Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Intro to PHP Encryption

Eric Mann
November 13, 2018
0
93

Intro to PHP Encryption

Modern PHP supports modern encryption: Sodium. This new interface provides a set of opinionated cryptographic primitives that help prevent you from making a costly mistake. Sodium allows symmetric encryption, public/private encryption, and data signing just like you’re used to in other languages. It’s also native to PHP as of version 7.2.

Learn about the new encryption layer provided by PHP and put your new knowledge into action with a hands-on workshop. Attendees will work with an existing application to add a layer of encryption, protecting its data both at rest and in transit.

Eric Mann

November 13, 2018
Tweet

More Decks by Eric Mann

See All by Eric Mann
Asynchronous Awesome
ericmann
0
98
WordPress, Meet AI
ericmann
0
27
Cooking with Credentials
ericmann
0
36
OWASP Top Ten in Review
ericmann
0
25
Monkeys in the Machine
ericmann
0
120
Asynchronous Awesome
ericmann
0
230
Evolution of PHP Security
ericmann
0
280
Web Application Security Update: Top Vulnerabilities
ericmann
0
120
Asynchronous Awesome
ericmann
0
78

Featured

See All Featured
Building a Modern Day 
E-commerce SEO Strategy
aleyda
17
6.4k
Practical Orchestrator
shlominoach
182
9.7k
Understanding Cognitive Biases in Performance Measurement
bluesmoon
7
1k
Sharpening the Axe: The Primacy of Toolmaking
bcantrill
17
1.4k
Making the Leap to Tech Lead
cromwellryan
124
8.5k
A designer walks into a library…
pauljervisheath
200
23k
How GitHub (no longer) Works
holman
304
140k
YesSQL, Process and Tooling at Scale
rocio
164
13k
Side Projects
sachag
451
41k
The Brand Is Dead. Long Live the Brand.
mthomps
49
28k
Helping Users Find Their Own Way: Creating Modern Search Experiences
danielanewman
20
1.9k
Navigating Team Friction
lara
178
13k

Transcript

  1. Intro to PHP Encryption php[world] 2018

  2. Why Crypto? • Your customers’ privacy • Your business’ privacy

    • Regulatory compliance • The right thing to do • It’s easy and fun

  3. PHP 7.2 Enter Libsodium • Fork of NaCl • Many

    implementations • Originally Pecl • Core PHP extension • MODERN CRYPTO

  4. Symmetric Encryption

  5. Symmetric Encryption Image by SSL2BUY

  6. Symmetric Encryption // Generating your encryption key $key = random_bytes(SODIUM_CRYPTO_SECRETBOX_KEYBYTES);

    // Using your key to encrypt information $nonce = random_bytes(SODIUM_CRYPTO_SECRETBOX_NONCEBYTES); $ciphertext = sodium_crypto_secretbox($plaintext, $nonce, $key); // Encode $encoded = sodium_bin2hex($ciphertext);

  7. Symmetric Encryption // Load the same secret key $key =

    ''; // Decode and split $decoded = sodium_hex2bin($encoded); $nonce = substr($encoded, 0, SODIUM_CRYPTO_SECRETBOX_NONCEBYTES); $ciphertext = substr($encoded, SODIUM_CRYPTO_SECRETBOX_NONCEBYTES); // Using your key to decrypt information $plaintext = sodium_crypto_secretbox_open($ciphertext, $nonce, $key); // Check for errors if ($plaintext === false) throw new Exception('Bad ciphertext');

  8. Asymmetric Encryption

  9. Asymmetric Encryption Image by SSL2BUY

  10. Asymmetric Encryption // On Alice's computer: $alice_kp = sodium_crypto_box_keypair(); //

    Split the key into public/private components $alice_secretkey = sodium_crypto_box_secretkey($alice_kp); $alice_publickey = sodium_crypto_box_publickey($alice_kp); // On Bob's computer: $bob_kp = sodium_crypto_box_keypair(); $bob_secretkey = sodium_crypto_box_secretkey($bob_kp); $bob_publickey = sodium_crypto_box_publickey($bob_kp);

  11. Asymmetric Encryption // From Alice to Bob $alice_to_bob_kp = sodium_crypto_box_keypair_from_secretkey_and_publickey(

    $alice_secretkey, $bob_publickey ); $message_nonce = random_bytes(SODIUM_CRYPTO_BOX_NONCEBYTES); $ciphertext = sodium_crypto_box( $message, $nonce, $alice_to_bob_kp );

  12. Asymmetric Encryption // Encoding - From Alice to Bob $encoded

    = sodium_bin2hex($nonce . $ciphertext); // Decoding - From Bob to Alice $decoded = sodium_hex2bin($encoded); $nonce = substr($decoded, 0, SODIUM_CRYPTO_BOX_NONCEBYTES); $ciphertext = substr($decoded, SODIUM_CRYPTO_BOX_NONCEBYTES);

  13. Asymmetric Encryption // On Bob's end $bob_to_alice_kp = sodium_crypto_box_keypair_from_secretkey_and_publickey( $bob_secretkey,

    $alice_publickey ); $plaintext = sodium_crypto_box_open( $ciphertext, $nonce, $bob_to_alice_kp ); if ($plaintext === false) throw new Exception('Bad message or MAC');

  14. Cryptographic Signatures

  15. Cryptographic Signatures Image from Crypto StackExchange

  16. Cryptographic Signatures $message = 'php[world] is the best community event

    of the year!'; // Generate a keypair $sign_kp = sodium_crypto_sign_keypair(); $sign_secretkey = sodium_crypto_sign_secretkey($sign_kp); $sign_publickey = sodium_crypto_sign_publickey($sign_kp); // Sign the message $signed_msg = sodium_crypto_sign( $message, $alice_sign_secretkey );

  17. Cryptographic Signatures - Verification $original_msg = sodium_crypto_sign_open( $signed_msg, $sign_publickey );

    // Verify the message if ($original_msg === false) { throw new Exception('Invalid signature'); } else { echo $original_msg; // Displays the original message. }

  18. Password Hashing

  19. Password Hashing • MD5 • SHA • Blowfish • Blake2

  20. Password Hashing

  21. Key Derivation

  22. Key Derivation // Create a high-entropy master key $master_key =

    sodium_crypto_kdf_keygen(); // Derive any number of sub-keys $s1 = sodium_crypto_kdf_derive_from_key(32, 1, 'one', $master_key); $s2 = sodium_crypto_kdf_derive_from_key(32, 2, 'two', $master_key); $sN = sodium_crypto_kdf_derive_from_key(32, 999, 'N', $master_key);

  23. Key Derivation • The Libsodium API can derive up to

    2^64 subkeys • 18,446,744,000,000,000,000 possible subkeys • Subkeys can have an arbitrary length ◦ Between 128 (16 bytes) and 512 bits (64 bytes).

  24. Secure Remote Passwords

  25. Secure Remote Passwords

  26. Secure Remote Passwords

  27. Cryptography at Rest

  28. Cryptography in Transit

  29. Questions?

  30. Thank You! https://joind.in/talk/95173