[openssl-users] Using random bytes only in openssl_encrypt versus real private key
openssl-users at dukhovni.org
Sun Sep 2 22:08:33 UTC 2018
> On Sep 2, 2018, at 7:48 AM, Jim Dutton <randomnoise058 at gmail.com> wrote:
> It appears that the (PHP) openssl_encrypt function will accept a string of
> random bytes as the encryption key in place of a generated private key.
This is an interface to data encryption with the OpenSSL *symmetric*
encryption algorithms, and so the concept of a "private key" does not
apply in this context. For most of these algorithms a key is just a
random bit-string of the correct length.
Some algorithms like DES had parity bits and weak keys, but DES is
obsolete, and more modern algorithms don't have these features.
> works without any errors or warnings. So does the openssl_decrypt function.
Keep in mind that without a MAC, this interface does not provide much by
way of integrity protection ("padding" gives false positives with non-negligible
> This begs the question: what does openssl_encrypt actually do with just a string
> of random bytes passed as the "key".
It encrypts the data as requested with the given key and IV or authentication
More information about the openssl-users