[openssl-users] Using random bytes only in openssl_encrypt versus real private key
Richard Levitte
levitte at openssl.org
Mon Sep 3 03:48:17 UTC 2018
In message <6126f3d3-91a0-02b3-20e8-ab26dbf8bc60 at gmail.com> on Sun, 2 Sep 2018 06:48:09 -0500, Jim Dutton <randomnoise058 at gmail.com> said:
> It appears that the (PHP) openssl_encrypt function will accept a string of
> random bytes as the encryption key in place of a generated private key. It
> works without any errors or warnings. So does the openssl_decrypt function.
>
> This begs the question: what does openssl_encrypt actually do with just a string
> of random bytes passed as the "key". I can't find anything in the OpenSSL or
> PHP/openssl source code that clearly identifies any particular action
> specifically related to a string of random bytes used as the encryption key,
> other than requiring a correct key length.
openssl_encrypt (and openssl_decrypt) does symmetric encryption, not
asymmetric, so private / public keys aren't involved, just an
encryption key that, as you noticed, can be any random bytes (although
they are usually generated from a passphrase using a secure key
derivation function). For more information, I suggest you read the
PHP docs (which is essentially what I did):
http://php.net/manual/en/function.openssl-encrypt.php
Cheers,
Richard
--
Richard Levitte levitte at openssl.org
OpenSSL Project http://www.openssl.org/~levitte/
More information about the openssl-users
mailing list