Hi,
I propose a patch for ext/openssl that extends support for crypto API.
- it provides access to openSSL digest functions
functionopenssl_get_md_methods();
function openssl_digest(string $data, string $method [, bool $raw]); - it provides access to openSSL digest functions
functionopenssl_get_cipher_methods();
function openssl_encrypt(string $data, string $method, $string
$password [, bool $raw]);
function openssl_decrypt(string $data, string $method, $string
$password [, bool $raw]); - It extends existing functions
openssl_pkey_new()and
openssl_pkey_get_details()to access internal values of DSA, RSA and DH
keys. For example you can create DH key and then access its internal values
using the following code:
<?php
$dh = openssl_pkey_new(array('dh' => array(
'p' => pack('H*', 'dcf93a0b883972ec'),
'g' => pack(H*', '02')));
$details = openssl_pkey_get_details($dh);
var_dump(base64_encode($deteils['dh']['p']));
var_dump(base64_encode($deteils['dh']['g']));
var_dump(base64_encode($deteils['dh']['priv_key']));
var_dump(base64_encode($deteils['dh']['pub_key']));
?> - it provides new function that computes shared secret for two DH keys
function openssl_dh_compute_key(string $pub_key, resource $dh) - it also extend some functions to support string name of crypto algorith in
addition to numeric constants.
This patch was written to implement OpenID protocol in PHP.
It is similar to patch by Wez
http://netevil.org/blog/2007/feb/openid-and-typekey-using-native-openssl-fun
ctions-in-php
but it provides less additional functions and works with big numbers as with
strings (instead of resources).
I would like to commit the path to PHP_5_2 and HEAD.
Any objections?
Thanks. Dmitry.
You just wasted time posting this here, just commit it. :)
--Jani
Hi,
I propose a patch for ext/openssl that extends support for crypto API.
- it provides access to openSSL digest functions
functionopenssl_get_md_methods();
function openssl_digest(string $data, string $method [, bool $raw]);- it provides access to openSSL digest functions
functionopenssl_get_cipher_methods();
function openssl_encrypt(string $data, string $method, $string
$password [, bool $raw]);
function openssl_decrypt(string $data, string $method, $string
$password [, bool $raw]);- It extends existing functions
openssl_pkey_new()and
openssl_pkey_get_details()to access internal values of DSA, RSA and DH
keys. For example you can create DH key and then access its internal values
using the following code:
<?php
$dh = openssl_pkey_new(array('dh' => array(
'p' => pack('H*', 'dcf93a0b883972ec'),
'g' => pack(H*', '02')));
$details = openssl_pkey_get_details($dh);
var_dump(base64_encode($deteils['dh']['p']));
var_dump(base64_encode($deteils['dh']['g']));
var_dump(base64_encode($deteils['dh']['priv_key']));
var_dump(base64_encode($deteils['dh']['pub_key']));
?>- it provides new function that computes shared secret for two DH keys
function openssl_dh_compute_key(string $pub_key, resource $dh)- it also extend some functions to support string name of crypto algorith in
addition to numeric constants.This patch was written to implement OpenID protocol in PHP.
It is similar to patch by Wez
http://netevil.org/blog/2007/feb/openid-and-typekey-using-native-openssl-fun
ctions-in-php
but it provides less additional functions and works with big numbers as with
strings (instead of resources).I would like to commit the path to PHP_5_2 and HEAD.
Any objections?Thanks. Dmitry.
You just wasted time posting this here, just commit it. :)
Thanks for this patch, so far my favourite until now! It does not
bring more inconsistencies to the openssl API and easy to understand.
I agree with Jani, you can commit it to HEAD so we can start to play
with it and see what can/should/could be improved or added. I have
played with my own patches to add similar features and met a couple of
annoyances, once it is in HEAD we can start to discuss and fix them if
any :)
Cheers,
--Pierre
Hi Dmitry,
Dmitry Stogov wrote:
Hi,
I propose a patch for ext/openssl that extends support for crypto API.
- it provides access to openSSL digest functions
functionopenssl_get_md_methods();
function openssl_digest(string $data, string $method [, bool $raw]);- it provides access to openSSL digest functions
functionopenssl_get_cipher_methods();
function openssl_encrypt(string $data, string $method, $string
$password [, bool $raw]);
function openssl_decrypt(string $data, string $method, $string
$password [, bool $raw]);- It extends existing functions
openssl_pkey_new()and
openssl_pkey_get_details()to access internal values of DSA, RSA and DH
keys. For example you can create DH key and then access its internal values
using the following code:
...
I would like to see this committed. I really could use this for some XML
Sec functionality.
Rob
Hi Dmitry,
Dmitry Stogov wrote:
Hi,
I propose a patch for ext/openssl that extends support for crypto API.
- it provides access to openSSL digest functions
functionopenssl_get_md_methods();
function openssl_digest(string $data, string $method [, bool $raw]);- it provides access to openSSL digest functions
functionopenssl_get_cipher_methods();
function openssl_encrypt(string $data, string $method, $string
$password [, bool $raw]);
function openssl_decrypt(string $data, string $method, $string
$password [, bool $raw]);- It extends existing functions
openssl_pkey_new()and
openssl_pkey_get_details()to access internal values of DSA, RSA and DH
keys. For example you can create DH key and then access its internal values
using the following code:...
I would like to see this committed. I really could use this for some XML
Sec functionality.Rob
--
Awesome work Dmitry, thanks! :)
--
David Coallier,
Founder & Software Architect,
Agora Production (http://agoraproduction.com)
51.42.06.70.18
Sounds good. Couple of notes:
-
Functions seem to lack prototypes except for encrypt which says:
"Returns an array of the fields/values of the CERT" - obviously it's
some mistake :) -
openssl_encrypt says "Unknown signature algorithm." when it should be
encryption algorithm I guess... And the final period isn't needed I
think. The same for decrypt.
--
Stanislav Malyshev, Zend Software Architect
stas@zend.com http://www.zend.com/
(408)253-8829 MSN: stas@zend.com