You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Since you obviously aren't just sending the used symmetric key along unecrypted, there is a step or two in the "Under the Hood" part of the README that is missing to describe it being encrypted again using the public key (I imagine). Not many folks will need that info, but you do have an "Under the Hood" section, and it should be complete.
The text was updated successfully, but these errors were encountered:
Encrypts the random secret value with your RSA public key, using PHPSecLib
(RSAES-OAEP + MGF1-SHA256)
Derives an encryption key from the secret value and its RSA-encrypted ciphertext,
using HMAC-SHA256.
Encrypts your plaintext message using defuse/php-encryption
(authenticated symmetric-key encryption)
Calculates a checksum of both encrypted values (and a version tag)
Authentication
Signs a message using PHPSecLib (RSASS-PSS + MGF1-SHA256)
That's the symmetric key (in bold). It's not transmitted; it must be recalculated by the recipient. In order to recalculate the same value, you must be able to decrypt the RSA ciphertext (first step), then HMAC the RSA plaintext with the RSA ciphertext. Only then can you decrypt the actual plaintext.
This strategy is an all-or-nothing derivation, which means you can't exploit padding oracles (provided the subsequent steps are constant-time).
Since you obviously aren't just sending the used symmetric key along unecrypted, there is a step or two in the "Under the Hood" part of the README that is missing to describe it being encrypted again using the public key (I imagine). Not many folks will need that info, but you do have an "Under the Hood" section, and it should be complete.
The text was updated successfully, but these errors were encountered: