php-jwt icon indicating copy to clipboard operation
php-jwt copied to clipboard

Published 20 hours ago verified publisher icon adhocore

ECDSA algo

Open adhocore opened this issue 6 years ago • 7 comments

adhocore avatar Aug 23 '18 00:08 adhocore

Are there any current detailed descriptions?

I think we have the two ways to complete this ECDSA algorithm.

  • Using the existed ECDSA package with PHP directly.
  • Implement the ECDSA algorithm with PHP for this package.

peter279k avatar Feb 27 '19 08:02 peter279k

we can go for 1 but the dependency should be optional and in suggestions.

adhocore avatar Feb 28 '19 00:02 adhocore

@adhocore, thank you for your reply.

I finally found the following two ECDSA PHP packages. The lists are as follows:

Which one do you want to prefer?

Thanks.

peter279k avatar Mar 08 '19 02:03 peter279k

my thinking was to have a Signature class that works with either of them (whichever is available) but not having these packages as deps, but in suggests

adhocore avatar Mar 08 '19 10:03 adhocore

Hey @peter279k 👋 (we know eachother from other OpenSource work), Hello @adhocore thanks for writing this.

Is ECDSA still wanted for this?

I noticed that currently you direct-bind to php functions. Perhaps one or more interfaces would make implementing this more easy?

We have decode and encode method verbs right? and then perhaps some optional, options data object. Perhaps a type of exception, which allows communication that an encode or decode has failed?

Your ideas about using composer suggested packages is a nice one. Maybe all the interface definitions could trap any errors from functions not existing and throw a nice exception to let ops / platform / dev team know what to do, or at least what is wrong without leaking the details of how we do any of the encryption / decryption?

I'm using this in a WordPress plugin due to the low number of files and broad PHP compatibility, so thanks for making that easy too.

Lewiscowles1986 avatar May 23 '21 16:05 Lewiscowles1986

Is ECDSA still wanted for this?

hi @Lewiscowles1986, maybe yes but not must-have

I noticed that currently you direct-bind to php functions. Perhaps one or more interfaces would make implementing this more easy?

yep it requires some broader change, i think we can have EJWT class extend JWT as a simpler way to support ECDSA. above all this lib is meant for simplicity and ease of use for most of the use case.

adhocore avatar May 24 '21 03:05 adhocore

In this case, I'll squeak the effort :wink: for now simplicity of deployment has me just pinning the algorithm and switching out shared keys.

Lewiscowles1986 avatar May 24 '21 05:05 Lewiscowles1986

closing for now

adhocore avatar Oct 27 '22 14:10 adhocore