[openssl-users] Using random bytes only in openssl_encrypt versus real private key
Jim Dutton
randomnoise058 at gmail.com
Sun Sep 2 11:48:09 UTC 2018
It appears that the (PHP) openssl_encrypt function will accept a string of
random bytes as the encryption key in place of a generated private key. It
works without any errors or warnings. So does the openssl_decrypt function.
This begs the question: what does openssl_encrypt actually do with just a string
of random bytes passed as the "key". I can't find anything in the OpenSSL or
PHP/openssl source code that clearly identifies any particular action
specifically related to a string of random bytes used as the encryption key,
other than requiring a correct key length.
Does it fall back to some internal default? If so - I cannot find it.
More information about the openssl-users
mailing list