Comments on: PHP public key cryptography using OpenSSL http://www.webtatic.com/blog/2009/07/php-public-key-cryptography/ Just another technical blog Wed, 03 Mar 2010 21:29:27 +0000 http://wordpress.org/?v=2.9.2 hourly 1 By: agesorder http://www.webtatic.com/blog/2009/07/php-public-key-cryptography/comment-page-1/#comment-296 agesorder Fri, 22 Jan 2010 15:17:19 +0000 http://www.webtatic.com/blog/2009/07/php-public-key-cryptography/#comment-296 You can have OpenSSL installed but no PHP module available, just as you can have MySQL installed but no PHP module available (indeed, you have to add the MySQLi extension to php.ini manually upon installation). It's annoying, but sometimes there just isn't much you can do about it. You can have OpenSSL installed but no PHP module available, just as you can have MySQL installed but no PHP module available (indeed, you have to add the MySQLi extension to php.ini manually upon installation). It’s annoying, but sometimes there just isn’t much you can do about it.

]]> By: Andy http://www.webtatic.com/blog/2009/07/php-public-key-cryptography/comment-page-1/#comment-287 Andy Thu, 14 Jan 2010 21:11:43 +0000 http://www.webtatic.com/blog/2009/07/php-public-key-cryptography/#comment-287 Yes, some shared hosts don't have it installed, but if you're dealing with sensitive data, you would be using https, so I'd expect hosting services that provide that would also provide more common extensions such as php-openssl. Also, it's in your hosting provider's interests to provide support so you can request that php-openssl be set up correctly if they have it installed. In my case, it was a dedicated server that I have full access to, and a default extension suited me better than a third-party cryptography library which I'd have to assess it's trustworthiness. After all, php-openssl uses the same library as the https connection uses. Yes, some shared hosts don’t have it installed, but if you’re dealing with sensitive data, you would be using https, so I’d expect hosting services that provide that would also provide more common extensions such as php-openssl.

Also, it’s in your hosting provider’s interests to provide support so you can request that php-openssl be set up correctly if they have it installed.

In my case, it was a dedicated server that I have full access to, and a default extension suited me better than a third-party cryptography library which I’d have to assess it’s trustworthiness.

After all, php-openssl uses the same library as the https connection uses.

]]> By: agesorder http://www.webtatic.com/blog/2009/07/php-public-key-cryptography/comment-page-1/#comment-283 agesorder Thu, 14 Jan 2010 04:08:47 +0000 http://www.webtatic.com/blog/2009/07/php-public-key-cryptography/#comment-283 If you're trying to write a portable app, I would avoid using php-openssl. 1. php-opensl isn't installed on a lot of shared hosts in my experience. 2. php-openssl doesn't fail gracefully. You can test to see if the extension's installed by using extension_loaded() but that's not enough - there needs to be a openssl.cnf file as well. 3. You can only load public keys if they're contained within an X.509 certificate. openssl_pkey_get_details() provides you with a non-X.509 encoded public key but php-openssl doesn't provide you with any mechanism to actually load it since it's not contained within an X.509 certificate. My own personal recommendation would be to use phpseclib's Crypt_RSA implementation: http://phpseclib.sourceforge.net/ If you’re trying to write a portable app, I would avoid using php-openssl.

1. php-opensl isn’t installed on a lot of shared hosts in my experience.

2. php-openssl doesn’t fail gracefully. You can test to see if the extension’s installed by using extension_loaded() but that’s not enough – there needs to be a openssl.cnf file as well.

3. You can only load public keys if they’re contained within an X.509 certificate. openssl_pkey_get_details() provides you with a non-X.509 encoded public key but php-openssl doesn’t provide you with any mechanism to actually load it since it’s not contained within an X.509 certificate.

My own personal recommendation would be to use phpseclib’s Crypt_RSA implementation:

http://phpseclib.sourceforge.net/

]]> By: Andy http://www.webtatic.com/blog/2009/07/php-public-key-cryptography/comment-page-1/#comment-228 Andy Mon, 09 Nov 2009 08:06:55 +0000 http://www.webtatic.com/blog/2009/07/php-public-key-cryptography/#comment-228 Yes, as long as you have php-openssl installed on both systems, their keys and data should work between them. Yes, as long as you have php-openssl installed on both systems, their keys and data should work between them.

]]> By: Alessandro http://www.webtatic.com/blog/2009/07/php-public-key-cryptography/comment-page-1/#comment-220 Alessandro Fri, 30 Oct 2009 15:59:40 +0000 http://www.webtatic.com/blog/2009/07/php-public-key-cryptography/#comment-220 Hi, do you think that this method could work also between different os? Example: I create the public and private file in Linux but I have to use the public file into Windows's enviroment. Thanks Alessandro Hi, do you think that this method could work also between different os? Example: I create the public and private file in Linux but I have to use the public file into Windows’s enviroment.
Thanks

Alessandro

]]>