Public/private key based encryption is very popular because of the strength it sets in encryption, specially above 1024 bits. Now there are external library to encrypt data using RSA encryption like RSA in phpclasses.org – the fun is we were also using this library in one of our ZF based project. But last week I’ve found that there is a hidden gem in the Library/Zend/Crypt folder (Zend_Crypt_Rsa) which can do the same thing using openssl library. The bad thing is that there is no official documentation on how to use this library π¦ Thats why I’ve decided to write a blog post to show you how to use Zend_Crypt_Rsa and encrypt your data with your public/private key and decrypt to get it back in original form.
Step 1: Create your RSA public/private key using ssh-keygen
cd /path/to/keyfolder/ ssh-keygen -t RSA
When it will ask for the path of the key file, input “./id_rsa” . It will then prompt for passphrase which actually works like a password and you cant retrieve your data if you forget this. So input something like “MySecretWord” – This will output something like this
ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/Users/hasinhayder/.ssh/id_rsa): ./id_rsa Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in ./id_rsa. Your public key has been saved in ./id_rsa.pub. The key fingerprint is: c8:dc:cd:a8:90:98:67:42:65:45:20:f8:58:39:74:66 hasinhayder@hasin-hayders-macbook-pro.local The key's randomart image is: +--[ RSA 2048]----+ | oo.E+o | |. +B | | +.. | |...o + o + | | + = + S o | | + . . | | . | | | | | +-----------------+
After a while you will see that there are two files in the same directory named “id_rsa” and “id_rsa.pub”. First one is your private key and the second one is the public key.
Step 2: Encrypt data using your public key
As we have our RSA public and private keys in our hand, its time to start playing with these. We will now encrypt our data with our public key. In that way you can only decrypt it with your private key. I hope it is clear now that why we should encrypt using public key only? If now, let me clarify it a bit more. Your public key is “public” to the world. Now if you encrypt your data with your private key, anyone will be able to decrypt it with your public key – so that’s plain meaningless π
public function encAction(){ $this->_helper->viewRenderer->setNoRender(); $this->_helper->layout->disableLayout(); $zrsa =new Zend_Crypt_Rsa(array("passPhrase"=>"MySecretWord","pemPath"=>"/path/to/your/keyfolder/id_rsa")); //thats the path to the private key file $string = "Yeah, this is my SECRET MESSAGE"; $enc = $zrsa->encrypt($string, $zrsa->getPublicKey(),Zend_Crypt_Rsa::BASE64); echo "Secret Message: {$enc}"; }
In the code above, we are generating output in BASE64 format, because that is readable to everyone π – after you execute this action in your browser, you can see something like the following (it will differ based on your key)
jYMRM4jQedQgCdN7T9y6gNfLYZ49F+cSMz2tgLPsflQOE2XhVg98yvoQ/ PvUtBYGceEubYLuhYufgQE6VZpsOvvGcXt6WWE97HDGisQXXHhvnvQBzb QQyF0WphCGH/0y2JviVb5zcQGhFIQ6oazztHonIxtdF4Fgaa0 M++jCymMSSI8vfOMUoL8s00fxVcqvJ7EVbYrFvUUMCH77HtBAYMziQotS YddiMzb5AqEl8cN0N5Aao7dpOSzzumyuiRRoAA0NGtXnSlqQr5hAfdQ0V vUKkqQHfd64Cfs+T8U9FmPTZUi7XE8jGgYFD0k4H9CJHl1EoVRNsqr3kt 4CNntQ==
Thats your encrypted string in base64 format. Plain gibberish, eh? π
Now its time to decrypt the ciphered text π
Step 3: Decrypt the cipher
Well, now we have our encrypted string. Lets decrypt it
$dec = $zrsa->decrypt($enc, $zrsa->getPrivateKey(),Zend_Crypt_Rsa::BASE64); echo $dec;
Now it will output the original message “Yeah, this is my SECRET MESSAGE” π
So here is everything together π
public function encAction(){ $this->_helper->viewRenderer->setNoRender(); $this->_helper->layout->disableLayout(); $zrsa =new Zend_Crypt_Rsa(array("passPhrase"=>"MySecretWord","pemPath"=>"/path/to/your/keyfolder/id_rsa")); //thats the path to the private key file $string = "Yeah, this is my SECRET MESSAGE"; $enc = $zrsa->encrypt($string, $zrsa->getPublicKey(),Zend_Crypt_Rsa::BASE64); echo "Secret Message: {$enc}"; echo "<hr/>"; $dec = $zrsa->decrypt($enc, $zrsa->getPrivateKey(),Zend_Crypt_Rsa::BASE64); echo $dec; }
Hope you’ve enjoyed this article. I just wish that the documentation team of Zend Framework would have added this in the manual of Zend Framework for the rest of us π
Shameless Note π : By the way, if you are looking for a beautiful Admin Panel Theme for your PHP based projects/web-applications, you may want to check out Chameleon Circuit, which is developed by our Themio Team π
this is a great post as there is no such official docs for Zend_Crypt_Rsa except api docs. Keep going!
Thank you. Yeah its a bit frustrating that even official documentation doesn’t have a single line on this π¦
Great tips! Thanks Hasin bhai for this post.
Great tips !
But i have some problem encrypting a json data i have just an empty secret message result. Is there any limit for RSA encrypt ?
Thank you
I think phpseclib’s Crypt_RSA is a ton better. It’s also replaced PEAR’s Crypt_RSA.. I think Zend needs to get with the times!