Closed KJLJon closed 6 years ago
Interesting. A quick scan turns up that AES-whatever + HMAC sha-1/sha-2 falls into the "probably OK, but why take a chance?" category.
Targeting PHP 5.5+, so hash_hkdf alone is not an option. BUT, it's a simple function. And support for alternate encryption cores (e.g. libsodium) would track well with polyfills, too.
This, by the way, is exactly why the exported key has a version number in it :). We can alter the HMAC and just bump the key version without affecting existing stores.
Looking good.
I am not a security expert, but I typically read that the HMAC and Encryption keys should be different.
A unique key can be derived from a hkdf function. If your targeting >= php 7 then you can use hash_hkdf()
What versions of PHP are you looking to support?