nimasdj
commented
8 years ago Please update me when added.
Closed paragonie-scott closed 6 years ago
nimasdj
commented
8 years ago Please update me when added.
oisvidi
commented
8 years ago You mean $rsa->setPassword($mypassword) ?
This is why I had to use phpseclib directly instead of EasyRSA.
nimasdj
commented
8 years ago @oisvidi And this is exactly what I told @paragonie-scott that is a missing feature in EasyRSA!
paragonie-scott
commented
8 years ago Setting a password only makes any sense at all when reading/writing the key to disk. I'll need to make a key container (like Halite has) before v1.0.0 and make the library use that instead.
nimasdj
commented
8 years ago Is it now added and released? Ir when will be added?
paragonie-scott
commented
8 years ago No, it's not yet.
To clarify the current situation: EasyRSA is a much lower priority for me than Halite, since 2048-bit RSA has much weaker security guarantees than Ed25519. (We're talking about 65,000 times weaker, with more possible implementation foot-cannons and a wide attack surface for side-channels.)
If you're thinking about using RSA to solve a problem, you're almost certainly better off installing libsodium.
paragonie-scott
commented
8 years ago Now that defuse/php-encryption 2.0.0 is out, I'll see about loading password-protected keys.
nimasdj
commented
8 years ago I see no reason, no need to use EasyRSA vs. phpseclib. I'd go with phpseclib.
paragonie-scott
commented
7 years ago The main reason to use EasyRSA over phpseclib is that encrypting a large amount of text with RSA is perilous, whereas encrypting a large amount of text with AES+HMAC then encrypting a 256-bit key with RSA is much safer.
If you want to build your own hybrid cryptosystem out of phpseclib's primitives, feel free. EasyRSA just makes it easier.
Note to Scott: ping the phpseclib team and ask if this is already implemented.