PHP 7.2: The First Programming Language to Add Modern Cryptography to its Standard Library

Scott Arciszewski on February 12, 2017

Last week, the voting phase closed on an RFC to add libsodium to PHP 7.2. The result was unanimous (37 in favor, 0 against... [Read Full]
This is a single comment and its replies view parent view full discussion

hope it's also simple to use. having to work with objects and bla bla bla isnt needed imo.

the most simple would be just
put in message and key and it will automatically do IV, and all the other needed stuff for AESGCM.

It does do all that pretty much. It's not an OOP language.

For example:

"some plaintext" "mypassword" "salt" 100 cr:genkey
cr:>encrypt cr:encrypt>

After that, you'll have an AES+GCM+256 encrypted buffer. You could also have skipped all the "mypassword"... genkey by using cr:randkey ... but then you would need to store that key somewhere.

If you choose to use CTR mode, you need to supply an IV, but the default is GCM.

Oh, and the reason there are two encrypt words there, is that one starts encryption and the other ends it. You can keep adding stuff to be encrypted, so for example you could encrypt a very large data stream on the fly if you wanted.

Unfortunately:

  1. 8th isn't really a well-known language. It's not even in the less than 0.1% section of the server-side or client-side lists.
  2. According to your manual, you're still offering RSA for public-key encryption. (It doesn't specify which mode you're using but hopefully it isn't PKCS1v1.5.) This disqualifies 8th for being modern crypto. You want ECDH over a twist-secure Montgomery curve, preferably Curve25519 or Curve448.
code of conduct - report abuse