> On Sep 2, 2018, at 7:48 AM, Jim Dutton <randomnoise058@xxxxxxxxx> wrote:
>
> It appears that the (PHP) openssl_encrypt function will accept a string of
> random bytes as the encryption key in place of a generated private key.
This is an interface to data encryption with the OpenSSL *symmetric*
encryption algorithms, and so the concept of a "private key" does not
apply in this context. For most of these algorithms a key is just a
random bit-string of the correct length.
Some algorithms like DES had parity bits and weak keys, but DES is
obsolete, and more modern algorithms don't have these features.
> It
> works without any errors or warnings. So does the openssl_decrypt function.
Keep in mind that without a MAC, this interface does not provide much by
way of integrity protection ("padding" gives false positives with non-negligible
probability).
> This begs the question: what does openssl_encrypt actually do with just a string
> of random bytes passed as the "key".
It encrypts the data as requested with the given key and IV or authentication
tag.
http://php.net/manual/en/function.openssl-encrypt.php
--
Viktor.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
