Closed paragonie-scott closed 8 years ago
$crypto = new \PCO\Asymmetric('openssl'); // should work, but
$crypto = new \PCO\Asymmetric('openssl:cipher=AES'); // should this fail?
I would have it fail, if only for not specifying the variant of AES (should be openssl:cipher=AES-128
)
I've updated the OP. That makes more sense than separating the keysize
out as a second option.
$crypto = new \PCO\Asymmetric('openssl'); // should work, but
$crypto = new \PCO\Asymmetric('openssl:cipher=AES-128'); // should this fail?
@ircmaxell What about making it assume you want AES-128 and throw a notice?
I wouldn't raise a notice. If we want to default to AES-128, that's fine. Just make that the default.
Updated the OP. I agree that AES should map to AES-128 since simply "openssl" is a sane default.
Since we are using DSN-like strings for the constructor, we should decide how they behave.
":cipher=AES-256;mode=GCM"
should use whatever driver allowsaes-256-gcm
or throw an exception if none are available"openssl:cipher=AES-256;mode=GCM"
should use specifically openssl foraes-256-gcm
, and throw an exception ifopenssl
is not installed"libsodium"
should use libsodium (or throw an exception if it's not installed) in the default configuration"openssl"
should use openssl in a secure, sane default"openssl:cipher=AES-128;mode=ECB"
should throw an exception because we do not allow secure modes"openssl:cipher=AES"
should useaes-128-ctr
withHMAC-SHA-256
"openssl:cipher=AES-128;hash=SHA256"
should useaes-128-ctr
withHMAC-SHA-256
Thoughts or contrary positions are welcome.