[openssl-users] Using random bytes only in openssl_encrypt versus real private key
Viktor Dukhovni
openssl-users at dukhovni.org
Sun Sep 2 22:57:11 UTC 2018
> On Sep 2, 2018, at 6:51 PM, Jim Dutton <randomnoise058 at gmail.com> wrote:
>
> It is interesting to note that the openssl_private_encrypt function appears
> to require a "true" private key and either expects or defaults to RSA.
Not surprising, given the name and brief documentation.
> In both cases neither PHP-OpenSSL nor OpenSSL documentation make these
> distinctions between the two "encrypt" functions.
Private key encryption is a low-level primitive that is fragile in
non-expert hands. Avoid if you're not steeped in cryptographic
lore. Use a higher-level protocol that makes use of such primitives
internally.
--
Viktor.
More information about the openssl-users
mailing list