All Questions
22 questions
0votes
1answer
325views
Feedback wanted regarding my functions to Encrypt/Decrypt data using PHP (Openssl) [closed]
I am creating a web app (HTML, CSS, JavaScript, PHP & MySQL) where the users register, and only logged users can create and save personal Notes (encrypted) in a MySQL Server database I have for ...
-1votes
1answer
244views
2 Way SSL for Magento API
Checked many blogs for 2 way ssl(Mutual Authentication) for magento api's or PHP but did not get end to end implementation details. Below is my understanding. Lets consider client (sslclient.com) and ...
0votes
1answer
399views
Sending Post Requests Server to Server
I am creating a web application that is sending sensitive data between servers. I need to take user inputted web form data from website 1 (abc.com) and post the data to website 2 (xyz.com/api). ...
- 129
0votes
1answer
364views
Unnecessary SSL encryption in API?
Im developing my first API but I think I can optimize the server response by eliminating an SSL decryption. The server recieves POST request with two parameters: Action (int value) Data (base 64 ...
1vote
0answers
4kviews
How to extract and verify PDF signature (PKCS7) with openssl?
I would like to detect signed PDFs in PHP and verify if the signature is valid. From this document I have written this PHP code below. What it does is: Extract the PKCS7 code (it works because I ...
- 367
2votes
1answer
202views
Are these cryptographic methods along the right track?
I know we should never "roll our own crypto," but I want to understand the inner workings. I've written the following two encryption/decryption functions in PHP: function encrypt($message) { $...
user156220
6votes
1answer
851views
Can someone explain the weird treatment of the OpenSSL AES-256-GCM authentication tag in PHP 7.1?
I'm using PHP 7.1 and can successfully encrypt a piece of string, like so: $key = random_bytes(32); $iv = openssl_random_pseudo_bytes(openssl_cipher_iv_length('aes-256-gcm')); $cipherText = ...
- 63
0votes
2answers
2kviews
How secure is encrypting & decrypting strings with OpenSSL? [closed]
I am wondering how secure it is to encrypt and decrypt strings using OpenSSL using Salts and an Initialisation Vector. If the salt and initialisation vector are both going to be stored in a database ...
2votes
0answers
1kviews
Which encryption algorithm is used in php openssl_public_encrypt [closed]
I am looking for exact algorithm that is used in PHP's openssl_public_encrypt function, as I need to encrypt some data in android app with that, and I couldnt find android equivalent of PHP's ...
- 209
0votes
2answers
4kviews
How can I restrict HTTP 1.0 or less using .htaccess?
I want to use some restriction with SSL for now my .htacess is RewriteEngine On RewriteCond %{HTTPS} !=on [OR] RewriteCond %{THE_REQUEST} ^POST(.*)HTTP/(0\.9|1\.0)$ [NC,OR] RewriteCond %{...
1vote
1answer
2kviews
difference between rc4-40 and rc4 in OpenSSL
I was testing rc4-40 out with a 200-bit key (25 bytes) and, to my surprise, the results were the same as they were with rc4: <?php $key_size = 25; $key = ''; for ($i = 0; $i < $key_size; $i++) {...
- 1,808
4votes
2answers
5kviews
How secure is AES-256-CBC with user provided password and initialization vector
From my understanding the IV is used as a previous block for the first block only. But since each block is used by the following this adds significant security is a IV is provided and not based on the ...
- 141
0votes
1answer
1kviews
OpenSSL_encrypt returning an incorrect cyphertext?
I am trying to use the openssl_encrypt function in PHP, this is my code: <?php $message = hex2bin("00112233445566778899aabbccddeeff"); $key = hex2bin("000102030405060708090a0b0c0d0e0f"); $method =...
6votes
4answers
18kviews
Can I rely on openssl_random_pseudo_bytes() being very random in PHP?
I came across an application which needs to generate a random token for each user. It is very important that each generated token is unique. Application code was as follows: $token = md5(...
3votes
2answers
226views
Concepts of a secure note sharing system
I am trying to design a system that will allow for staff members in our small company to securely share sensitive customer information (text) and see them on a web page alongside less sensitive ...
- 133
