Skip to end of metadata
Go to start of metadata
You are viewing an old version of this page. View the current version. Compare with Current  |   View Page History

<ac:macro ac:name="unmigrated-inline-wiki-markup"><ac:plain-text-body><![CDATA[

Zend Framework: Zend_Crypt_Rsa Component Proposal

Proposed Component Name Zend_Crypt_Rsa
Developer Notes
Proposers Pádraic Brady
Revision 1.0 - 12 June 2008: Ready for review (wiki revision: 3)

Table of Contents

1. Overview

Zend_Crypt_Rsa is an implementation of the RSA algorithm for public-key cryptography. This proposal assumes a dependency on PHP's OpenSSL extension, though a later adapter would allow operation even in the absence of OpenSSL, or outside the limitations that OpenSSL imposes. The purpose of the proposal is to write an OO wrapper around the existing ext/openssl functionality where keys are represented as discrete objects rather than resources and strings. Both public and private keys utilise a common interface supporting common encryption, decryption, data signing and key generation and can be directly echoed as PEM strings for remote storage. The main input source at present is also PEM - certificate import is a simple addition once the base functionality is complete.

2. References

3. Component Requirements, Constraints, and Acceptance Criteria

  • This component will utilise ext/openssl is available
  • This component will support dual path encryption/decryption
  • This component will support generating signed data signatures
  • This component will generate key pairs for any bit-length > 384 bits
  • This component will not currently generate keys with less than 384 bits
  • This component will not currently operate in the absence of ext/openssl

4. Dependencies on Other Framework Components

  • Zend_Exception
  • ext/openssl

5. Theory of Operation

The component operates in a simple manner. The Zend_Crypt_Rsa object is instantiated usually by passing the PEM representation string of a private key, from which both the private key itself, and the respective public key, are in turn instantiated as separate objects of type Zend_Crypt_Key. Key objects share a common interface, and can be echoed directly back into the PEM format.

Once instantiated the object is capable of performing a wide range of common RSA operations including signing data, key generation, encryption and decryption. Both encryption and decryption operations require users to explicitly pass the key to use for both processes, to facilitate either public key, or private key, based encryption.

6. Milestones / Tasks

  • Milestone 1: [DONE] Assemble use cases and design comments based on draft source code
  • Milestone 2: [DONE] Assemble a unit test suite
  • Milestone 3: [UNDERWAY/PENDING COMMENT] Complete initial development
  • Milestone 4: Verify unit test coverage
  • Milestone 5: Write documentation

7. Class Index

  • Zend_Crypt_Rsa
  • Zend_Crypt_Rsa_Exception
  • Zend_Crypt_Rsa_Key
  • Zend_Crypt_Rsa_Key_Private
  • Zend_Crypt_Rsa_Key_Public

This is a preliminary class listing. Pending public and Zend review, the list may expand as necessary.

8. Use Cases


Simple key generation.


Data signing for secure message exchanges.


Verifying received data using the signature also sent with message.


Public key encryption for public messaging of secure data.


Decrypting UC-04 result.


All keys can be queried for their PEM string forms, their respective OpenSSL Key resources, and bit length.

9. Class Skeletons

Source code and Unit Tests for this component are available from subversion (supports online viewing):


Enter labels to add to this page:
Please wait 
Looking for a label? Just start typing.