[Comment in 2020: This was a poorly researched question I asked several years ago, before I started reading about the subject. I returned to clean up the question a bit - since the core thing I wanted to know back then was to understand why the key had to have a certain size. However, when one starts learning something new, I truly believe that asking the wrong questions is an important step, towards asking better and better questions. Therefore I find it unfortunate that this forum is discouraging people from asking questions that do not reflect good understanding. I hope this forum in the future can develop more in that direction. End of comment.]
Specifically, my question is as follows, using PHP and OpenSSL, and the function:
openssl_pkey_new(array $configargs)
In another part of this forum, it was said that "If you tell $configargs that you want a keysize of 256 bits, or such, it is too easy to break." I presume that is why the function doesn't allow a keysize smaller than 384 bits. But how come that is deemed so easy to break?
What I want to do is encrypt 'ARBITRARY_STRING' in browser (at the user's end) with user's private key, and then send this (along with other data) to the server, where I decrypt with the public key. But it would be impractical if the key a user has to enter is that long.
Grateful for any advice! Or recommendations on something more suited for the purpose.
See Question&Answers more detail:
os 与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…