Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Zend Framework Blog:
End-to-end encryption with Zend Framework 3
Aug 22, 2016 @ 11:56:35

With the recent release of the latest version of the zend-crypt package, the Zend Framework has announced that it's possible to use it to create end-to-end encryption in your applications (Zend Framework based or not).

Recently, we released zend-crypt 3.1.0, the cryptographic component from Zend Framework. This last version includes a hybrid cryptosystem, a feature that can be used to implement end-to-end encryption schema in PHP.

A hybrid cryptosystem is a cryptographic mechanism that uses symmetric encryption (e.g. AES) to encrypt a message, and public-key cryptography (e.g. RSA) to protect the encryption key. This methodology guarantee two advantages: the speed of a symmetric algorithm and the security of public-key cryptography.

He starts with a brief overview of how the system works and the flow of the request/response messaging. With this base in place, he gets into the code required to perform the encryption, first generating the keys needed for the encryption (and why he chose the mode/cypher he did for each). Then, using these keys, he shows how to use zend-crypt and its "Hybrid" handling to encrypt and decrypt a simple message. He also shows how to encrypt the contents of a file using a password.

tagged: endtoend encryption zendcrypt zendframework encryption tutorial string file

Link: https://framework.zend.com/blog/2016-08-19-end-to-end-encryption.html

Padraic Brady's Blog:
PEAR::Encryption and Zend_Crypt Revisited
Jun 17, 2008 @ 15:32:50

Padraic Brady has a new post today mentioning both the PEAR::Encryption package and the Zend_Crypt component of the Zend Framework.

It's been a while since I did some active ZF/PEAR component development. It's been one of those 6 month periods where time to commit was a rarity for a few reasons. So now that I'm back on the road, where to?

He sets his sights on the Zend_Crypt component and details some of the encryption methods it contains - HMAC, the Diffie-Hellman Key Agreement Protocol, a hashing wrapper and proposed support for a RSA public key cryptography. He mentions that a lot of this support is already in a beta package for PEAR.

tagged: pear encryption package component zendframework zendcrypt

Link: