Am 12.12.16 um 16:26 schrieb Sammy Kaye Powers: > Hey internals! > > As pointed out in Paragon's excellent blog post, > openssl_public_encrypt() & openssl_private_decrypt() defaults to the > insecure OPENSSL_PKCS1_PADDING constant. > > https://paragonie.com/blog/2016/12/everything-you-know-about-public-key-encryption-in-php-is-wrong#php-openssl-rsa-bad-default > > What are your thoughts about deprecating OPENSSL_PKCS1_PADDING and > using OPENSSL_PKCS1_OAEP_PADDING as the new default?
Is that backwards compatible? I'm thinking of decrypting data that was
encrypted with the "old" settings...
I just tested this:
<?php
openssl_public_encrypt('Testdata', $crypted, $pubKey,
OPENSSL_PKCS1_OAEP_PADDING);
openssl_private_decrypt($crypted, $decrypt, $privateKey));
var_Dump($decrypt);
// NULL
while this works as expected:
<?php
openssl_public_encrypt('Testdata', $crypted, $pubKey,
OPENSSL_PKCS1_OAEP_PADDING);
openssl_private_decrypt($crypted, $decrypt, $privateKey,
OPENSSL_PKCS1_OAEP_PADDING));
var_Dump($decrypt);
// string(8) "Testdata"
So it looks like you're out of luck with your already encrypted data
when the default-padding is changed. And I suppose that those that used
the default aren't aware of that information being a vital part.
And on a first glance I couldn't find a way of retrieving the used
padding from the data. So there might be no way of retrieving that
information other than by guessing/decrypting using all possible
paddings until a valid value is returned...
Just my 0.02 €
Cheers
Andreas
--
,,,
(o o)
+---------------------------------------------------------ooO-(_)-Ooo-+
| Andreas Heigl |
| mailto:[email protected] N 50°22'59.5" E 08°23'58" |
| http://andreas.heigl.org http://hei.gl/wiFKy7 |
+---------------------------------------------------------------------+
| http://hei.gl/root-ca |
+---------------------------------------------------------------------+
smime.p7s
Description: S/MIME Cryptographic Signature
