reference/openssl/functions/openssl-pbkdf2.xml
4c2ea3d32c3b66550abc4ef6d6dfc7753c01e22f
4c2ea3d32c3b66550abc4ef6d6dfc7753c01e22f
...
...
@@ -1,28 +1,26 @@
1
1
<?xml version="1.0" encoding="utf-8"?>
2
2
<!-- $Revision$ -->
3
-
4
3
<refentry xml:id="function.openssl-pbkdf2" xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink">
5
4
<refnamediv>
6
5
<refname>openssl_pbkdf2</refname>
7
-
<refpurpose>Generates a PKCS5 v2 PBKDF2 string, defaults to SHA-1</refpurpose>
6
+
<refpurpose>Generates a PKCS5 v2 PBKDF2 string</refpurpose>
8
7
</refnamediv>
9
8
10
9
<refsect1 role="description">
11
10
&reftitle.description;
12
11
<methodsynopsis>
13
-
<type>string</type><methodname>openssl_pbkdf2</methodname>
12
+
<type class="union"><type>string</type><type>false</type></type><methodname>openssl_pbkdf2</methodname>
14
13
<methodparam><type>string</type><parameter>password</parameter></methodparam>
15
14
<methodparam><type>string</type><parameter>salt</parameter></methodparam>
16
15
<methodparam><type>int</type><parameter>key_length</parameter></methodparam>
17
16
<methodparam><type>int</type><parameter>iterations</parameter></methodparam>
18
-
<methodparam choice="opt"><type>string</type><parameter>digest_algorithm</parameter></methodparam>
17
+
<methodparam choice="opt"><type>string</type><parameter>digest_algo</parameter><initializer>"sha1"</initializer></methodparam>
19
18
</methodsynopsis>
20
19
<para>
21
-
20
+
<function>openssl_pbkdf2</function> computes PBKDF2 (Password-Based Key Derivation Function 2),
21
+
a key derivation function defined in PKCS5 v2.
22
22
</para>
23
23
24
-
&warn.undocumented.func;
25
-
26
24
</refsect1>
27
25
28
26
<refsect1 role="parameters">
...
...
@@ -32,7 +30,7 @@
32
30
<term><parameter>password</parameter></term>
33
31
<listitem>
34
32
<para>
35
-
33
+
Password from which the derived key is generated.
36
34
</para>
37
35
</listitem>
38
36
</varlistentry>
...
...
@@ -40,7 +38,7 @@
40
38
<term><parameter>salt</parameter></term>
41
39
<listitem>
42
40
<para>
43
-
41
+
PBKDF2 recommends a crytographic salt of at least 64 bits (8 bytes).
44
42
</para>
45
43
</listitem>
46
44
</varlistentry>
...
...
@@ -48,7 +46,7 @@
48
46
<term><parameter>key_length</parameter></term>
49
47
<listitem>
50
48
<para>
51
-
49
+
Length of desired output key.
52
50
</para>
53
51
</listitem>
54
52
</varlistentry>
...
...
@@ -56,15 +54,17 @@
56
54
<term><parameter>iterations</parameter></term>
57
55
<listitem>
58
56
<para>
59
-
57
+
The number of iterations desired. <link
58
+
xlink:href="https://pages.nist.gov/800-63-3/sp800-63b.html#sec5">NIST
59
+
recommends at least 10,000</link>.
60
60
</para>
61
61
</listitem>
62
62
</varlistentry>
63
63
<varlistentry>
64
-
<term><parameter>digest_algorithm</parameter></term>
64
+
<term><parameter>digest_algo</parameter></term>
65
65
<listitem>
66
66
<para>
67
-
67
+
Optional hash or digest algorithm from <function>openssl_get_md_methods</function>. Defaults to SHA-1.
68
68
</para>
69
69
</listitem>
70
70
</varlistentry>
...
...
@@ -74,13 +74,44 @@
74
74
<refsect1 role="returnvalues">
75
75
&reftitle.returnvalues;
76
76
<para>
77
-
Returns string&return.falseforfailure;.
77
+
Returns raw binary string&return.falseforfailure;.
78
78
</para>
79
79
</refsect1>
80
80
81
+
<refsect1 role="examples">
82
+
&reftitle.examples;
83
+
<para>
84
+
<example>
85
+
<title>openssl_pbkdf2() example</title>
86
+
<programlisting role="php">
87
+
<![CDATA[
88
+
<?php
89
+
$password = 'password';
90
+
$salt = openssl_random_pseudo_bytes(16);
91
+
$keyLength = 20;
92
+
$iterations = 600000;
93
+
$generated_key = openssl_pbkdf2($password, $salt, $keyLength, $iterations, 'sha256');
94
+
echo bin2hex($generated_key)."\n";
95
+
echo base64_encode($generated_key)."\n";
96
+
?>
97
+
]]>
98
+
</programlisting>
81
99
82
-
</refentry>
100
+
</example>
101
+
</para>
102
+
</refsect1>
103
+
104
+
<refsect1 role="seealso">
105
+
&reftitle.seealso;
106
+
<para>
107
+
<simplelist>
108
+
<member><function>hash_pbkdf2</function></member>
109
+
<member><function>openssl_get_md_methods</function></member>
110
+
</simplelist>
111
+
</para>
112
+
</refsect1>
83
113
114
+
</refentry>
84
115
<!-- Keep this comment at the end of the file
85
116
Local variables:
86
117
mode: sgml
87
118