Hi,
I would like to make it easier for PHP developers to implement
cryptography features in their applications. I intend to work on some
of these ideas and submit them for inclusion in PHP 7.1.
Some of these might be familiar to some of you.
1. Pluggable Cryptography Frontend
Work is currently underway for a PHP prototype for this idea
originally suggested by ircmaxell, that will basically be like PDO for
cryptography. Our current project name, subject to change, is PHP
Crypto Objects (PCO).
The idea is that you could write code like this to add secure
authenticated encryption to your application without having to worry
about the details.
$AES = new \PCO\Symmetric('openssl:cipher=AES-128');
$ciphertext = $AES->encrypt($plaintext, $someKey);
$PKC = new \PCO\Asymmetric('libsodium');
$offlineDecryptable = $PKC->seal($plaintext, $someX25519PublicKey);
When it's finished, I'd like to turn it into a PECL extension so users
can play with it in PHP 7.0 and submit it for inclusion in 7.1.
2. Cache-timing-safe character encoding functions
Alternatives for existing functions that should function like their
unsafe counterparts, but without branches or data-based index lookups.
* hex2bin() -> hex2bin_ts()
* bin2hex() -> bin2hex_ts()
* base64_encode() -> base64_encode_ts()
* base64_decode() -> base64_decode_ts()
Other formats are out of scope, unless someone can make the case that
we need to support RFC 4648 base32 encoding (e.g. for Tor Hidden
Service integration).
3. Other ideas (not yet committed to at all, but might be of interest
to others):
* Improving the OpenSSL API, or at least the documentation
* Adding streaming encryption/decryption support to OpenSSL
* Adding AE and AEAD interfaces to OpenSSL
* Aliasing MCRYPT_AES -> MCRYPT_RIJNDAEL_128, adding MCYPT_MODE_CTR
What I need from you is guidance on what features or changes you want
to see in 7.1 and which can be put off until later (or never proposed
as an RFC at all).
Seriously, all I need is your opinion and whether or not you'd like to
see any of these happen. If you have specific implementation details
you'd like to discuss or requests, of course those are welcome too. :D
"With great ubiquity comes great responsibility." - Matthew Green
<https://twitter.com/matthew_d_green/status/578567678492733440>
Scott Arciszewski
Chief Development Officer
Paragon Initiative Enterprises <https://paragonie.com>
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
