-
Notifications
You must be signed in to change notification settings - Fork 11.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[8.x] Added support for GCM encryption #38190
Conversation
Can you explain what a "tag" is in this context? |
Sure thing, the tag is generated during the encryption itself and essentially acts as a checksum hash that is used to verify the integrity of the encryption string. The tag is required for GCM mode as it ensures the integrity of each encrypted block (of 128 or 256 bits), but is not available for older encryption methods. The $tag variable is passed via reference to the OpenSSL encrypt function, which then assigns it a value. It will add 16 characters to the final mac value that is stored in the db. In addition to the $tag, there are a number of security benefits that GCM mode has over CBC with a Mac. More information can be found below: |
The tag is another name for the Message Authentication Code (mac), and is used in GCM mode to provide authenticated encryption, meaning that ciphertext tampering can be detected and rejected before decrypting the data. This serves the exact same purpose as the already implemented HMAC in the previous CBC implementation, and using both of these (which this implementation does) is unnecessary and reduces performance. So, when GCM mode is used, the HMAC part should be skipped. This seems to have been done correctly in the 2017 PR https://github.com/laravel/framework/pull/21963/files. One of the reasons GCM is considered more secure is that it reduces the risk of implementation error, since the authentication part doesn't have to be implemented by the consumer. However Laravel implements Encrypt-then-mac correctly as far as I can see. https://en.wikipedia.org/wiki/Authenticated_encryption I might try to make this into a PR in the coming weeks. There is no rush however as I don't see any downside to the current implementation except for performance degradation. And a minor detail regarding the information above – the AES block size is 128 bits for both AES-128 and AES-256. It's the key length that differs. |
There is also a bug in the This is not critical, so I'll include that fix in the PR mentioned above, unless that takes longer than expected. |
@Krisell just saw you sent your PR roughly at the same time. I'll close mine. |
This pull request adds support for 128-bit and 256-bit GCM encryption, which will allow Laravel developers to use this stronger encryption mode in their applications.
Galois/Counter Mode (GCM) encryption is a more secure and modern encryption cipher than CBC (which is currently default).
The pull request does not change the default encryption mode and is fully backwards compatible.