PHP 7.2: The First Programming Language to Add Modern Cryptography to its Standard Library

Scott Arciszewski on February 12, 2017

Last week, the voting phase closed on an RFC to add libsodium to PHP 7.2. The result was unanimous (37 in favor, 0 against... [Read Full]
markdown cheatsheet

I quite like this, but couldn't they come up with a better function name than
sodium_crypto_box_keypair_from_secretkey_and_publickey()?

I agree, this function name is so short, can be longer. :P

does it REALLY need to be that long?
I mean sodium_dh_create() would work too.

The long function name was probably chosen to increase security by obscurity (joking) :-)

Wow, this is probably the longest function name ever.

8th has had built-in crypto, using AES+GCM by default, since its inception.

hope it's also simple to use. having to work with objects and bla bla bla isnt needed imo.

the most simple would be just
put in message and key and it will automatically do IV, and all the other needed stuff for AESGCM.

It does do all that pretty much. It's not an OOP language.

For example:

"some plaintext" "mypassword" "salt" 100 cr:genkey
cr:>encrypt cr:encrypt>

After that, you'll have an AES+GCM+256 encrypted buffer. You could also have skipped all the "mypassword"... genkey by using cr:randkey ... but then you would need to store that key somewhere.

If you choose to use CTR mode, you need to supply an IV, but the default is GCM.

Oh, and the reason there are two encrypt words there, is that one starts encryption and the other ends it. You can keep adding stuff to be encrypted, so for example you could encrypt a very large data stream on the fly if you wanted.

Unfortunately:

  1. 8th isn't really a well-known language. It's not even in the less than 0.1% section of the server-side or client-side lists.
  2. According to your manual, you're still offering RSA for public-key encryption. (It doesn't specify which mode you're using but hopefully it isn't PKCS1v1.5.) This disqualifies 8th for being modern crypto. You want ECDH over a twist-secure Montgomery curve, preferably Curve25519 or Curve448.

Thank you so much, I wasted roughly 12 hours trying to get something to work where python signed a message that a PHP script on a different machine could properly and safely verify. I was messing around with phpecc (github project) and other stuff and was getting rather frustrated.

Saw the post on libsodium in php 7.2, built the PECL module for PHP 7.1 and the python library pysodium - and within an hour had something that actually worked with very little code.

Again, thank you so much. With the convoluted stuff I was trying, I was really afraid my app would end up being an example in the wild where cryptography went bad because the developer messed up.

How about C#? That hasn't got modern cryptography built-in?

No, it doesn't.

Please, everyone, look at the documentation for the language you're writing in and compare it to the established criteria of this post before you ask about it.

C# gives you NIST curves, not modern ECC (RFC 7748). C# doesn't give you a simple misuse-resistant AEAD interface like crypto_secretbox() or crypto_box() as part of the standard API. Therefore, it's not modern cryptography.

Weierstrass curves are not modern.

You can get that if you install libsodium-net by Adam Caudill. But that's not part of the language, that's a community-provided addon.

Damn, that is cool! Shame I don’t know what any of that meant though…

The what does this mean for me part was a sweet relief, everything before it was :eyes_rolling:

code of conduct - report abuse