search

paragonie / EasyRSA

Simple and Secure Wrapper for phpseclib
https://paragonie.com
MIT License
198 stars 34 forks source link

EasyRSA creates .rnd file in website root #16

Open marijndegen opened 5 years ago

marijndegen commented 5 years ago

Whenever I run the following code, everything will work as planned, but a .rnd file is created in my /public folder. I use this secure wrapper in combination with the laravel framework. Is there a way to alter the folder where this file is created or disable the creation? For clients will be able to download the .rnd file when they enter the adres /.rnd

<?php

namespace App\Http\Controllers;

use Illuminate\Http\Request;
use ParagonIE\EasyRSA\KeyPair;
use ParagonIE\EasyRSA\EasyRSA;

class Rsacontroller extends Controller
{
    public function generateKeyPair()
    {
        $keyPair = KeyPair::generateKeyPair(4096);

        $secretKey = $keyPair->getPrivateKey();
        $publicKey = $keyPair->getPublicKey();

        var_dump($secretKey->getKey());
        echo "<br><br><br><br>";
        var_dump($publicKey->getKey());

        $message = "test";

        $ciphertext = EasyRSA::encrypt($message, $publicKey);

        $plaintext = EasyRSA::decrypt($ciphertext, $secretKey);

        echo "<br><br><br><br><br>";

        echo $ciphertext;

        echo "<br><br><br><br>";

        echo $plaintext;
    }
}
paragonie-scott commented 5 years ago

Very strange. https://serverfault.com/a/892094/234383

This is an OpenSSL-specific behavior. I'm not sure how to disable it.

The best solution may be to move to ext/sodium instead.