[openssl-users] Using random bytes only in openssl_encrypt versus real private key

[Jim Dutton]

OK - thanks for the feedback. It is interesting to note that the openssl_private_encrypt function appears to require a "true" private key and either expects or defaults to RSA. In both cases neither PHP-OpenSSL nor OpenSSL documentation make these distinctions between the two "encrypt" functions.

Sent from my iPad (on iOS11 with only a few lost apps) - J.Dutton

> On Sep 2, 2018, at 5:08 PM, Viktor Dukhovni <openssl-users at dukhovni.org> wrote:
> 
> 
> 
>> On Sep 2, 2018, at 7:48 AM, Jim Dutton <randomnoise058 at gmail.com> wrote:
>> 
>> It appears that the (PHP) openssl_encrypt function will accept a string of
>> random bytes as the encryption key in place of a generated private key.
> 
> This is an interface to data encryption with the OpenSSL *symmetric*
> encryption algorithms, and so the concept of a "private key" does not
> apply in this context.  For most of these algorithms a key is just a
> random bit-string of the correct length.
> 
> Some algorithms like DES had parity bits and weak keys, but DES is
> obsolete, and more modern algorithms don't have these features.
> 
>> It
>> works without any errors or warnings. So does the openssl_decrypt function.
> 
> Keep in mind that without a MAC, this interface does not provide much by
> way of integrity protection ("padding" gives false positives with non-negligible
> probability).
> 
>> This begs the question: what does openssl_encrypt actually do with just a string
>> of random bytes passed as the "key".
> 
> It encrypts the data as requested with the given key and IV or authentication
> tag.
> 
>  http://php.net/manual/en/function.openssl-encrypt.php
> 
> -- 
>    Viktor.
> 
> -- 
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users