:13 AM, Lauri Kentt=C3=A4 = wrote: > On 2015-08-03 23:54, Scott Arciszewski wrote: >> >> $AES =3D new \PCO\Symmetric('openssl:cipher=3DAES-128'); > > > It would be great if you could just ask for cipher=3DAES-128 without > explicitly specifying the provider (openssl). > > -- > Lauri Kentt=C3=A4 Hi Lauri, That's a good suggestion that has come up before in the draft discussion. We're still discussing the DSN string for the constructor. These are what the options look like, currently: * ":cipher=3DAES-256;mode=3DGCM" should use whatever driver allows aes-256-gcm`or throw an exception if none are available * "openssl:cipher=3DAES-256;mode=3DGCM" should use specifically openssl for aes-256-gcm, and throw an exception if openssl is not installed * "libsodium" should use libsodium (or throw an exception if it's not installed) in the default configuration * "openssl" should use openssl in a secure, sane default * "openssl:cipher=3DAES-128;mode=3DECB" should throw an exception because we do not allow secure modes * "openssl:cipher=3DAES-128;hash=3DSHA256" should use AES-128-CTR with HMAC= -SHA-256 * "openssl:cipher=3DAES-192;mode=3DCBC;hash=3DSHA384" should use AES-192-CB= C with HMAC-SHA-384 Version and configuration information (not what is passed, but what is used) will be stored in the first few bytes of ciphertext output. Cheers, Scott Arciszewski Chief Development Officer Paragon Initiative Enterprises