Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:90112 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 27080 invoked from network); 5 Jan 2016 17:16:15 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 5 Jan 2016 17:16:15 -0000 Authentication-Results: pb1.pair.com header.from=scott@paragonie.com; sender-id=unknown Authentication-Results: pb1.pair.com smtp.mail=scott@paragonie.com; spf=permerror; sender-id=unknown Received-SPF: error (pb1.pair.com: domain paragonie.com from 209.85.215.43 cause and error) X-PHP-List-Original-Sender: scott@paragonie.com X-Host-Fingerprint: 209.85.215.43 mail-lf0-f43.google.com Received: from [209.85.215.43] ([209.85.215.43:33126] helo=mail-lf0-f43.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 95/B8-12097-D5AFB865 for ; Tue, 05 Jan 2016 12:16:13 -0500 Received: by mail-lf0-f43.google.com with SMTP id p203so300368219lfa.0 for ; Tue, 05 Jan 2016 09:16:13 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paragonie-com.20150623.gappssmtp.com; s=20150623; h=mime-version:date:message-id:subject:from:to:content-type; bh=/xG4GG6qjoZFfvTTpuG8glYXEWLGFMhu++ae0qQ61Nc=; b=djsqMIGMWLxIH46iLzymiSroybd3W3LHunOP0sxwlwEqFSB48aSz9l02uV8l0sCzpn xiD9hESpFwHgUDJIRffNc0FmD8gxHcwGR0BLUITOzcjnSsm07mF1uizoRgLjg+p72KZr 3HeY3bJYto/EmGzGXXKsGYUAiO/BWLctiYURkFC2DDfTep8jWtgTqJ7/byXYZy7XzoZs SeUg63uT/uiZVVVB/R450sSboRunNqlbNPhcCx+ZgP5mlmEuFsBudEA0JEfuXOPrwGwD MNQo04vTsgK8uEGA2vPt1FKi4y20YtujlVKQrg6YUgNPqb8A8iH20IN7V1D+9I3LdifY vhgg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:date:message-id:subject:from:to :content-type; bh=/xG4GG6qjoZFfvTTpuG8glYXEWLGFMhu++ae0qQ61Nc=; b=JnEaUWJBwykvo6pAajclATeVgan/K7d5oCbICOTmi08B3IrqUYqts2P6vBlZo+0Wvn 3n5hBVt7laRHH4MFG6Op+o98NEQKQ/t9jd8YcE2PY2dY5O60i49QQp3sMkVx2I1/GGHx 7mszRWb+rOe0G9t3ytteA/gLkONTKCK3EU4/3fxCkRngSR6281TGtSXn0mYDKY5vvlIv /Ey52PA1YCFywTxs6hwGwrCtRSANElu4i4HT3tbIYFHApHYmNqrXfVlc0BPvrgv58mb4 LzmDxmZST/CzNQVoj7DRzzcD4CG/BiPBuLgr7avsa92ytR2my7lu979ZgLzHUqIBB/va u1aA== X-Gm-Message-State: ALoCoQlKXOxoo8Wy3Kehg1dxeAR11DtNXwoY9s70bpJI0B2dF2JX9tDHGwv5Xgk9acf0zZpDH2H1gFo0FDRP2U3PYb1xed+EKQ== MIME-Version: 1.0 X-Received: by 10.25.142.84 with SMTP id q81mr27535165lfd.77.1452014169508; Tue, 05 Jan 2016 09:16:09 -0800 (PST) Received: by 10.114.160.13 with HTTP; Tue, 5 Jan 2016 09:16:09 -0800 (PST) Date: Tue, 5 Jan 2016 12:16:09 -0500 Message-ID: To: PHP Internals Content-Type: text/plain; charset=UTF-8 Subject: Help Design a New Cryptography API for PHP 7.1 From: scott@paragonie.com (Scott Arciszewski) TL;DR, make this part of PHP 7.1: $cipher = new Php\Crypto\Symmetric([ 'driver' => 'openssl' ]); $key = $cipher->deriveKey( $someUserProvidedPasswordString, $someHardCodedSalt ); $encrypted = $cipher->encrypt($message, $key); I'm developing a userland prototype in PHP here, so hopefully anyone can join in even if you're not fluent in C: https://github.com/paragonie/pco_prototype Once we're happy with how the API functions, and what the default/allowed parameters will be for each driver, we can start writing the PHP extension and move forward with the RFC to merge it. Here's an overview of the project: * The API (what we're discussing) * The drivers (we don't develop these) * Libsodium * OpenSSL * Room to grow in case we need to adopt for a post-quantum cryptography library Scott Arciszewski Chief Development Officer Paragon Initiative Enterprises