PHP: mcrypt vs. asymmetrical openssl for encrypting messages between two parties

StackOverflow https://stackoverflow.com/questions/21240369

Question

I'm developing a basic secure messaging system. I would like the messages stored in a MySQL database to be encrypted by default with the user's hashed password (plus salt and pepper) as the key. The site that runs this system is only accessed over SSL.

I've been developing this under PHP's mcrypt extension using the following procedure:

  1. user1 sends a $message to user2

  2. the $message is stored in user1's chat history using user1's key, as well as in a "transport" table, where it's encrypted with a global key (stored outside the database) that regenerates any time the table is empty

  3. the next time user2 checks for new messages, it will decrypt the $message(s) stored in the transport table using the global key, encrypt the message for user2's chat history with user2's key (therefore, each message sent between the two users is actually stored twice; once with each user's own key) and delete the message from the transport table

I realize this isn't perfect (the transport table being the obvious weak point), but it's the best I could come up with after consulting various discussions and articles.

Then it dawned on me that it may be better to use the OpenSSL extension for asymmetric encryption instead. But, before I trash a few days' work with mcrypt:

  1. Is this the right idea?

  2. Is OpenSSL designed for and/or capable of this?

  3. I read that asymmetric encryption more computationally taxing. My own basic testing seems to indicate that OpenSSL is orders of magnitude slower. Is the encryption that much stronger or is it just the nature of asymmetric encryption?
Was it helpful?

Solution

I'll answer per item:

  1. Yes, using asymmetric encryption is often used for transporting messages. See e.g. the CMS and PGP container formats. Of course there is more to it. Especially establishing trust using some kind of PKI.

  2. Absolutely. It contains methods for creating and reading PKCS#7 container formats which are the equivalent of the Cryptographic Message Syntax (CMS) and libraries for handling X509 certificates which hold the asymmetric public keys (that need to be trusted). You can of course also create your own formats. GCM encryption is also included nowadays which can be extremely useful for chat applications. In the end you probaly end up with hybrid encryption - part asymmetric, part symmetric.

  3. It's the nature of asymmetric encryption. Normally symmetric encryption is stronger for the same size keys. The attacks can be of a completely different nature, so you cannot create a direct comparison, or say that one is two times as strong as the other. You can compare key strengths on sites like http://www.keylength.com/.

If you want faster encryption then you could use Elliptic Curve encryption. Another common method is to establish symmetric session keys and use those for encryption (message confidentiality) and possibly message authentication and integrity.

Beware of padding oracle attacks and man-in-the-middle attacks when performing message encryption! Getting stuff to work is relatively easy. Making it secure is not.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top