Open starekrow opened 6 years ago
You mean something like this?
return [
'message' => $message,
'cipher' => $this->cipher,
'data' => $this->data,
'options' => $options,
'iv' => $iv
];
Not exactly; I think the separation between the key (details of encryption) and the output of Lock (encrypted message) is fairly important. The most that Lock() should return is probably:
[
"iv" => $iv
,"mac" => $hmac
,"data" => $ciphertext
]
The other part should probably come from an Extract()
method or an optional argument to Export()
, to return:
[
"key" => $this->data
,"cipher" => $this->cipher
,"mac" => $this->mac
,"id" => $this->id
,"kdf" => "hdkf-sha-256"
]
This assumes that #5 is addressed and a configurable MAC is set up at some point in response to #11.
For improved interoperability,
CryptoKey
should have some facility for returning and accepting raw binary ciphertext and IVs.For example, update the signature of
Lock()
to accept a second argument$raw
. If true, return an array of [ "iv" => "...", "data" => "..." ]. Likewise,Unlock()
could accept such an array.