[openssl-users] Using random bytes only in openssl_encrypt versus real private key

Jim Dutton randomnoise058 at gmail.com
Sun Sep 2 23:41:17 UTC 2018

I have been using the examples given in the PHP-openssl_encrypt documentation
for AEAD with PHP 7 or a suitable emulation of that using HMAC with PHP 5. Being
very familiar with security issues and functionality I automatically started
using an elliptical curve private key as the "key" after reading about the
benefits of EC keys versus RSA and the like. Then thinking about this, doing
some experimentation, and looking at source code and documentation, began to
realize that the usage of "key" in these examples and documentation may not have
always/really intended to mean "generated private key". Somewhat of a semantic

On 09/02/2018 17:08, Viktor Dukhovni wrote:
>> On Sep 2, 2018, at 7:48 AM, Jim Dutton <randomnoise058 at gmail.com> wrote:
>> It appears that the (PHP) openssl_encrypt function will accept a string of
>> random bytes as the encryption key in place of a generated private key.
> This is an interface to data encryption with the OpenSSL *symmetric*
> encryption algorithms, and so the concept of a "private key" does not
> apply in this context.  For most of these algorithms a key is just a
> random bit-string of the correct length.
> Some algorithms like DES had parity bits and weak keys, but DES is
> obsolete, and more modern algorithms don't have these features.
>> It
>> works without any errors or warnings. So does the openssl_decrypt function.
> Keep in mind that without a MAC, this interface does not provide much by
> way of integrity protection ("padding" gives false positives with non-negligible
> probability).
>> This begs the question: what does openssl_encrypt actually do with just a string
>> of random bytes passed as the "key".
> It encrypts the data as requested with the given key and IV or authentication
> tag.
>   http://php.net/manual/en/function.openssl-encrypt.php

More information about the openssl-users mailing list