documentation on CIVICRM_CRED_KEYS
Hi, I have a question about the new config value CIVICRM_CRED_KEYS, as documented in the page on version-specific upgrades. The page gives three commands to generate a value, saying it should be 32 random bytes (256 bits). I can’t comment on the PowerShell example. The PHP example duly generates 32 random bytes and encodes them in base64. The bash example however only generates 16 random bytes and encodes them as hex digits. That does make it a 32-byte string but only four of each character’s eight bits are random. To represent 32 random bytes in text format, some encoding is of course needed and the encoded representation needs to be longer than 32 bytes. The PHP command produces 43 bytes, suggesting that the string representation is indeed allowed to be longer. The question then is which encoding must be used and/or how the choice of encoding should be indicated. The example commands produce different encodings already (PHP: 32 bytes base64-encoded, Bash: 16 random bytes encoded as hex digits) without indicating the encoding. Could someone advise and perhaps amend the page?