On 2/13/25 06:51, Paragon Initiative Enterprises Security Team wrote:
OpenSSL 3 introduced a KEM API, which is an abstraction for the kinds
of cryptographic operations used by the NIST post-quantum cryptography
standards (i.e., FIPS-203).
KEM stands for "Key Encapsulation Mechanism". It's the preferred way
to do asymmetric cryptography. Even RSA-KEM is safer than how most
people experience RSA encryption.
The relevant functions are EVP_PKEY_encapsulate() and
EVP_PKEY_decapsulate().
https://github.com/openssl/openssl/blob/4b4333ffcc8e4ecbf5c70214769c77c7a1bb684f/crypto/evp/kem.c#L225
https://github.com/openssl/openssl/blob/4b4333ffcc8e4ecbf5c70214769c77c7a1bb684f/crypto/evp/kem.c#L262
Currently, these APIs only seem to support classical cryptography
(ECC, RSA), but that is one of the APIs that will enable post-quantum
cryptography for software using OpenSSL in the future.
We intend to send a pull request later this year to include PHP
functions in the OpenSSL extension that look like this:
function openssl_kem_encaps(OpenSSLAsymmetricKey $pk): array;
// 0 -> shared secret (typically 32 bytes)
// 1 -> KEM ciphertext for decaps
function openssl_kem_decaps(OpenSSLAsymmetricKey $sk, string
$kemCiphertext): string;
// Returns a shared secret or throws an exception upon decryption
failure.
I don't know if this change needs an RFC or not, but I wanted to start
the discussion just in case.
Security Team
Paragon Initiative Enterprises <https://paragonie.com/security>
--
I, for one, would love to see this land and also view it as natural
evolution of support for OpenSSL within PHP. Which is to say, I don't
think an RFP would be necessary here and we should just work to add this
support moving forward.
