Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Proposal for "openssl_encrypt" #3761

Open
galaxiesFarApart opened this issue Sep 18, 2024 · 6 comments
Open

Proposal for "openssl_encrypt" #3761

galaxiesFarApart opened this issue Sep 18, 2024 · 6 comments

Comments

@galaxiesFarApart
Copy link 

          Proposal for "openssl_encrypt"

Change the initial function description:
"Encrypts given data with given method and key, returns a raw or base64 encoded string"
to
"Encrypts given data with given method and passphrase, returns a raw or base64 encoded string"

================================================

Proposal for "openssl_decrypt"

Change the initial function description:
"Takes a raw or base64 encoded string and decrypts it using a given method and key."
to
"Takes a raw or base64 encoded string and decrypts it using a given method and passphrase."

Change the Parameter definition of "passphrase":
"The key."
to
"The passphrase. If the passphrase is shorter than expected, it is silently padded with NUL characters; if the passphrase is longer than expected, it is silently truncated."

Originally posted by @galaxiesFarApart in #3738 (comment)
@cmb69
Copy link
Member

cmb69 commented Sep 18, 2024

I still think that in the context of symmetric encryption, "key" is more appropriate than "passphrase". I hope someone can clarify this.

@damianwadley
Copy link
Member

Every definition of "passphrase" I can see talks about it in terms of human language words that function like a password;

In other words, no, it does not make sense to use the word "passphrase" in this context of things that are very much meant to be cryptographically secure.

What about "key"? Consider the following:
image

So "key" is the correct term and the docs should not use "passphrase".

@cmb69
Copy link
Member

cmb69 commented Sep 18, 2024

Then I'd go with "key" instead of "passphrase" for symmetric encryption. It seems to me that for asymetric encryption, the usage of "passphrase" is appropriate when referring to the passphrase which is used to unlock an SSH key, for example. So from quickly skimming openssl.stub.php, the only wrongly named parameters are those for openssl_encrypt() and openssl_decrypt(). However, since we cannot change the parameter name for BC reasons, I suggest to clarify this in the parameter description.

@bukka
Copy link
Member

bukka commented Sep 23, 2024

Except it's not key either because it's getting modified currently (padded with zeros or truncated). Although it's not passphrase either really but the name is there and changing that would be a BC break (named param) so I think we need to stick with passphrase. I added a note about KDF not being used and created a PR: #3774

@JayEn84
Copy link

JayEn84 commented Oct 22, 2024

I found this issue after I just saw on https://www.php.net/manual/en/function.openssl-encrypt.php that the changed documentation of $passphrase is now also the documentation of $iv. I think that $iv is something else and that its documentation was changed by mistake, right?

grafik

@cmb69
Copy link
Member

cmb69 commented Oct 22, 2024

@JayEn84, should be fixed with #3887.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@bukka @cmb69 @JayEn84 @damianwadley @galaxiesFarApart