I am working on encryption and I am currently using an openssl_encrypt
solution to encrypt my data. Currently I am rewriting an old codebase that uses openssl_public_encrypt
and openssl_private_decrypt
.
Of course I will have to match the encryption that was used previously, but I am thinking about undoing the encrypted data and rewriting the encryption and decryption methods for it.
The downside with openssl_public_encrypt
values, is that they can not be larger than the certificate that is used for encryption. This downside does not exist for openssl_encrypt
.
http://php.net/manual/en/function.openssl-public-encrypt.php#55901
The workaround in the legacy code base was to glue encrypts pieces together to be able to encrypt large data. This seems pretty messy and intensive to me.
My current solution is using openssl_encrypt
with a simple generated key like Laravel would generate a key for it:
protected function generateRandomKey()
{
return 'base64:'.base64_encode(random_bytes(
$this->laravel['config']['app.cipher'] == 'AES-128-CBC' ? 16 : 32
));
}
This works brilliantly but with the old code base have chosen SSL certificates for encrypting/decrypting for a reason that I am yet not fully aware of.
What would be the advantage/disadvantage with openssl_encrypt
vs the public/private way?
I guess working with third parties you can provide them your public certificate, but you could just as well provide them your generated key.
If third parties(like a financial system) need access to encrypted they can decrypt it just as well.
In both cases you are supplying the key to decrypt your data.
I am hoping somebody can shed some light on why you would limit yourself to encrypt values no longer than your certificate so you could use the public/private openssl
functions.
Cheers.