ID: 31945 Updated by: [EMAIL PROTECTED] Reported By: ungdi at hotmail dot com -Status: Open +Status: Feedback Bug Type: OpenSSL related Operating System: Windows Server 2003 PHP Version: 5.0.3 New Comment:
We do just what the openssl utility does itself. Please submit a patch that implements this feature, and we'll gladly apply it. Previous Comments: ------------------------------------------------------------------------ [2005-02-12 08:45:46] ungdi at hotmail dot com Description: ------------ Currently, the openssl_pkcs7_encrypt() function as according to the documentation here: http://www.php.net/manual/en/function.openssl-pkcs7-encrypt.php Requires that the unencrypted input be a file already on the file system. This forces any PHP program having to output any form submission contents (destined to be an encrypted S/MIME e-mail) into the file system before encryption. After encryption is complete, it will be necessary to delete the file from the disk. This method makes it trivial to recover the unencrypted information from the file on the disk through an undelete command or access of the drive data. Also, this causes the function to expose the unencrypted data on the disk to the whole system temporarily. During this window where the data is being encrypted, after the unencrypted data has been written to a file, it allows other programs or users to access the file and its unencrypted contents making it trivial to intercept the data being encrypted. The function should be made to allow a string/data to be passed directly to the function without going through the file system. By allowing direct passing of the string to be encrypted to the openssl_pkcs7_encrypt() function, this decreases the surface area (possibility) and time frame in which someone can recover/access the unencrypted information. Reproduce code: --------------- Not applicable. Expected result: ---------------- Not applicable. Actual result: -------------- Not applicable. ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=31945&edit=1
