Lauri, On Tue, Aug 4, 2015 at 9:12 AM, Lauri Kenttä <lauri.ken...@gmail.com> wrote: > On 2015-08-04 14:54, Scott Arciszewski wrote: >> >> we do not allow secure modes > > > I hope that was a typo... ;)
Indeed, it was not. The concept for this (I've been working with Scott on it) is that this should be a high-level abstraction. And any good high level abstraction should make assumptions for its users. One of them is that they want to be secure. If you want to build an insecure cipher, the primitives will still exist (openssl/etc). > On 2015-08-04 14:54, Scott Arciszewski wrote: >> >> Version and configuration information (not what is passed, but what is >> used) will be stored in the first few bytes of ciphertext output. > > > Will this information be specific to the driver or to PCO, or is it possible > to use other software for decryption? Will the API have a way to decrypt > data based on that information (that is, without passing a DSN to the > constructor)? How about producing a human-readable DSN of the relevant > and/or all used settings to solve both of these cases? Rather than human readable (since that would consume a lot of space in the resulting ciphertext), I'd suggest a formalized open specification of the storage formats. Similar to the headers used by TLS and other formats. That way anyone can build to the specification, which would be maintained along side the implementation. So something like: byte 0 : Version identifier Version 1: byte 1 : cipher identifier byte 2 : mode identifier byte 3 : authmode identifier byte 4-8 : cipher-specific settings At least that's my thoughts. Anthony -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php