Page 1 of 2
PHP version of PGP
Posted: Sat Feb 23, 2008 2:43 pm
by Benjamin
Not sure where to start on this one. I need to be able to encrypt documents using a private key. I'll then have a public key that can be used to decrypt the documents. The key here is to prevent counterfit documents by ensuring that they cannot be created by anyone else. I think PGP would work if I could port it to PHP.
Any ideas?
EDIT: Actually, this needs to work opposite of how PGP does. The public key should decrypt the data, but only the private key can encrypt it.
Re: PHP version of PGP
Posted: Sat Feb 23, 2008 3:22 pm
by Christopher
Sounds like you just switched the names of public and private.
Re: PHP version of PGP
Posted: Sat Feb 23, 2008 4:26 pm
by Benjamin
arborint wrote:Sounds like you just switched the names of public and private.
Hmm. I've done some research on it and it appears that:
1. If I sign a document with the public key I can validate it with the private key
2. If I sign a document with the private key I can validate it with the public key
3. If I try to use either the public key or private key to do both it will fail.
Test results:
Code: Select all
Testing with public key to sign, private key to validate:
The message is :
---------------------------------
RSA Digital signature test
---------------------------------
The signature is :
---------------------------------
7229721229067290251 39422410006967416232 61702478139498921333 19084928962517019979 96829042556179067327 7929418313917749471 5395961362261151347 27476609472345540438 23105097826338184029 82239027089509550893 53213794212468346396
---------------------------------
The signature is valid.
Testing with private key to sign, public key to validate:
The message is :
---------------------------------
RSA Digital signature test
---------------------------------
The signature is :
---------------------------------
84447665457550433083 24671787816631054093 45125401476413070000 94975284771385425264 92671246159509566072 69211511224966929891 4313812595380639347 49493634444057628830 35786035716238602516 87572562074861205930 16757414034705571735
---------------------------------
The signature is valid.
Testing with public key to sign and validate:
The message is :
---------------------------------
RSA Digital signature test
---------------------------------
The signature is :
---------------------------------
7229721229067290251 39422410006967416232 61702478139498921333 19084928962517019979 96829042556179067327 7929418313917749471 5395961362261151347 27476609472345540438 23105097826338184029 82239027089509550893 53213794212468346396
---------------------------------
The signature is NOT valid.
The message is :
---------------------------------
RSA Digital signature test
---------------------------------
The signature is :
---------------------------------
84447665457550433083 24671787816631054093 45125401476413070000 94975284771385425264 92671246159509566072 69211511224966929891 4313812595380639347 49493634444057628830 35786035716238602516 87572562074861205930 16757414034705571735
---------------------------------
The signature is NOT valid.
So I am assuming it should be nearly impossible to forge a document without the private key?
I'm wondering where to get very large prime numbers. I saw some on primenumbers.org which seem to go up to about 10 digits in length. Are these big enough?
Re: PHP version of PGP
Posted: Sat Feb 23, 2008 5:46 pm
by Chris Corbyn
You may come out with more search results using "GPG" rather than "PGP" (GNU's version of it).
http://devzone.zend.com/node/view/id/1265
Re: PHP version of PGP
Posted: Sat Feb 23, 2008 5:49 pm
by Chris Corbyn
Re: PHP version of PGP
Posted: Sat Feb 23, 2008 5:53 pm
by Benjamin
Thank's Chris. I'm looking for a prime number generator now. If I understand correctly, the primes should be over 100 digits.
Re: PHP version of PGP
Posted: Sun Feb 24, 2008 1:00 pm
by Ambush Commander
Erm... why not just use a pre-written software to generate keys for you? Building a crypto-system by yourself is like building a rocket--probably going to explode.
Re: PHP version of PGP
Posted: Sun Feb 24, 2008 1:13 pm
by Benjamin
The RSA class I found requires (large - 100 digit+) primes to generate the public key, private key and modulo.
Re: PHP version of PGP
Posted: Sun Feb 24, 2008 1:21 pm
by Ambush Commander
Usually the primes will be generated using some source of randomness. If you download, say, puttygen and generate an RSA key, it'll ask you to move your mouse around. If you need just one key, hand-generate it. If you need to automate key generation (which you shouldn't need), you'll need a good, secure source of randomness (which is easier said than done!)
Re: PHP version of PGP
Posted: Sun Feb 24, 2008 2:28 pm
by Benjamin
I don't fully understand the whole random routine. What's random? You can't just generate a random number and have it be a prime. You can randomly pick a starting point to search from. Or you can generate primes, randomly stop and use the last prime generated. How is that different than me randomly picking two 100 + digit prime numbers?
Re: PHP version of PGP
Posted: Sun Feb 24, 2008 2:31 pm
by Ambush Commander
You generate random numbers of the appropriate size, and then apply
primality tests to weed out the non-prime ones. Listing out primes would take too long!
Be warned, there are some more practical considerations (which I am not qualified to elaborate on) when generating primes.
Re: PHP version of PGP
Posted: Sun Feb 24, 2008 2:37 pm
by Benjamin
Do you know if there is a way to generate keys using PGP and convert them into integers? This class expects integers for the public, private and modulo.
Re: PHP version of PGP
Posted: Sun Feb 24, 2008 2:42 pm
by Ambush Commander
What class are you using?
Re: PHP version of PGP
Posted: Sun Feb 24, 2008 3:09 pm
by Benjamin
Re: PHP version of PGP
Posted: Sun Feb 24, 2008 4:43 pm
by Ambush Commander
Meh... (Can't be bothered to digout his login for PHP classes)