php 7.2 -- libsodium

in #note-timknip7 years ago (edited)

这几天打算把php升级到7.2,因为原生支持Sodium

https://3v4l.org/hnRor 这个在线编译器可以验证不同php版本和hhvm的运行结果,很棒


https://wiki.php.net/rfc/libsodium https://dev.to/paragonie/php-72-the-first-programming-language-to-add-modern-cryptography-to-its-standard-library

**No matter how you feel about PHP, the reality is that PHP is the first programming language to commit to modern cryptography in its standard library, coming in version 7.2.0.
**
What is Modern Cryptography?

A cryptography library can be said to be modern if it meets two requirements:

Uses fast primitives designed to resist side-channel cryptanalysis (e.g. timing leaks, padding oracles).
Exposes a high-level API that is simple and secure-by-default.

Secure Primitives

If you implement public key encryption and digital signatures in OpenSSL and Golang, you're forced to choose between RSA and NIST ECC. Neither is a good choice.

Very few developers can get RSA right:
    e = d = 1
    Invites developers to implement RSA-ECB
    PKCS1v1.5 padding
NIST's Elliptic Curve Cryptography
    Invalid curve attacks, which gives away your secret key via the Chinese Remainder Theorem if an attacker submits (x, y) coordinates that aren't on the curve
    In the case of ECDSA (before RFC 6979), repeated k values for ECDSA signatures gave away your secret keys
    NIST Curves aren't rigid

Modern cryptography requires the use of secure primitives. For public key crpytography, that means the primitives outlined in RFC 7748 and RFC 8032. For symmetric cryptography, that means using authenticated encryption at all times.

NIST curves (P-256, etc.) do not qualify as modern cryptography (although their presence in a library doesn't automatically disqualify either).

Libsodium's primitives include:

X25519 (Elliptic Curve Diffie-Hellman over Curve25519)
Ed25519 (Edwards-curve Digital Signature Algorithm over Curve25519)
Xsalsa20poly1305 (authenticated symmetric-key encryption that performs well in software and doesn't have cache-timing vulnerabilities like software AES)
BLAKE2 (based on the SHA3 finalist that performs faster than MD5 in software but is more secure than SHA256)
Argon2 (password hashing and key derivation function)
SipHash-2-4 (fast hash for hash tables and similar data structures)
ChaCha20-Poly1305 (authenticated encryption with associated data)

But you'll likely not need to worry about these details, because it also provides a...
Simple and Secure High-Level API

To facilitate public-key encryption in libsodium, you just need the following:

// Some example variables:
$alice_ecdh_secret =
"\x69\xf2\x08\x41\x2d\x8d\xd5\xdb\x9d\x0c\x6d\x18\x51\x2e\x86\xf0" .
"\xec\x75\x66\x5a\xb8\x41\x37\x2d\x57\xb0\x42\xb2\x7e\xf8\x9d\x8c";
$bob_ecdh_public =
"\xe8\x98\x0c\x86\xe0\x32\xf1\xeb\x29\x75\x05\x2e\x8d\x65\xbd\xdd" .
"\x15\xc3\xb5\x96\x41\x17\x4e\xc9\x67\x8a\x53\x78\x9d\x92\xc7\x54";
$message_keypair = sodium_crypto_box_keypair_from_secretkey_and_publickey(
$alice_ecdh_secret,
$bob_ecdh_public
);
$plaintext = "This is a secret message for your eyes only.";
$nonce = random_bytes(24);

// And now for the actual public-key encryption step:
$ciphertext = sodium_crypto_box($plaintext, $nonce, $message_keypair);

To decrypt a message:

$received = sodium_crypto_box_open(
$received_ciphertext,
$received_nonce,
$message_keypair
);

What does this mean for me?

If you develop in PHP and can upgrade to 7.2 when it comes out, you get to enjoy modern cryptography as a part of the language itself. It will now be possible to design software that uses Ed25519 digital signatures (e.g. for automatic security updates) without requiring users to install an optional PHP extension.

#busy
7 years ago in #note-timknip by
$1.74
  • Past Payouts $1.74
  • - Author $1.35
  • - Curators $0.40
18 votes
Reply 1
Sort:  
  • Trending