Skip to content

OpenSSL

tpkarras edited this page May 14, 2025 · 2 revisions

OpenSSL is the encryption engine used to encrypt/decrypt data.

KEF stores each encrypted string within a range of 2/1024000000 bytes preprended with essential information required to encrypt/decrypt as mentioned before.

2 is the lowest amount of bytes it can decrypt without errors. 1024000000 is the highest amount of bytes that openssl_encrypt() and openssl_decrypt() can handle.

Note

Byte range should be considered based on the level of security needed. 2 being the most secure and 1024000000 being the least. You might want to experiment to find the proper byte range for your application needs based on security and speed.

Tip

It is recommended to have the latest possible version of OpenSSL on hand. Preferably after 1.1.1 Later versions of the framework/language you use may have newer versions.

Caution

It is not recommended to use older versions of OpenSSL due to compatibility/security issues. Older versions of PHP before 7.1.0 will create a tag using the hash_hmac() method using the encrypted data and if available, the Initialization Vector. Data encrypted in older versions of PHP may not decrypt with newer versions due to the differences in the versions of openssl_encrypt() and openssl_decrypt().

It is ultimately up to you on how to implement OpenSSL in your KEF implementation.

Clone this wiki locally