matching openssl's enc ciphers to php's openssl functions' ciphers: where's "chacha20-poly1305"?

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

matching openssl's enc ciphers to php's openssl functions' ciphers: where's "chacha20-poly1305"?

PGNet Dev-6
I'm deploying a php app that makes use of php's openssl functions

        https://www.php.net/manual/en/ref.openssl.php

atm, I've

        php -v
                PHP 7.4.8 (cli) (built: Jul  9 2020 08:57:23) ( NTS )
        openssl version
                OpenSSL 1.1.1g FIPS  21 Apr 2020

The php app config defaults to an encryption method of

        $config['cipher_method'] = 'DES-EDE3-CBC';

for encrypting a session pwd,

        This key is used to encrypt the users imap password which is stored
        in the session record.

I'd like to change that to a CHACHA20 variant.

As listed by

        https://www.php.net/manual/en/function.openssl-get-cipher-methods.php

the list of php-supported openssl ciphers includes

    [92] => chacha20
    [93] => chacha20-poly1305

double checking available encryption ciphers @ openssl

        openssl enc -ciphers

only lists

        -chacha20

not the add'l,

        -chacha20-poly1305

why is this^^ variant not shown?

am I comparing apples & oranges here, looking at the wrong lists?

perhaps just aliases for a singular cipher?

Reply | Threaded
Open this post in threaded view
|

Re: matching openssl's enc ciphers to php's openssl functions' ciphers: where's "chacha20-poly1305"?

PGNet Dev-6
On 8/13/20 3:03 PM, Thomas Dwyer III wrote:

> I think you want "openssl ciphers" rather than "openssl enc -ciphers". Per the "enc" man page:

>

>         The enc program does not support authenticated encryption modes like

>         CCM and GCM, and will not support such modes in the future.

>

> chacha20-poly1305 is an authenticated cipher. OpenSSL supports it but the enc command line utility does not.


got it.  thx!