-
Notifications
You must be signed in to change notification settings - Fork 0
OpenSSL
OpenSSL is the encryption engine used to encrypt/decrypt data.
KEF stores each encrypted string within a range of 2/1024000000 bytes preprended with essential information required to encrypt/decrypt as mentioned before.
2 is the lowest amount of bytes it can decrypt without errors. 1024000000 is the highest amount of bytes that openssl_encrypt() and openssl_decrypt() can handle.
Note
Byte range should be considered based on the level of security needed. 2 being the most secure and 1024000000 being the least. You might want to experiment to find the proper byte range for your application needs based on security and speed.
Tip
It is recommended to have the latest possible version of OpenSSL on hand. Preferably after 1.1.1 Later versions of the framework/language you use may have newer versions.
Caution
It is not recommended to use older versions of OpenSSL due to compatibility/security issues. Older versions of PHP before 7.1.0 will create a tag using the hash_hmac() method using the encrypted data and if available, the Initialization Vector. Data encrypted in older versions of PHP may not decrypt with newer versions due to the differences in the versions of openssl_encrypt() and openssl_decrypt().
It is ultimately up to you on how to implement OpenSSL in your KEF implementation.