php - confusion with the term openssl_private_encrypt -
in encryption, utilize public key of receiver, why "private" term in function? seems contradictory or confused me.
when utilize private key, signing something. looks function give same result openssl_sign(), tried both , gave me different output.
because function openssl_private_encrypt has "private" , "encrypt", don't know if encrypting or signing. function for?
generally openssl encrypt private key method used provide specific ssl method of signature generation:
concatenating outputs multiple hash functions provides collision resistance strongest of algorithms included in concatenated result. example, older versions of tls/ssl utilize concatenated md5 , sha-1 sums; ensures method find collisions in 1 of functions doesn't allow forging traffic protected both functions.
source: see wikipedia page cryptographic hash function , concatenation of cryptographic hash functions.
as libraries don't provide signature format (and since ssl version of signature not utilize embedded asn.1 construction around hashes) implemented of time using encrypt function instead. difference experiencing missing asn.1 construction (see pkcs#1 v2.1 standard see asn.1 construction i'm talking about).
you can place pretty bet on uses pkcs#1 padding signatures instead of padding used encryption. and, indicated, won't contain asn.1 construction or hash, instead utilize given set given info in place of asn.1 structure.
it not recommended utilize function outside back upwards existing (deprecated) protocols. if utilize encryption purposes will create vulnerable kinds of attacks, please don't create mistake.
php encryption sign
No comments:
Post a Comment