Scott Arciszewski for Paragon Initiative Enterprises

Posted on Feb 12, 2017

PHP 7.2: The First Programming Language to Add Modern Cryptography to its Standard Library

#crypto #cryptography #nacl #libsodium

Top comments (16)

I quite like this, but couldn't they come up with a better function name than
sodium_crypto_box_keypair_from_secretkey_and_publickey()?

Inkeliz • Feb 16 '17

I agree, this function name is so short, can be longer. :P

My1 • Feb 21 '17

does it REALLY need to be that long?
I mean sodium_dh_create() would work too.

Burak Çalık • Mar 28 '17

Wow, this is probably the longest function name ever.

Harald Engels • May 3 '17

The long function name was probably chosen to increase security by obscurity (joking) :-)

Alice Wonder • Feb 23 '17

Thank you so much, I wasted roughly 12 hours trying to get something to work where python signed a message that a PHP script on a different machine could properly and safely verify. I was messing around with phpecc (github project) and other stuff and was getting rather frustrated.

Saw the post on libsodium in php 7.2, built the PECL module for PHP 7.1 and the python library pysodium - and within an hour had something that actually worked with very little code.

Again, thank you so much. With the convoluted stuff I was trying, I was really afraid my app would end up being an example in the wild where cryptography went bad because the developer messed up.

8th • Feb 14 '17

8th has had built-in crypto, using AES+GCM by default, since its inception.

My1 • Feb 21 '17

hope it's also simple to use. having to work with objects and bla bla bla isnt needed imo.

the most simple would be just
put in message and key and it will automatically do IV, and all the other needed stuff for AESGCM.

8th • Feb 21 '17

It does do all that pretty much. It's not an OOP language.

For example:

"some plaintext" "mypassword" "salt" 100 cr:genkey
cr:>encrypt cr:encrypt>

After that, you'll have an AES+GCM+256 encrypted buffer. You could also have skipped all the "mypassword"... genkey by using cr:randkey ... but then you would need to store that key somewhere.

If you choose to use CTR mode, you need to supply an IV, but the default is GCM.

Oh, and the reason there are two encrypt words there, is that one starts encryption and the other ends it. You can keep adding stuff to be encrypted, so for example you could encrypt a very large data stream on the fly if you wanted.

Scott Arciszewski • Mar 3 '17

Unfortunately:

8th isn't really a well-known language. It's not even in the less than 0.1% section of the server-side or client-side lists.
According to your manual, you're still offering RSA for public-key encryption. (It doesn't specify which mode you're using but hopefully it isn't PKCS1v1.5.) This disqualifies 8th for being modern crypto. You want ECDH over a twist-secure Montgomery curve, preferably Curve25519 or Curve448.

Lasse • Mar 3 '17

How about C#? That hasn't got modern cryptography built-in?

Scott Arciszewski • Mar 3 '17

No, it doesn't.

Please, everyone, look at the documentation for the language you're writing in and compare it to the established criteria of this post before you ask about it.

C# gives you NIST curves, not modern ECC (RFC 7748). C# doesn't give you a simple misuse-resistant AEAD interface like crypto_secretbox() or crypto_box() as part of the standard API. Therefore, it's not modern cryptography.