openssl.cnf example for Windows IIS

Get help with using the PHP Secure Communications Library.

Moderator: Nuxius

Forum rules
The purpose of this forum is to provide support for phpseclib, a pure PHP SSH / SFTP / RSA library.

Posts by new users are held in a moderation queue and are not publicly visible until the post is approved.

openssl.cnf example for Windows IIS

Postby HornedBeast » Wed Oct 02, 2013 3:52 pm

Hello!

I was just wondering if there was an example of the openssl.cnf file for Windows + IIS? My current file is just the default one that composer downloaded along with the rest of the library.

Code: Select all
# minimalist openssl.cnf file for use with phpseclib

HOME         = .
RANDFILE      = $ENV::HOME/.rnd

[ v3_ca ]


I wasn't sure if this was enough for phpseclib to know about openssl on the box.

Essentially - my issue is I have JWT's to decrypt using A128CBC+HS256 (http://tools.ietf.org/html/draft-ietf-o ... b-token-11). This currently works, but is performing very slowly. I can only decrypt about 25 of these tokens in a second. The tokens themselves are only a few KB big. Does this seem normal on a modest dual core VM running Windows + ISS + PHP? OpenSSL exntesions are on for PHP, as is GMP. Any advice at all?
HornedBeast
Traveler
 
Posts: 3
Joined: Fri Sep 06, 2013 9:11 am

Re: openssl.cnf example for Windows IIS

Postby TerraFrost » Thu Oct 03, 2013 4:33 pm

I wasn't sure if this was enough for phpseclib to know about openssl on the box.

Should be.

Essentially - my issue is I have JWT's to decrypt using A128CBC+HS256 (http://tools.ietf.org/html/draft-ietf-o ... b-token-11). This currently works, but is performing very slowly. I can only decrypt about 25 of these tokens in a second. The tokens themselves are only a few KB big. Does this seem normal on a modest dual core VM running Windows + ISS + PHP? OpenSSL exntesions are on for PHP, as is GMP. Any advice at all?

If that's AES then OpenSSL / GMP wouldn't help. What you'd need is mcrypt to speed it up.

OpenSSL supports symmetric key operations but phpseclib doesn't currently make use of it.
TerraFrost
Legendary Guard
 
Posts: 12357
Joined: Wed Dec 04, 2002 6:37 am

Re: openssl.cnf example for Windows IIS

Postby HornedBeast » Fri Oct 04, 2013 1:58 pm

Thank-you for your switft reply.

php-mcrypt is currently installed and working on the box (according to phpinfo() ). Is there any way of forcing phpseclib to use it? Or any way of checking that it is?

The slow part of my decryption has something to do with "rsaes_oaep_decrypt". That might make more sense to you than me!
HornedBeast
Traveler
 
Posts: 3
Joined: Fri Sep 06, 2013 9:11 am

Re: openssl.cnf example for Windows IIS

Postby TerraFrost » Fri Oct 04, 2013 6:46 pm

phpseclib should be using it if it's installed. Same thing with gmp and OpenSSL. You'd have to go out of your way to disable them in fact.

In the case of XAMPP servers there's an issue that can render OpenSSL unusable. To see if your server is affected by that I'd need to see the phpinfo output.

Also, how big is your key? Can you generate another key of the same size and post it?
TerraFrost
Legendary Guard
 
Posts: 12357
Joined: Wed Dec 04, 2002 6:37 am

Re: openssl.cnf example for Windows IIS

Postby HornedBeast » Mon Oct 07, 2013 9:30 am

I'm using this library to perform the decryption: https://github.com/gree/jose?source=cc

I'm not sure which step in decrypting JWE's is slow here. However, the key I was given is 2048bit (RSA) by the looks of it. Sadly, I can't generate a new one as they're issued to me.

I've attached a slightly redacted PHP Info for you to look at.
Attachments
index.php.zip
PHP Info
(11.76 KiB) Downloaded 124 times
HornedBeast
Traveler
 
Posts: 3
Joined: Fri Sep 06, 2013 9:11 am

Re: openssl.cnf example for Windows IIS

Postby TerraFrost » Wed Oct 09, 2013 8:07 pm

So you're performing 25x RSA decryptions with a 2048-bit key each second? I don't think that's actually all that bad lol.

Based on the benchmarks at http://phpseclib.sourceforge.net/math/intro.html I think my laptop could do 50x per second but maybe your server just has more CPU resources dedicated at any given time or something.

Although arguably sub-second speed is pretty fast RSA is still a lot slower than symmetric ciphers like AES and what not. And on top of that RSA decryption is usually slower than RSA encryption.

Unfortunately, I think the slowness your describing (assuming my above description is correct) is just inevitable. How many would you expect it to do per second?
TerraFrost
Legendary Guard
 
Posts: 12357
Joined: Wed Dec 04, 2002 6:37 am


Return to phpseclib support

Who is online

Users browsing this forum: No registered users and 2 guests