Encryption Algorithms
This framework comes with several encryption algorithms. These algorithms are in the following namespaces:
Jose\Component\Encryption\Algorithm\KeyEncryption
: key encryption algorithmsJose\Component\Encryption\Algorithm\ContentEncryption
: content encryption algorithms
Main Algorithms
Key Encryption
Algorithm | Additional header parameter |
---|---|
A128KW A192KW A256KW | No |
A128GCMKW A192GCMKW A256GCMKW |
|
dir | No |
ECDH-ES ECDH-ES+A128KW ECDH-ES+A192KW ECDH-ES+A256KW |
|
ECDH-SS ECDH-SS+A128KW ECDH-SS+A192KW ECDH-SS+A256KW | No |
PBES2-HS256+A128KW PBES2-HS384+A192KW PBES2-HS512+A256KW |
|
RSA1_5 RSA-OAEP RSA-OAEP-256 |
Please note that the additional header parameters MUST be present and MUST be understood. Depending on the algorithm you use, you may be required to check headers BEFORE the decryption operation. Please create a custom Header Checker for theses parameters.
Content Encryption
Algorithm | Package |
---|---|
A128GCM A192GCM A256GCM |
|
A128CBC-HS256 A192CBC-HS384 A256CBC-HS512 |
|
The algorithm RSA1_5
is deprecated due to known security vulnerability.
The algorithms ECDH-ES*
are not recommended unless used with the OKP
key type.
Experimental Algorithms
The following algorithms are experimental and must not be used in production unless you know what you are doing. They are proposed for testing purpose only.
Key Encryption
Algorithm | Description |
---|---|
A128CTR A192CTR A256CTR | AES CTR based encryption |
Chacha20+Poly1305 | Please note that this algorithm requires OpenSSL 1.1 |
RSA-OAEP-384 RSA-OAEP-512 | Same algorithm as RSA-OAEP-256 but with SHA-384 and SHA-512 hashing functions |
Content Encryption
Algorithm | Description |
---|---|
A128CCM-16-128 A128CCM-16-64 A128CCM-64-128 A128CCM-64-64 A256CCM-16-128 A256CCM-16-64 A256CCM-64-128 A256CCM-64-64 | AES-CCM based algorithms |
How To Use
These algorithms have to be used with the Algorithm Manager.
By default, PBES2*
algorithms use the following parameter values:
Salt size: 64 bytes (512 bits)
Count: 4096
You may need to use other values. This can be done during the instantiation of the algorithm:
Example with 16 bytes (128 bits) salt and 1024 counts:
Last updated