Hi,
I need to encrypt short strings of data (customer entered) that go into a database. [man]openssl_public_encrypt[/man] and [man] openssl_private_decrypt[/man] seem perfect for that as they solve the problem of protecting the key of symmetric encryption methods. The only thing that freaks me out is the warning in the manual on php.net:
“This function is EXPERIMENTAL. The behaviour of this function, the name of this function, and anything else documented about this function may change without notice in a future release of PHP. Use this function at your own risk.”
On the face of it, I shouldn’t use these functions in a production environment except these functions seem to have been around for a while and people seem to use them. They also seem to be a better solution to my problem (which I do not expect to be so uncommon) than [man] openssl_seal[/man] for instance, so it would be foolish to completely remove the functionality. (I could live with having to change my code a little after some future PHP release that “changes the behaviour or name”.)
My problem is aggravated by the fact that we use shared hosting and PHP could get updated under us without our control. The shared hosting is also the reason for more security...
My question is could anyone comment on the future of these functions? How does one contact the people updating PHP about these sorts of things?
Regards,
pilgrim
