[drupal-devel] OpenId-compatible encryption in PHP

Mark mark at nullcraft.org
Sun May 22 18:48:23 UTC 2005


Steven Wittens wrote:

>
>> Some of the technologies used by OpenId (or under consideration):
>>  DSA encryption (using PEM key formatting)
>>  RSA encryption (under consideration)
>>  SHA1 encryption
>>  DER encoding
>>  BASE64 encoding
>>
>> I'm vaguely familiar with many of these technologies, and have even 
>> used several of them. SHA1 is natively supported by PHP >= 4.3.0.
>> BASE64 is natively supported by PHP
>
>
> You're mixing many things here.
>
> BASE64 is a way to encode binary data as ascii. It is not an 
> encryption algorithm in any way.
>
Right, it's an encoding algorithm.  The list of buzzwords/acronyms is 
just to identify all of the basic functionality required to implement 
the protocol.

> SHA1 is a hash function. It calculates a fixed-length checksum from a 
> variable-length input. Other popular hashes include MD5 (what we use 
> for passwords).
>
> I don't know DER, but googling shows it is a file format for digital 
> certificates.
>
Thanks, I'm not too familiar with DER formatting either, but it's 
comparable to PEM formatting for certificate keys from what I've read. 
PEM keys are typically base64 encoded, though.

> RSA is a public/private key based encryption system, mostly used for 
> signatures with a fixed length. Using it for general encryption is not 
> as practical, but possible.
>
> DSA is also a public/private key based encryption system, but afaik it 
> can only be used for signatures.

At this point, the primary function of OpenId is authentication. There 
are plans for authenticating both users and servers, which is where the 
DSA signatures come in.  Encrypting any part of the transmission will 
require some form of public key handshake, which is where RSA would come 
in.  I would suspect that keys to a symmetrical encryption algorithm 
(3DES, Blowfish, etc.) would be transmitted using RSA, but that has not 
yet been fleshed out to my knowledge.

Thanks for the info,
-Mark



More information about the drupal-devel mailing list