You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
thank you very much for providing this important library. It is used in many different other libraries - for example by the SAML2 library SAML-Toolkits/php-saml. Requirements on SAML have changed a lot in the past couple of years and many PHP developers find themselves in the situation, where the IDPs require algoithms like http://www.w3.org/2007/05/xmldsig-more#sha256-rsa-MGF1, that are not supported by the openssl biding in PHP in the current version, which is based on PKCS #1 v1.5:
Currently in PHP it is only possible to make and verify OpenSSL based signatures based on cryptography defined in PKCS #1 v1.5.
Since there is no update of the binding planned, I wanted to quickly check and ask if you accept a rewrite of the openssl methods using the phpseclib/phpseclib library. I would offer to change the implementation and create a pull request. I am not asking to change the methods or the structure of the library but only to switch from the openssl implementation to the phpseclib one. This would enable the additional support for the missing RSA OAEP and MFG algorithms by keeping the other encryption algorithms at the same time.
We are currently switching out this library by an internal fork which does exactly that, because the Elster IDP of the german government we connect to (using the SAML library mentioned above) only supports the http://www.w3.org/2007/05/xmldsig-more#sha256-rsa-MGF1 algorithm. It would be awesome if this library would keep up with modern algorithms and enable developers SAML bindings to modern IDPs.
Looking forward to your answer,
Julius
The text was updated successfully, but these errors were encountered:
Hey @robrichards,
thank you very much for providing this important library. It is used in many different other libraries - for example by the SAML2 library SAML-Toolkits/php-saml. Requirements on SAML have changed a lot in the past couple of years and many PHP developers find themselves in the situation, where the IDPs require algoithms like http://www.w3.org/2007/05/xmldsig-more#sha256-rsa-MGF1, that are not supported by the openssl biding in PHP in the current version, which is based on PKCS #1 v1.5:
(see. https://bugs.php.net/bug.php?id=80495&edit=3)
Since there is no update of the binding planned, I wanted to quickly check and ask if you accept a rewrite of the openssl methods using the phpseclib/phpseclib library. I would offer to change the implementation and create a pull request. I am not asking to change the methods or the structure of the library but only to switch from the openssl implementation to the phpseclib one. This would enable the additional support for the missing RSA OAEP and MFG algorithms by keeping the other encryption algorithms at the same time.
We are currently switching out this library by an internal fork which does exactly that, because the Elster IDP of the german government we connect to (using the SAML library mentioned above) only supports the http://www.w3.org/2007/05/xmldsig-more#sha256-rsa-MGF1 algorithm. It would be awesome if this library would keep up with modern algorithms and enable developers SAML bindings to modern IDPs.
Looking forward to your answer,
Julius
The text was updated successfully, but these errors were encountered: