It appears that the (PHP) openssl_encrypt function will accept a string of random bytes as the encryption key in place of a generated private key. It works without any errors or warnings. So does the openssl_decrypt function. This begs the question: what does openssl_encrypt actually do with just a string of random bytes passed as the "key". I can't find anything in the OpenSSL or PHP/openssl source code that clearly identifies any particular action specifically related to a string of random bytes used as the encryption key, other than requiring a correct key length. Does it fall back to some internal default? If so - I cannot find it. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
