5

I need to encrypt a string using RSA, PKCS1, a private key and PHP. I could not find even a terminal command which can be used with exec(). Does anyone knows how to do it?

Thanks!

Udinesio
  • 61
  • 1
  • 1
  • 3

3 Answers3

5

Try phpseclib, a pure PHP RSA implementation:

<?php
include('Crypt/RSA.php');

$rsa = new Crypt_RSA();
//extract($rsa->createKey());

$plaintext = 'terrafrost';

$rsa->loadKey($privatekey);
$rsa->setEncryptionMode(CRYPT_RSA_ENCRYPTION_PKCS1);
$ciphertext = $rsa->encrypt($plaintext);

echo $plaintext;
?>

Security warning: If you're going to use phpseclib, make sure you follow the best practices for RSA encryption. See also this answer for more details and an alternative approach.

Scott Arciszewski
  • 33,610
  • 16
  • 89
  • 206
4

If you have the php_openssl extension enabled you can do this without using the command line other than to create the keys. And you could even create the keys with php also if you wanted.

Generate your keys

These are the shell commands to generate the keys. You can run these in Linux, Mac, Cygwin, or even your Windows Git BASH.

Generate a 512 bit rsa private key. This will ask you for a password. You need to store this safely.

openssl genrsa -des3 -out private.pem 512

Generate the public key based on the private key. You are free to store this in an insecure manner.

openssl rsa -in private.pem -pubout -out public.pem

Use PHP to encrypt/decrypt data with your keys

Note that I've included encrypting and decrypting with public and private keys. You only want to choose one of these to implement, for example encrypt with private and decrypt with public.

<?php
$privateKeyPassphrase = "mypassword";
$sensitiveData = "This is the data that we want to encrypt.";

/*
// Load the keys from a file (as you would most likely do in a production environment)
$priv_key_file_name = realpath("private.pem");
$publ_key_file_name = realpath("public.pem");

// Note: This function needs an array of parameters!
$privateKey = openssl_pkey_get_private(array("file://$priv_key_file_name", $privateKeyPassphrase));
$publicKey = openssl_pkey_get_public(array("file://$publ_key_file_name", $privateKeyPassphrase));
*/

// Get keys from a string so that this example can be run without the need for extra files
$privateKeyString = <<<PK
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,D21679087FE8490E

hXTtfXC4qYNoE9hySVwPD+Mwhb7RiCae589Z952Z+ucz9i8j+1MO4Sx2nOMCH5Eg
uotMSr3FipJ/Bqbh66AqqYK3PG7NFYA41f/7xrTA6gwq6MDjmAy6z8TW+NE3OCpF
n+9zPzT15wcNm4U4ZRpEO+Fi8cYTLu0LlX+k8Djrd+CuS6wX4p8SgpAplDrnAiAH
z3sJtf2+M67yTNT7v/hIJmkebCwES43pTlNrxluJpD7HBl4BGmFWFI+MJ/gPuFn6
etQjDpzgep0Wn4FKi34IkDQ9kM4/9tWy0Fhf8ytdg0NZshMt/PWRPrNrs+2qLoJu
1rHc0rtKVvALQOKU+SbxaYVBlEzelxB0XJ2uQMSIs46vHZiUG3Q2JBmlxRshHQse
8n9CAYmwm++cPmXq06rVMclCJR0pDlOzGQvIgmo4eiY=
-----END RSA PRIVATE KEY-----
PK;

$publicKeyString = <<<PK
-----BEGIN PUBLIC KEY-----
MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKcNEHgry/zIFpKdKz2E/ksoDkBn00K7
v2CxB2kHMWjAxgaFPCYs/8gHclSkcJYARKqvU/0Gsc0mrrPtCs5CytcCAwEAAQ==
-----END PUBLIC KEY-----
PK;

// Load private key
$privateKey = openssl_pkey_get_private(array($privateKeyString, $privateKeyPassphrase));

// Load public key
$publicKey = openssl_pkey_get_public(array($publicKeyString, $privateKeyPassphrase));

if (!$privateKey) {
    echo "Private key NOT OK\n";
}

if (!$publicKey) {
    echo "Public key NOT OK\n";
}

if (!openssl_private_encrypt($sensitiveData, $encryptedWithPrivate, $privateKey)) {
    echo "Error encrypting with private key\n";
}

if (!openssl_public_encrypt($sensitiveData, $encryptedWithPublic, $publicKey)) {
    echo "Error encrypting with public key\n";
}

if (!openssl_private_decrypt($encryptedWithPublic, $decryptedWithPrivateFromPublic, $privateKey)) {
    echo "Error decrypting with private key what was encrypted with public key\n";
}

if (!openssl_public_decrypt($encryptedWithPrivate, $decryptedWithPublicFromPrivate, $publicKey)) {
    echo "Error decrypting with public key what was encrypted with private key\n";
}

echo "Encrypted with public key: " . base64_encode($encryptedWithPublic) . "\n"; // This is different every time
echo "Encrypted with private key: " . base64_encode($encryptedWithPrivate) . "\n";
echo "Decrypted with private key what was encrypted with public key: " . $decryptedWithPrivateFromPublic . "\n";
echo "Decrypted with public key what was encrypted with private key: " . $decryptedWithPublicFromPrivate . "\n";
Community
  • 1
  • 1
Julian
  • 8,808
  • 8
  • 51
  • 90
  • Forgot to mention that in a real life situation you would use a 1024/2048/4096 bit key. I used a 512 bit here so that the code wouldn't be that long. – Julian Feb 18 '12 at 01:23
3
openssl aes-256-cbc -a -salt -in inputfile.txt -out encryptedfile.txt -pass pass:thepassword
openssl aes-256-cbc -d -a -in encryptedfile.txt -out decryptedfile.txt

Can exec these, and should be able to change the cipher as needed.

profitphp
  • 8,104
  • 2
  • 28
  • 21
  • 3
    For the record: Any user on the server can parse the command line of running programs, supplying passwords via command line for anything but local testing with dummy data is a BAD idea. – Creshal Apr 02 '12 at 09:50