PHP version of PGP
Moderator: General Moderators
PHP version of PGP
Not sure where to start on this one. I need to be able to encrypt documents using a private key. I'll then have a public key that can be used to decrypt the documents. The key here is to prevent counterfit documents by ensuring that they cannot be created by anyone else. I think PGP would work if I could port it to PHP.
Any ideas?
EDIT: Actually, this needs to work opposite of how PGP does. The public key should decrypt the data, but only the private key can encrypt it.
Any ideas?
EDIT: Actually, this needs to work opposite of how PGP does. The public key should decrypt the data, but only the private key can encrypt it.
- Christopher
- Site Administrator
- Posts: 13596
- Joined: Wed Aug 25, 2004 7:54 pm
- Location: New York, NY, US
Re: PHP version of PGP
Hmm. I've done some research on it and it appears that:arborint wrote:Sounds like you just switched the names of public and private.
1. If I sign a document with the public key I can validate it with the private key
2. If I sign a document with the private key I can validate it with the public key
3. If I try to use either the public key or private key to do both it will fail.
Test results:
Code: Select all
Testing with public key to sign, private key to validate:
The message is :
---------------------------------
RSA Digital signature test
---------------------------------
The signature is :
---------------------------------
7229721229067290251 39422410006967416232 61702478139498921333 19084928962517019979 96829042556179067327 7929418313917749471 5395961362261151347 27476609472345540438 23105097826338184029 82239027089509550893 53213794212468346396
---------------------------------
The signature is valid.
Testing with private key to sign, public key to validate:
The message is :
---------------------------------
RSA Digital signature test
---------------------------------
The signature is :
---------------------------------
84447665457550433083 24671787816631054093 45125401476413070000 94975284771385425264 92671246159509566072 69211511224966929891 4313812595380639347 49493634444057628830 35786035716238602516 87572562074861205930 16757414034705571735
---------------------------------
The signature is valid.
Testing with public key to sign and validate:
The message is :
---------------------------------
RSA Digital signature test
---------------------------------
The signature is :
---------------------------------
7229721229067290251 39422410006967416232 61702478139498921333 19084928962517019979 96829042556179067327 7929418313917749471 5395961362261151347 27476609472345540438 23105097826338184029 82239027089509550893 53213794212468346396
---------------------------------
The signature is NOT valid.
The message is :
---------------------------------
RSA Digital signature test
---------------------------------
The signature is :
---------------------------------
84447665457550433083 24671787816631054093 45125401476413070000 94975284771385425264 92671246159509566072 69211511224966929891 4313812595380639347 49493634444057628830 35786035716238602516 87572562074861205930 16757414034705571735
---------------------------------
The signature is NOT valid.
I'm wondering where to get very large prime numbers. I saw some on primenumbers.org which seem to go up to about 10 digits in length. Are these big enough?
- Chris Corbyn
- Breakbeat Nuttzer
- Posts: 13098
- Joined: Wed Mar 24, 2004 7:57 am
- Location: Melbourne, Australia
Re: PHP version of PGP
You may come out with more search results using "GPG" rather than "PGP" (GNU's version of it).
http://devzone.zend.com/node/view/id/1265
http://devzone.zend.com/node/view/id/1265
- Chris Corbyn
- Breakbeat Nuttzer
- Posts: 13098
- Joined: Wed Mar 24, 2004 7:57 am
- Location: Melbourne, Australia
Re: PHP version of PGP
Other shared key implementations:
RSA:
http://www.thescripts.com/forum/thread2378.html
http://pear.php.net/package/Crypt_RSA/d ... A_php.html
GPGP: (actual PHP extension)
http://au2.php.net/manual/en/function.gnupg-sign.php
RSA:
http://www.thescripts.com/forum/thread2378.html
http://pear.php.net/package/Crypt_RSA/d ... A_php.html
GPGP: (actual PHP extension)
http://au2.php.net/manual/en/function.gnupg-sign.php
Re: PHP version of PGP
Thank's Chris. I'm looking for a prime number generator now. If I understand correctly, the primes should be over 100 digits.
- Ambush Commander
- DevNet Master
- Posts: 3698
- Joined: Mon Oct 25, 2004 9:29 pm
- Location: New Jersey, US
Re: PHP version of PGP
Erm... why not just use a pre-written software to generate keys for you? Building a crypto-system by yourself is like building a rocket--probably going to explode.
Re: PHP version of PGP
The RSA class I found requires (large - 100 digit+) primes to generate the public key, private key and modulo.
- Ambush Commander
- DevNet Master
- Posts: 3698
- Joined: Mon Oct 25, 2004 9:29 pm
- Location: New Jersey, US
Re: PHP version of PGP
Usually the primes will be generated using some source of randomness. If you download, say, puttygen and generate an RSA key, it'll ask you to move your mouse around. If you need just one key, hand-generate it. If you need to automate key generation (which you shouldn't need), you'll need a good, secure source of randomness (which is easier said than done!)
Re: PHP version of PGP
I don't fully understand the whole random routine. What's random? You can't just generate a random number and have it be a prime. You can randomly pick a starting point to search from. Or you can generate primes, randomly stop and use the last prime generated. How is that different than me randomly picking two 100 + digit prime numbers?
- Ambush Commander
- DevNet Master
- Posts: 3698
- Joined: Mon Oct 25, 2004 9:29 pm
- Location: New Jersey, US
Re: PHP version of PGP
You generate random numbers of the appropriate size, and then apply primality tests to weed out the non-prime ones. Listing out primes would take too long! 
Be warned, there are some more practical considerations (which I am not qualified to elaborate on) when generating primes.
Be warned, there are some more practical considerations (which I am not qualified to elaborate on) when generating primes.
Re: PHP version of PGP
Do you know if there is a way to generate keys using PGP and convert them into integers? This class expects integers for the public, private and modulo.
- Ambush Commander
- DevNet Master
- Posts: 3698
- Joined: Mon Oct 25, 2004 9:29 pm
- Location: New Jersey, US
Re: PHP version of PGP
What class are you using?
- Ambush Commander
- DevNet Master
- Posts: 3698
- Joined: Mon Oct 25, 2004 9:29 pm
- Location: New Jersey, US
Re: PHP version of PGP
Meh... (Can't be bothered to digout his login for PHP classes)