Using random bytes only in openssl_encrypt versus real private key

classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

Using random bytes only in openssl_encrypt versus real private key

Jim Dutton
It appears that the (PHP) openssl_encrypt function will accept a string of
random bytes as the encryption key in place of a generated private key. It
works without any errors or warnings. So does the openssl_decrypt function.

This begs the question: what does openssl_encrypt actually do with just a string
of random bytes passed as the "key". I can't find anything in the OpenSSL or
PHP/openssl source code that clearly identifies any particular action
specifically related to a string of random bytes used as the encryption key,
other than requiring a correct key length.

Does it fall back to some internal default? If so - I cannot find it.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Using random bytes only in openssl_encrypt versus real private key

OpenSSL - User mailing list
>    This begs the question: what does openssl_encrypt actually do with just a string
    of random bytes passed as the "key". I can't find anything in the OpenSSL or
    PHP/openssl source code that clearly identifies any particular action
 
There is no such name (git grep -I openssl_encrypt) in the OpenSSL source.  This is some PHP function that is calling underlying OpenSSL.  I would ask on the PHP forum(s) what it's doing.

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Using random bytes only in openssl_encrypt versus real private key

Viktor Dukhovni
In reply to this post by Jim Dutton


> On Sep 2, 2018, at 7:48 AM, Jim Dutton <[hidden email]> wrote:
>
> It appears that the (PHP) openssl_encrypt function will accept a string of
> random bytes as the encryption key in place of a generated private key.

This is an interface to data encryption with the OpenSSL *symmetric*
encryption algorithms, and so the concept of a "private key" does not
apply in this context.  For most of these algorithms a key is just a
random bit-string of the correct length.

Some algorithms like DES had parity bits and weak keys, but DES is
obsolete, and more modern algorithms don't have these features.

> It
> works without any errors or warnings. So does the openssl_decrypt function.

Keep in mind that without a MAC, this interface does not provide much by
way of integrity protection ("padding" gives false positives with non-negligible
probability).

> This begs the question: what does openssl_encrypt actually do with just a string
> of random bytes passed as the "key".

It encrypts the data as requested with the given key and IV or authentication
tag.

  http://php.net/manual/en/function.openssl-encrypt.php

--
        Viktor.

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Using random bytes only in openssl_encrypt versus real private key

Jim Dutton
OK - thanks for the feedback. It is interesting to note that the openssl_private_encrypt function appears to require a "true" private key and either expects or defaults to RSA. In both cases neither PHP-OpenSSL nor OpenSSL documentation make these distinctions between the two "encrypt" functions.

Sent from my iPad (on iOS11 with only a few lost apps) - J.Dutton

> On Sep 2, 2018, at 5:08 PM, Viktor Dukhovni <[hidden email]> wrote:
>
>
>
>> On Sep 2, 2018, at 7:48 AM, Jim Dutton <[hidden email]> wrote:
>>
>> It appears that the (PHP) openssl_encrypt function will accept a string of
>> random bytes as the encryption key in place of a generated private key.
>
> This is an interface to data encryption with the OpenSSL *symmetric*
> encryption algorithms, and so the concept of a "private key" does not
> apply in this context.  For most of these algorithms a key is just a
> random bit-string of the correct length.
>
> Some algorithms like DES had parity bits and weak keys, but DES is
> obsolete, and more modern algorithms don't have these features.
>
>> It
>> works without any errors or warnings. So does the openssl_decrypt function.
>
> Keep in mind that without a MAC, this interface does not provide much by
> way of integrity protection ("padding" gives false positives with non-negligible
> probability).
>
>> This begs the question: what does openssl_encrypt actually do with just a string
>> of random bytes passed as the "key".
>
> It encrypts the data as requested with the given key and IV or authentication
> tag.
>
>  http://php.net/manual/en/function.openssl-encrypt.php
>
> --
>    Viktor.
>
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Using random bytes only in openssl_encrypt versus real private key

Viktor Dukhovni


> On Sep 2, 2018, at 6:51 PM, Jim Dutton <[hidden email]> wrote:
>
> It is interesting to note that the openssl_private_encrypt function appears
> to require a "true" private key and either expects or defaults to RSA.

Not surprising, given the name and brief documentation.

> In both cases neither PHP-OpenSSL nor OpenSSL documentation make these
> distinctions between the two "encrypt" functions.

Private key encryption is a low-level primitive that is fragile in
non-expert hands.  Avoid if you're not steeped in cryptographic
lore.  Use a higher-level protocol that makes use of such primitives
internally.

--
        Viktor.

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Using random bytes only in openssl_encrypt versus real private key

Jim Dutton
In reply to this post by Viktor Dukhovni
I have been using the examples given in the PHP-openssl_encrypt documentation
for AEAD with PHP 7 or a suitable emulation of that using HMAC with PHP 5. Being
very familiar with security issues and functionality I automatically started
using an elliptical curve private key as the "key" after reading about the
benefits of EC keys versus RSA and the like. Then thinking about this, doing
some experimentation, and looking at source code and documentation, began to
realize that the usage of "key" in these examples and documentation may not have
always/really intended to mean "generated private key". Somewhat of a semantic
ambiguity.


On 09/02/2018 17:08, Viktor Dukhovni wrote:

>
>
>> On Sep 2, 2018, at 7:48 AM, Jim Dutton <[hidden email]> wrote:
>>
>> It appears that the (PHP) openssl_encrypt function will accept a string of
>> random bytes as the encryption key in place of a generated private key.
>
> This is an interface to data encryption with the OpenSSL *symmetric*
> encryption algorithms, and so the concept of a "private key" does not
> apply in this context.  For most of these algorithms a key is just a
> random bit-string of the correct length.
>
> Some algorithms like DES had parity bits and weak keys, but DES is
> obsolete, and more modern algorithms don't have these features.
>
>> It
>> works without any errors or warnings. So does the openssl_decrypt function.
>
> Keep in mind that without a MAC, this interface does not provide much by
> way of integrity protection ("padding" gives false positives with non-negligible
> probability).
>
>> This begs the question: what does openssl_encrypt actually do with just a string
>> of random bytes passed as the "key".
>
> It encrypts the data as requested with the given key and IV or authentication
> tag.
>
>   http://php.net/manual/en/function.openssl-encrypt.php
>

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Using random bytes only in openssl_encrypt versus real private key

Richard Levitte - VMS Whacker-2
In reply to this post by Jim Dutton
In message <[hidden email]> on Sun, 2 Sep 2018 06:48:09 -0500, Jim Dutton <[hidden email]> said:

> It appears that the (PHP) openssl_encrypt function will accept a string of
> random bytes as the encryption key in place of a generated private key. It
> works without any errors or warnings. So does the openssl_decrypt function.
>
> This begs the question: what does openssl_encrypt actually do with just a string
> of random bytes passed as the "key". I can't find anything in the OpenSSL or
> PHP/openssl source code that clearly identifies any particular action
> specifically related to a string of random bytes used as the encryption key,
> other than requiring a correct key length.

openssl_encrypt (and openssl_decrypt) does symmetric encryption, not
asymmetric, so private / public keys aren't involved, just an
encryption key that, as you noticed, can be any random bytes (although
they are usually generated from a passphrase using a secure key
derivation function).  For more information, I suggest you read the
PHP docs (which is essentially what I did):

http://php.net/manual/en/function.openssl-encrypt.php

Cheers,
Richard

--
Richard Levitte         [hidden email]
OpenSSL Project         http://www.openssl.org/~levitte/
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users