Hello,
I was wondering how difficult it would be to add access to a standard
authenticated encryption mode in openssl. I was looking and trying to
figure out how to do this in PHP, seems you have to do it the old
fashioned way that's way too prone to error, basically encrypt and mac
yourself. This has been shown to be really easy to mess up, but now we
have standards such as GCM, CCM, and EAX. GCM seems to be the popular
choice since it's the fastest, unencumbered by patents, and adopted by
NIST. (Also personally like GCM, because that's also what the JCE went
with and I have interest in using encryption between Java and PHP). It
seems openssl lib in C does have support for GCM, so I was wondering how
difficult would it be to offer such cipher options in PHP's openssl
functions such as "aes-128-gcm" etc... Possibly throwing an error when
the tag fails (or maybe something better, as if the user has display
errors on, there have been known attacks letting an attacker know if the
tag failed vs other reasons decryption failed).
Chad
To be honest, I've thought about it today and think that it could be great!
:) I'd love to help if it's possible in any way I can :)
Hello,
I was wondering how difficult it would be to add access to a standard
authenticated encryption mode in openssl. I was looking and trying to
figure out how to do this in PHP, seems you have to do it the old fashioned
way that's way too prone to error, basically encrypt and mac yourself.
This has been shown to be really easy to mess up, but now we have
standards such as GCM, CCM, and EAX. GCM seems to be the popular choice
since it's the fastest, unencumbered by patents, and adopted by NIST.
(Also personally like GCM, because that's also what the JCE went with and I
have interest in using encryption between Java and PHP). It seems openssl
lib in C does have support for GCM, so I was wondering how difficult would
it be to offer such cipher options in PHP's openssl functions such as
"aes-128-gcm" etc... Possibly throwing an error when the tag fails (or
maybe something better, as if the user has display errors on, there have
been known attacks letting an attacker know if the tag failed vs other
reasons decryption failed).Chad
Yahav Gindi Bar <g.b.yahav <at> gmail.com> writes:
To be honest, I've thought about it today and think that it could be great!
:) I'd love to help if it's possible in any way I can :)
I was wondering how difficult it would be to add access to a standard
authenticated encryption mode in openssl.Chad
Sorry to resuscitate an ancient thread, but I was curious if anything ever came
of this? I am currently looking for an aes-gcm impl in PHP, and contemplating
building my own openssl wrapper to expose access.
John
Hi,
I am currently looking for an aes-gcm impl in PHP, and contemplating
building my own openssl wrapper to expose access.
You can actually use aes-256-gcm or its 128 and 192 variants (check
openssl_get_cipher_methods). GCM is a cipher mode so you can use it in
openssl_encrypt and openssl_decrypt.
However the current php openssl extension is not very nice. It's missing
lots of features and functions supported in OpenSSL lib. The API is only
functional and the implementation is not great.
I decided to create a new objective binding for OpenSSL crypto lib. It's
available on https://github.com/bukka/php-crypto . The extension is in
development and only few features are available. Currently there are two
usable classes Crypt\Cipher and Crypto\Digest. They are sort of context
wrappers that have support for init / update / final methods. Please see
the API doc and examples in README for more details.
I have quite a big TODO list where also are CMAC and HMAC (authentication
mode algorightms) that are not currently supported in any PHP extension as
far as I am aware.
If anyone wants to help, I will be more than happy. OpenSSL has lots of
interesting functions and it would be great if they were available in PHP.
I am not a cryptography expert so if you have any ideas what would be
useful, feel free to create a new issue in
https://github.com/bukka/php-crypto/issues . If you want to help with
implementation, it's even better. But as I said I will be happy for any
help... ;)
Jakub
Jakub Zelenka in php.internals (Sat, 24 Aug 2013 20:16:21 +0100):
However the current php openssl extension is not very nice. It's missing
lots of features and functions supported in OpenSSL lib. The API is only
functional and the implementation is not great.I decided to create a new objective binding for OpenSSL crypto lib. It's
available on https://github.com/bukka/php-crypto . The extension is in
development and only few features are available. Currently there are two
usable classes Crypt\Cipher and Crypto\Digest. They are sort of context
wrappers that have support for init / update / final methods. Please see
the API doc and examples in README for more details.
This looks like a promising extension. For the die-hard Windows lovers I
managed to compile it as php_crypto.dll. It is inside my latest PHP
5.4.9 build:
https://dl.dropboxusercontent.com/u/8954372/php-5.4.19-nts-Win32-VC9-x86.zip
I will add the extension to my list of extensions, so any future build
will have it as well (after a git pull). See my builds at
http://www.apachelounge.com/viewforum.php?f=6
Jan
Jan Ehrhardt in php.internals (Sun, 25 Aug 2013 00:18:10 +0200):
I will add the extension to my list of extensions, so any future build
will have it as well (after a git pull). See my builds at
http://www.apachelounge.com/viewforum.php?f=6
Added this to all my builds, including PHP 5.3 (based on the Aug 20
snapshot):
http://www.apachelounge.com/viewtopic.php?t=5537
Jan
Hi,
Added this to all my builds, including PHP 5.3 (based on the Aug 20
snapshot):
http://www.apachelounge.com/viewtopic.php?t=5537
That's great! Thanks a lot!
I would like to correct myself about using GCM and CCM in PHP. These modes
are available for encryption/decryption but there is no way how to get an
authentication tag. That's a bit problem as it doesn't make sense to use
gcm or ccm if you can't get a tag... On top of it the AAD (Additional
Authentication Data) can't be set either...
I decided to fix that in php-crypto. I have created an issue about PHP API
for this modes: https://github.com/bukka/php-crypto/issues/4 . There are
two ideas how the API could be designed. It would be very helpful for me to
get any feedback as it could result in more usable API.
There also are two other issues in
https://github.com/bukka/php-crypto/issues . The first is about API for
Algorithm class and the second is about choosing a name for the method that
create a digest in one step (currenty Digest::make that is not really
explaining...). All issues are just about PHP user interface for this
extension (there is nothing about internal C implementation).
In addition if anyone knows about any objective crypto library that he used
in past and thinks that some ideas could be used in this extension, please
let me know. I was looking to Zend\Crypt and also plan to properly look to
crypto++.
Thanks
Jakub