compared with
Key
This line was removed.
This word was removed. This word was added.
This line was added.

Changes (5)

View Page History

{zone-data:overview}
Zend_Crypt_Rsa is an implementation of the RSA algorithm for public-key cryptography. This proposal assumes a dependency on PHP's OpenSSL extension, though a later adapter would allow operation even in the absence of OpenSSL, or outside the limitations that OpenSSL imposes. The purpose of the proposal is to write an OO wrapper around the existing ext/openssl functionality where keys are represented as discrete objects rather than resources and strings. Both public and private keys utilise a common interface supporting common encryption, decryption, data signing and key generation and can be directly echoed as PEM strings for remote storage. The main input source at present is also PEM - certificate import is a simple addition once the base functionality is complete. for both private and public keys, or X.509 certificates for public keys.
{zone-data}

* This component *will* support generating signed data signatures
* This component *will* generate key pairs for any bit-length > 384 bits
* This component *will* import PEM formatted keys and certificates
* This component *will not currently" import DER or PKCS#12 formats
* This component *will not currently* generate keys with less than 384 bits
* This component *will not currently* operate in the absence of ext/openssl

{zone-data:operation}
The component operates in a simple manner. The Zend_Crypt_Rsa object is instantiated usually by passing the PEM representation string of a private key, from which both the private key itself, and the respective public key, are in turn instantiated as separate objects of type Zend_Crypt_Key. Alternatively passing in a PEM formatted X.509 certificate will instantiate the object only with a public key available. Key objects share a common interface, and can be echoed directly back into the PEM format.

Once instantiated the object is capable of performing a wide range of common RSA operations including signing data, key generation, encryption and decryption. Both encryption and decryption operations require users to explicitly pass the key to use for both processes, to facilitate either public key, or private key, based encryption, for instance where the original object was instantiated from a X.509 certificate and a private key will be passed in later.
{zone-data}

{code}

||UC-07||

Public keys can be retrieved from X.509 certs

{code}
<?php
$rsa = new Zend_Crypt_Rsa(array('certificatePath'=>'path/to/x509.crt'));
$dataToEncrypt = '1234567890';
$encrypted = $rsa->encrypt($data, $rsa->getPublicKey());
$rsa2 = new Zend_Crypt_Rsa('/path/to/privkey.pem');
$decrypted = $rsa->decrypt($encrypted, $rsa2->getPrivateKey());
{code}


||UC-08||

Keys pairs can be generated to, or accessed from, PEM formats which are encrypted with a passphrase.

{code}
<?php
$rsa = new Zend_Crypt_Rsa(array('certificatePath'=>'path/to/x509.crt'));
$dataToEncrypt = '1234567890';
$encrypted = $rsa->encrypt($data, $rsa->getPublicKey());
$rsa2 = new Zend_Crypt_Rsa('/path/to/privkey.pem');
$decrypted = $rsa->decrypt($encrypted, $rsa2->getPrivateKey());
{code}

{zone-data}