Version 1 by Pádraic Brady
on Jun 12, 2008 13:16.

compared with
This line was removed.
This word was removed. This word was added.
This line was added.

Changes (39)

View Page History
{info:title=New Proposal Template}
This page has been created from a template that uses "zones." To proceed:
{zone-template-instance:ZFDEV:Zend Proposal Zone Template}

# Edit the page
# Replace sample content within each zone-data tag with your own content
# Remove this notice
# Save the page
# When you are ready for community review, move this page to the [Ready for Review] section on the edit page.

{note:title=No placeholders allowed!}
Please do not create placeholders. Wait until you have sufficient content to replace all sample data in the proposal template before creating your proposal document.

{zone-template-instance:ZFPROP:Proposal Zone Template}

Zend_Magic Zend_Crypt_Rsa

[My Name|]
[Pádraic Brady|]


1.0 - 1 January 2008: Initial Draft.
1.0 - 12 June 2008: Ready for review

Zend_Magic is a simple component that reads my mind and generates code dynamically to do what I want.
Zend_Crypt_Rsa is an implementation of the RSA algorithm for public-key cryptography. This proposal assumes a dependency on PHP's OpenSSL extension, though a later adapter would allow operation even in the absence of OpenSSL, or outside the limitations that OpenSSL imposes. The purpose of the proposal is to write an OO wrapper around the existing ext/openssl functionality where keys are represented as discrete objects rather than resources and strings. Both public and private keys utilise a common interface supporting common encryption, decryption, data signing and key generation and can be directly echoed as PEM strings for remote storage. The main input source at present is also PEM - certificate import is a simple addition once the base functionality is complete.

* [Harry Houdini Wikipedia Entry|]
* [|]
* [Ongoing implementation in Subversion with Unit Tests|]

Most requirements take the form of "foo will do ...." or "foo will not support ...", although different words and sentence structure might be used. Adding functionality to your proposal is requirements creep (bad), unless listed below. Discuss major changes with your team first, and then open a "feature improvement" issue against this component.

* This component *will* correctly reads a developers mind for intent and generate the right configuration file.
* The generated config file *will not* support XML, but will provide an extension point in the API.
* This component *will* use no more memory than twice the size of all data it contains.
* This component *will* include a factory method. utilise ext/openssl is available
* This component *will not* allow subclassing. (i.e. when reviewed, we expect to see "final" keyword in code)
* This component *will* only generate data exports strictly complying with RFC 12345.
* This component *will* validate input data against formats supported by ZF component Foo.
* This component *will not* save any data using Zend_Cache or the filesystem. All transient data *will be* saved using Zend_Session.
* This component *will* support dual path encryption/decryption
* This component *will* support generating signed data signatures
* This component *will* generate key pairs for any bit-length > 384 bits
* This component *will not currently* generate keys with less than 384 bits
* This component *will not currently* operate in the absence of ext/openssl

* Zend_Exception
* ext/openssl

The component is instantiated with a mind-link that ...
The component operates in a simple manner. The Zend_Crypt_Rsa object is instantiated usually by passing the PEM representation string of a private key, from which both the private key itself, and the respective public key, are in turn instantiated as separate objects of type Zend_Crypt_Key. Key objects share a common interface, and can be echoed directly back into the PEM format.

Once instantiated the object is capable of performing a wide range of common RSA operations including signing data, key generation, encryption and decryption. Both encryption and decryption operations require users to explicitly pass the key to use for both processes, to facilitate either public key, or private key, based encryption.

Describe some intermediate state of this component in terms of design notes, additional material added to this page, and / code. Note any significant dependencies here, such as, "Milestone #3 can not be completed until feature Foo has been added to ZF component XYZ." Milestones will be required for acceptance of future proposals. They are not hard, and many times you will only need to think of the first three below.
* Milestone 1: [design notes will be published here|]
* Milestone 2: Working prototype checked into the incubator supporting use cases #1, #2, ...
* Milestone 3: Working prototype checked into the incubator supporting use cases #3 and #4.
* Milestone 4: Unit tests exist, work, and are checked into SVN.
* Milestone 5: Initial documentation exists.

If a milestone is already done, begin the description with "\[DONE\]", like this:
* Milestone #: \[DONE\] Unit tests ...
* Milestone 1: [DONE] Assemble use cases and design comments based on draft source code
* Milestone 2: [DONE] Assemble a unit test suite
* Milestone 3: [UNDERWAY/PENDING COMMENT] Complete initial development
* Milestone 4: Verify unit test coverage
* Milestone 5: Write documentation

* Zend_Magic_Exception Zend_Crypt_Rsa
* Zend_Magic (factory class)
* Zend_Magic_MindProbe Zend_Crypt_Rsa_Exception
* Zend_Magic_MindProbe_Intent Zend_Crypt_Rsa_Key
* Zend_Magic_Action Zend_Crypt_Rsa_Key_Private
* Zend_Magic_CodeGen Zend_Crypt_Rsa_Key_Public

This is a preliminary class listing. Pending public and Zend review, the list may expand as necessary.


... (see good use cases book)
Simple key generation.

class Zend_Magic_Exception extends Zend_Exception {}

class Zend_Magic {
$rsa = new Zend_Crypt_Rsa;
$keys = $rsa->generateKeys(array('private_key_bits'=>512));
echo $keys->privateKey; // PEM string
echo $keys->publicKey; // PEM string


Data signing for secure message exchanges.


$dataToSend = '1234567890';
$rsa = new Zend_Crypt_Rsa('/path/to/privatekey.pem');
$binarySignature = $rsa->sign($dataToSign);
$base64Signature = $rsa->sign($dataToSign, Zend_Crypt_Rsa::BASE64);


Verifying received data using the signature also sent with message.


$dataReceived = '1234567890';
$signatureReceived = 'XXXXXXXXXXXXXXXXXXXXXXX'; //assume some binary signature
$rsa = new Zend_Crypt_Rsa('/path/to/privatekey.pem');
$result = $rsa->verifySignature($dataReceived, $signatureReceived);
var_dump($result); // TRUE or FALSE


Public key encryption for public messaging of secure data.


$rsa = new Zend_Crypt_Rsa('/path/to/privatekey.pem');
$dataToEncrypt = '1234567890';
$encrypted = $rsa->encrypt($data, $rsa->getPublicKey());


Decrypting UC-04 result.


$encrypted = 'XXXXXXXXXXXXXXXXXXXXXX'; // assume encrypted data
$rsa = new Zend_Crypt_Rsa('/path/to/privatekey.pem');
$decrypted = $rsa->decrypt($data, $rsa->getPrivateKey());


All keys can be queried for their PEM string forms, their respective OpenSSL Key resources, and bit length.


$rsa = new Zend_Crypt_Rsa('/path/to/privatekey.pem');
echo $rsa->getPublicKey(); // PEM string
echo count($rsa->getPrivateKey()); // bit count, class implemented Countable
echo get_resource_type($rsa->getPublicKey()->getOpensslKeyResource()); // Openssl key resource


{zone-template-instance} {zone-data:skeletons}
Source code and Unit Tests for this component are available from subversion (supports online viewing):