Output of openssl_public_encrypt() and openssl_private_encrypt()

Question

I would like to know few things

• What is output of openssl_public_encrypt() and openssl_private_encrypt() functions?
• Output of above functions (Encrypted data), will that be web-safe?
• How can I transfer generated encrypted data between websites?

Answer 1

openssl_public_encrypt() encrypts a message with a public key so that only the corresponding private key can decrypt it. This is used for protecting information against being seen by people who shouldn't.

openssl_private_encrypt() encrypts a message with a private key so that it can be decrypted by anyone who has the corresponding public key. This is not used for protecting information against unwanted eyes, it's used for making digital signatures to help verify that the data hasn't been modified. You generally shouldn't use this function; use openssl_sign() and openssl_verify() instead.

Encryption and signing are typically used together: you take your data, sign it (using openssl_sign()) with your own private key, and then encrypt it (using openssl_public_encrypt()) with the recipient's public key. Send both the signature and the encrypted message to the recipient, and the recipient can decrypt the message (using openssl_private_decrypt()) with his private key, and verify the signature (using openssl_verify()) with your public key. This ensures that no one can read or tamper with the message while it's in transit, which is probably what you mean by "web-safe".

As for transferring data between websites, you can do that in any way you want. HTTP, FTP, email, API calls, whatever. The whole point of encryption and signing is that you don't have to use any special means to transfer the message securely.