I hesitate to mention this because I don't want to get stuck in a corner here, but I've been working on and off on a PHP encryption extension for precisely the reasons you mention. I'm using Crypto++, a public domain crypto library written in C++.
A few months back, I was faced with a somewhat similar situation as yours. Basically, I working on getting PHP to produce ciphertext that was compatible with Microsoft's Crypto API for Windows. Unfortunately, the API uses a bunch of non-standard ASNs and such (naturally) so incompatibility forced me to look into other crypto libraries. Basically, I was trying to secure Windows Media Services without having to shell out for full-on DRM by passing encrypted timestamps embedded in URLs from PHP to WMS. The goal was to prevent users from posting links and such to the video server, as they wouldn't get anywhere because the URLs would only work within a certain timeframe, hence the encrypted timestamps. Naturally, mcrypt couldn't produce anything remotely compatible with the non-standard MS crypto API. So I was off to find something I could wrap in a PHP extension and use in a WMS plugin. Crypto++ seemed like a good choice, as it compiles fine on UNIX-y systems as well as win32. (And without the need for cygwin, which was a key factor.) Right now, that project is kind of on the backburner, but I have a bit of a framework going now, so it's coming along. All I've done so far is wrap a couple of extra C++ classes around Crypto++ to make it a bit easier to use, which will then have interfaces to the C code in the PHP engine. I have a number of cipher algorithms working so far, such as Rijndael, blowfish and three way, and have a number of cipher modes working. (ECB, padded CBC, etc.) I have no idea of how much longer I'll be working on the extension as I have a ton of other stuff to do, but I'll keep plugging away at it. No idea what kind of timeframe I'm looking at, or even if I'll finish it, just thought I'd mention that there is a bit of work being done on a cross-platform crypto extension for PHP. J Brent R. Matzelle wrote: > --- [EMAIL PROTECTED] wrote: >> Hey, >> >> why not simply use the mcrypt functions available in PHP? > > I will tell you why. Mcrypt is nearly useless for developers like > myself who develop PHP applications for both *NIX and win32 > platforms. The mcrypt libraries are not distributed with the Windows > binaries package and I have tried to build them myself only to find > that you need Cygwin, which is an unacceptable dependency. > > I have been looking for months for a standard method to perform > encryption with PHP and have only found php_blowfish > (http://www.brisse.dk/linux/phpext/blowfish.htm) as a reasonable > alternative that runs on both *NIX and win32 without many problems. > Unfortunately this module is not distributed with PHP so I am nervous > basing my software on it. > > I require two way encryption so that I can store passwords in a > database to prevent unscrupulous database administrators from > stealing them so it is extremely important to my business. > > If anyone has any input on this issue I would be delighted to hear > it. > > Warm regards, > > Brent > -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, visit: http://www.php.net/unsub.php
