Steven Wittens wrote:
Some of the technologies used by OpenId (or under consideration): DSA encryption (using PEM key formatting) RSA encryption (under consideration) SHA1 encryption DER encoding BASE64 encoding
I'm vaguely familiar with many of these technologies, and have even used several of them. SHA1 is natively supported by PHP >= 4.3.0. BASE64 is natively supported by PHP
You're mixing many things here.
BASE64 is a way to encode binary data as ascii. It is not an encryption algorithm in any way.
Right, it's an encoding algorithm. The list of buzzwords/acronyms is just to identify all of the basic functionality required to implement the protocol.
SHA1 is a hash function. It calculates a fixed-length checksum from a variable-length input. Other popular hashes include MD5 (what we use for passwords).
I don't know DER, but googling shows it is a file format for digital certificates.
Thanks, I'm not too familiar with DER formatting either, but it's comparable to PEM formatting for certificate keys from what I've read. PEM keys are typically base64 encoded, though.
RSA is a public/private key based encryption system, mostly used for signatures with a fixed length. Using it for general encryption is not as practical, but possible.
DSA is also a public/private key based encryption system, but afaik it can only be used for signatures.
At this point, the primary function of OpenId is authentication. There are plans for authenticating both users and servers, which is where the DSA signatures come in. Encrypting any part of the transmission will require some form of public key handshake, which is where RSA would come in. I would suspect that keys to a symmetrical encryption algorithm (3DES, Blowfish, etc.) would be transmitted using RSA, but that has not yet been fleshed out to my knowledge. Thanks for the info, -Mark