Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What's New
This commit adds support for the following curves:
(SECG stands for Standards for Efficient Cryptography)
For Ed25519, libsodium is used. If libsodium (or sodium_compat) is not available a fallback PHP implementation is used. For the SECG and Brainpool curves, OpenSSL is used. If OpenSSL is not available a fallback PHP implementation is used.
The following key formats are supported:
-----BEGIN EC PRIVATE KEY-----
-----BEGIN PRIVATE KEY-----
or-----BEGIN ENCRYPTED PRIVATE KEY-----
Examples
Creating keys:
Retrieving key information:
Creating / verifying signatures:
To test with / without the pure-PHP engines (more useful for unit testing than anything):
Setting the Engine in AsymmetricCipher vs BigInteger vs SymmetricCipher
In BigInteger you set the engine thusly:
In SymmetricKey (and all the classes that extend it) you set the engine thusly:
In AsymmetricKey (and all the classes that extend it) you set the engine thusly:
So why is it that the engine is set differently for each one?
SymmetricKey
The engine is set on a per object basis, instead of globally, because the engine ultimately depends on the cipher, the mode of operation, the key length, etc. If you have two SymmetricKey instances it may very well be the case that one of them is using the OpenSSL engine while the other is using the Eval engine.
It's setPreferredEngine because the fact that you want to use OpenSSL doesn't necessarily mean that OpenSSL is going to be available for you to use.
AsymmetricKey
The engine ultimately depends on the curve being utilized. Since there are, at most, two supported engines for any given curve, we can call them the "best" engine and the "internal" (ie. worst) engine. This approach doesn't work with SymmetricKey since an object can simultaneously support up to four different engines (OpenSSL, mcrypt, Eval, PHP).
BigInteger
Whereas with SymmetricKey and AsymmetricKey it may be necessary to use separate engines for different instances of either, with BigInteger, there's no reason why every possible instance can't utilize the same engine.