Skip to end of metadata
Go to start of metadata
You are viewing an old version of this page. View the current version. Compare with Current  |   View Page History

<ac:macro ac:name="unmigrated-inline-wiki-markup"><ac:plain-text-body><![CDATA[

Zend Framework: Zend_Crypt_Rsa Component Proposal

Proposed Component Name Zend_Crypt_Rsa
Developer Notes
Proposers Pádraic Brady
Revision 1.0 - 12 June 2008: Ready for review (wiki revision: 4)

Table of Contents

1. Overview

Zend_Crypt_Rsa is an implementation of the RSA algorithm for public-key cryptography. This proposal assumes a dependency on PHP's OpenSSL extension, though a later adapter would allow operation even in the absence of OpenSSL, or outside the limitations that OpenSSL imposes. The purpose of the proposal is to write an OO wrapper around the existing ext/openssl functionality where keys are represented as discrete objects rather than resources and strings. Both public and private keys utilise a common interface supporting common encryption, decryption, data signing and key generation and can be directly echoed as PEM strings for remote storage. The main input source at present is also PEM for both private and public keys, or X.509 certificates for public keys.

2. References

3. Component Requirements, Constraints, and Acceptance Criteria

  • This component will utilise ext/openssl is available
  • This component will support dual path encryption/decryption
  • This component will support generating signed data signatures
  • This component will generate key pairs for any bit-length > 384 bits
  • This component will import PEM formatted keys and certificates
  • This component *will not currently" import DER or PKCS#12 formats
  • This component will not currently generate keys with less than 384 bits
  • This component will not currently operate in the absence of ext/openssl

4. Dependencies on Other Framework Components

  • Zend_Exception
  • ext/openssl

5. Theory of Operation

The component operates in a simple manner. The Zend_Crypt_Rsa object is instantiated usually by passing the PEM representation string of a private key, from which both the private key itself, and the respective public key, are in turn instantiated as separate objects of type Zend_Crypt_Key. Alternatively passing in a PEM formatted X.509 certificate will instantiate the object only with a public key available. Key objects share a common interface, and can be echoed directly back into the PEM format.

Once instantiated the object is capable of performing a wide range of common RSA operations including signing data, key generation, encryption and decryption. Both encryption and decryption operations require users to explicitly pass the key to use for both processes, to facilitate either public key, or private key, based encryption, for instance where the original object was instantiated from a X.509 certificate and a private key will be passed in later.

6. Milestones / Tasks

  • Milestone 1: [DONE] Assemble use cases and design comments based on draft source code
  • Milestone 2: [DONE] Assemble a unit test suite
  • Milestone 3: [UNDERWAY/PENDING COMMENT] Complete initial development
  • Milestone 4: Verify unit test coverage
  • Milestone 5: Write documentation

7. Class Index

  • Zend_Crypt_Rsa
  • Zend_Crypt_Rsa_Exception
  • Zend_Crypt_Rsa_Key
  • Zend_Crypt_Rsa_Key_Private
  • Zend_Crypt_Rsa_Key_Public

This is a preliminary class listing. Pending public and Zend review, the list may expand as necessary.

8. Use Cases


Simple key generation.


Data signing for secure message exchanges.


Verifying received data using the signature also sent with message.


Public key encryption for public messaging of secure data.


Decrypting UC-04 result.


All keys can be queried for their PEM string forms, their respective OpenSSL Key resources, and bit length.


Public keys can be retrieved from X.509 certs


Keys pairs can be generated to, or accessed from, PEM formats which are encrypted with a passphrase.

9. Class Skeletons

Source code and Unit Tests for this component are available from subversion (supports online viewing):


Enter labels to add to this page:
Please wait 
Looking for a label? Just start typing.