search

paragonie / EasyRSA

Simple and Secure Wrapper for phpseclib
https://paragonie.com
MIT License
198 stars 34 forks source link

Ephemeral key should be "Symmetric key agreement key" #3

Closed jimmykane closed 8 years ago

jimmykane commented 8 years ago

Hi there guys,

Lately we started using your library for some convenience methods for storing encrypted data. Great work!

To the point. In the encrypt/decrypt method you name the generated key as ephemeral which is incorrect according to key cryptography, as far as I know, and should be named: "Symmetric key agreement key" according to wiki

paragonie-scott commented 8 years ago

We're not doing Diffie Hellman there. This is the process the library follows.

  1. Generate random AES key.
  2. Encrypt message using Defuse Security's library
  3. Encrypt the AES key with the RSA public key.
  4. Store both ciphertexts into a string.
jimmykane commented 8 years ago

Thanks. Clear enough.