On Tue, Aug 4, 2015 at 4:13 AM, Lauri Kenttä <lauri.ken...@gmail.com> wrote:
> On 2015-08-03 23:54, Scott Arciszewski wrote:
>>
>> $AES = new \PCO\Symmetric('openssl:cipher=AES-128');
>
>
> It would be great if you could just ask for cipher=AES-128 without
> explicitly specifying the provider (openssl).
>
> --
> Lauri Kenttä
Hi Lauri,
That's a good suggestion that has come up before in the draft discussion.
We're still discussing the DSN string for the constructor. These are
what the options look like, currently:
* ":cipher=AES-256;mode=GCM" should use whatever driver allows
aes-256-gcm`or throw an exception if none are available
* "openssl:cipher=AES-256;mode=GCM" should use specifically openssl
for aes-256-gcm, and throw an exception if openssl is not installed
* "libsodium" should use libsodium (or throw an exception if it's not
installed) in the default configuration
* "openssl" should use openssl in a secure, sane default
* "openssl:cipher=AES-128;mode=ECB" should throw an exception because
we do not allow secure modes
* "openssl:cipher=AES-128;hash=SHA256" should use AES-128-CTR with HMAC-SHA-256
* "openssl:cipher=AES-192;mode=CBC;hash=SHA384" should use AES-192-CBC
with HMAC-SHA-384
Version and configuration information (not what is passed, but what is
used) will be stored in the first few bytes of ciphertext output.
Cheers,
Scott Arciszewski
Chief Development Officer
Paragon Initiative Enterprises <https://paragonie.com>
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
