Is your feature request related to a problem? Please describe.
The use of cryptographic functions still requires too much effort to achieve the simplest goals.
Encryption within a Joomla installation with a default key.
Encryption for import/export across different Joomla installations with a password.
Describe the solution you'd like
Symmetric encryption is sufficient and more advantageous for many applications.
Creation of a standard key in the installation process based on the secret from the config.
Cryptographic functions use the standard key if no key has been provided.
Extension of the class for encryption with password.
The Crypt class should take over the complete process so that no security-relevant data or processes take place outside the class.
Additional context
Input and output should always be sodium_bin2base64 with SODIUM_BASE64_VARIANT_URLSAFE. This avoids errors during storage and transmission.
Use of sodium_memzero for more security.
For future-proof functionality, the length of the bytes used should be included in the output (for example: SODIUM_CRYPTO_PWHASH_SALTBYTES, SODIUM_CRYPTO_SECRETBOX_NONCEBYTES, ...)
This ensures that the correct number of bytes will always be used for decryption in future versions of PHP and that encryption can be carried out with a new byte length if necessary.
Is your feature request related to a problem? Please describe.
The use of cryptographic functions still requires too much effort to achieve the simplest goals. Encryption within a Joomla installation with a default key. Encryption for import/export across different Joomla installations with a password.
Describe the solution you'd like
Symmetric encryption is sufficient and more advantageous for many applications. Creation of a standard key in the installation process based on the secret from the config. Cryptographic functions use the standard key if no key has been provided. Extension of the class for encryption with password.
The Crypt class should take over the complete process so that no security-relevant data or processes take place outside the class.
Additional context
Input and output should always be sodium_bin2base64 with SODIUM_BASE64_VARIANT_URLSAFE. This avoids errors during storage and transmission. Use of sodium_memzero for more security. For future-proof functionality, the length of the bytes used should be included in the output (for example: SODIUM_CRYPTO_PWHASH_SALTBYTES, SODIUM_CRYPTO_SECRETBOX_NONCEBYTES, ...) This ensures that the correct number of bytes will always be used for decryption in future versions of PHP and that encryption can be carried out with a new byte length if necessary.