[5.5] Add GCM support to encrypter #21963
Conversation
432329b to
95f2ce5
Compare
| @@ -44,9 +44,19 @@ public function testWithCustomCipher() | |||
| $this->assertEquals('foo', $e->decrypt($encrypted)); | |||
| } | |||
|
|
|||
| public function testAeadCipher() | |||
| { | |||
| $this->onlyForAead(); | |||
There was a problem hiding this comment.
Just use the @requires PHP 7.1 annotation.
There was a problem hiding this comment.
And drop the extra method. :)
|
No plans to add this to the core. |
|
What are the benefits of GCM? Maybe make a package, and see if i gets traction? |
|
@GrahamCampbell I think that the main benefit is a better performance in this context. The GCM doesn't need an extra MAC creation / validation as it's all done when applying mode during encryption / decryption. All is fully handled by @taylorotwell I'd be interested to know the reason why you prefer not to have it in the core. Is it just because you prefer to have a very thin encrypter with a single alg supported? Or would you prefer a different more extendable implementation? I'm also wondering what are your thoughts about more standard output format like JWE which would also allow additional key protection? |
|
@taylorotwell why no plans for this? |
This PR adds support for AES GCM ciphers with 128 or 256 bit key. The default is still the same (CBC) so it should be fine for 5.5 I guess (not sure what the rules are thought so happy to create a PR for 5.6 only).
I added GCM support to openssl ext in 7.1 so it's available only for PHP version higher or equal to 7.1.