Closed paragonie-scott closed 6 years ago
Please update me when added.
You mean $rsa->setPassword($mypassword) ?
This is why I had to use phpseclib directly instead of EasyRSA.
@oisvidi And this is exactly what I told @paragonie-scott that is a missing feature in EasyRSA!
Setting a password only makes any sense at all when reading/writing the key to disk. I'll need to make a key container (like Halite has) before v1.0.0 and make the library use that instead.
Is it now added and released? Ir when will be added?
No, it's not yet.
To clarify the current situation: EasyRSA is a much lower priority for me than Halite, since 2048-bit RSA has much weaker security guarantees than Ed25519. (We're talking about 65,000 times weaker, with more possible implementation foot-cannons and a wide attack surface for side-channels.)
If you're thinking about using RSA to solve a problem, you're almost certainly better off installing libsodium.
Now that defuse/php-encryption 2.0.0 is out, I'll see about loading password-protected keys.
I see no reason, no need to use EasyRSA vs. phpseclib. I'd go with phpseclib.
The main reason to use EasyRSA over phpseclib is that encrypting a large amount of text with RSA is perilous, whereas encrypting a large amount of text with AES+HMAC then encrypting a 256-bit key with RSA is much safer.
If you want to build your own hybrid cryptosystem out of phpseclib's primitives, feel free. EasyRSA just makes it easier.
Note to Scott: ping the phpseclib team and ask if this is already implemented.