PHP version of PGP

Not for 'how-to' coding questions but PHP theory instead, this forum is here for those of us who wish to learn about design aspects of programming with PHP.

Moderator: General Moderators

User avatar
Benjamin
Site Administrator
Posts: 6935
Joined: Sun May 19, 2002 10:24 pm

PHP version of PGP

Post by Benjamin »

Not sure where to start on this one. I need to be able to encrypt documents using a private key. I'll then have a public key that can be used to decrypt the documents. The key here is to prevent counterfit documents by ensuring that they cannot be created by anyone else. I think PGP would work if I could port it to PHP.

Any ideas?

EDIT: Actually, this needs to work opposite of how PGP does. The public key should decrypt the data, but only the private key can encrypt it.
User avatar
Christopher
Site Administrator
Posts: 13596
Joined: Wed Aug 25, 2004 7:54 pm
Location: New York, NY, US

Re: PHP version of PGP

Post by Christopher »

Sounds like you just switched the names of public and private.
(#10850)
User avatar
Benjamin
Site Administrator
Posts: 6935
Joined: Sun May 19, 2002 10:24 pm

Re: PHP version of PGP

Post by Benjamin »

arborint wrote:Sounds like you just switched the names of public and private.
Hmm. I've done some research on it and it appears that:

1. If I sign a document with the public key I can validate it with the private key
2. If I sign a document with the private key I can validate it with the public key
3. If I try to use either the public key or private key to do both it will fail.

Test results:

Code: Select all

 
Testing with public key to sign, private key to validate:
The message is :
---------------------------------
RSA Digital signature test
---------------------------------
The signature is :
---------------------------------
7229721229067290251 39422410006967416232 61702478139498921333 19084928962517019979 96829042556179067327 7929418313917749471 5395961362261151347 27476609472345540438 23105097826338184029 82239027089509550893 53213794212468346396
---------------------------------
The signature is valid.
Testing with private key to sign, public key to validate:
The message is :
---------------------------------
RSA Digital signature test
---------------------------------
The signature is :
---------------------------------
84447665457550433083 24671787816631054093 45125401476413070000 94975284771385425264 92671246159509566072 69211511224966929891 4313812595380639347 49493634444057628830 35786035716238602516 87572562074861205930 16757414034705571735
---------------------------------
The signature is valid.
Testing with public key to sign and validate:
The message is :
---------------------------------
RSA Digital signature test
---------------------------------
The signature is :
---------------------------------
7229721229067290251 39422410006967416232 61702478139498921333 19084928962517019979 96829042556179067327 7929418313917749471 5395961362261151347 27476609472345540438 23105097826338184029 82239027089509550893 53213794212468346396
---------------------------------
The signature is NOT valid.
The message is :
---------------------------------
RSA Digital signature test
---------------------------------
The signature is :
---------------------------------
84447665457550433083 24671787816631054093 45125401476413070000 94975284771385425264 92671246159509566072 69211511224966929891 4313812595380639347 49493634444057628830 35786035716238602516 87572562074861205930 16757414034705571735
---------------------------------
The signature is NOT valid.
 
So I am assuming it should be nearly impossible to forge a document without the private key?

I'm wondering where to get very large prime numbers. I saw some on primenumbers.org which seem to go up to about 10 digits in length. Are these big enough?
User avatar
Chris Corbyn
Breakbeat Nuttzer
Posts: 13098
Joined: Wed Mar 24, 2004 7:57 am
Location: Melbourne, Australia

Re: PHP version of PGP

Post by Chris Corbyn »

You may come out with more search results using "GPG" rather than "PGP" (GNU's version of it).

http://devzone.zend.com/node/view/id/1265
User avatar
Chris Corbyn
Breakbeat Nuttzer
Posts: 13098
Joined: Wed Mar 24, 2004 7:57 am
Location: Melbourne, Australia

Re: PHP version of PGP

Post by Chris Corbyn »

User avatar
Benjamin
Site Administrator
Posts: 6935
Joined: Sun May 19, 2002 10:24 pm

Re: PHP version of PGP

Post by Benjamin »

Thank's Chris. I'm looking for a prime number generator now. If I understand correctly, the primes should be over 100 digits.
User avatar
Ambush Commander
DevNet Master
Posts: 3698
Joined: Mon Oct 25, 2004 9:29 pm
Location: New Jersey, US

Re: PHP version of PGP

Post by Ambush Commander »

Erm... why not just use a pre-written software to generate keys for you? Building a crypto-system by yourself is like building a rocket--probably going to explode.
User avatar
Benjamin
Site Administrator
Posts: 6935
Joined: Sun May 19, 2002 10:24 pm

Re: PHP version of PGP

Post by Benjamin »

The RSA class I found requires (large - 100 digit+) primes to generate the public key, private key and modulo.
User avatar
Ambush Commander
DevNet Master
Posts: 3698
Joined: Mon Oct 25, 2004 9:29 pm
Location: New Jersey, US

Re: PHP version of PGP

Post by Ambush Commander »

Usually the primes will be generated using some source of randomness. If you download, say, puttygen and generate an RSA key, it'll ask you to move your mouse around. If you need just one key, hand-generate it. If you need to automate key generation (which you shouldn't need), you'll need a good, secure source of randomness (which is easier said than done!)
User avatar
Benjamin
Site Administrator
Posts: 6935
Joined: Sun May 19, 2002 10:24 pm

Re: PHP version of PGP

Post by Benjamin »

I don't fully understand the whole random routine. What's random? You can't just generate a random number and have it be a prime. You can randomly pick a starting point to search from. Or you can generate primes, randomly stop and use the last prime generated. How is that different than me randomly picking two 100 + digit prime numbers?
User avatar
Ambush Commander
DevNet Master
Posts: 3698
Joined: Mon Oct 25, 2004 9:29 pm
Location: New Jersey, US

Re: PHP version of PGP

Post by Ambush Commander »

You generate random numbers of the appropriate size, and then apply primality tests to weed out the non-prime ones. Listing out primes would take too long! :-)

Be warned, there are some more practical considerations (which I am not qualified to elaborate on) when generating primes.
User avatar
Benjamin
Site Administrator
Posts: 6935
Joined: Sun May 19, 2002 10:24 pm

Re: PHP version of PGP

Post by Benjamin »

Do you know if there is a way to generate keys using PGP and convert them into integers? This class expects integers for the public, private and modulo.
User avatar
Ambush Commander
DevNet Master
Posts: 3698
Joined: Mon Oct 25, 2004 9:29 pm
Location: New Jersey, US

Re: PHP version of PGP

Post by Ambush Commander »

What class are you using?
User avatar
Benjamin
Site Administrator
Posts: 6935
Joined: Sun May 19, 2002 10:24 pm

Re: PHP version of PGP

Post by Benjamin »

User avatar
Ambush Commander
DevNet Master
Posts: 3698
Joined: Mon Oct 25, 2004 9:29 pm
Location: New Jersey, US

Re: PHP version of PGP

Post by Ambush Commander »

Meh... (Can't be bothered to digout his login for PHP classes)
Post Reply