Javascript PHP RSA

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
scatty1985
Forum Newbie
Posts: 24
Joined: Fri Dec 18, 2009 8:57 am

Javascript PHP RSA

Post by scatty1985 »

I've been playing about with javascript and php and wanted to try something out. I found this javascript app http://ohdave.com/rsa/ which can encrypt a string using an RSA exponents.

I want to generate a key in PHP perhaps using something like openSSL, send the public key to Java to encrypt the string and then decrypt it in PHP for the server to use.

The problem I have is that openSSL generates a private and public key, and the javascript app needs the individual exponents (n,e) to encrypt the data.

My understanding of the maths behind RSA is limited but I wondered if there is a way to compute the individual exponents from the openSSL keys? I'm thinking the answer is going to be no, or yes but it will take 1 million years.

Thanks
User avatar
kaisellgren
DevNet Resident
Posts: 1675
Joined: Sat Jan 07, 2006 5:52 am
Location: Lahti, Finland.

Re: Javascript PHP RSA

Post by kaisellgren »

What's wrong with the JS RSA you mentioned?
scatty1985
Forum Newbie
Posts: 24
Joined: Fri Dec 18, 2009 8:57 am

Re: Javascript PHP RSA

Post by scatty1985 »

To work the javascript uses this function which takes $key which is made up of 3 hex strings, 0 being the e exponent, 1 being the d exponent and 2 being the n exponent (modulus).

Code: Select all

$key = new RSAKeyPair(
 "c84dd5b9fdfbdc0818473391980de1b",
 "450d061a9d53336bfbb24681d43c453",
 "d91acc3da8dccfc7f728bc9c9588faf"
);
 
$c = encryptedString($key,"hello");
Where as openSSL produces a key like this:

Code: Select all

------ PUBLIC RSA KEY START ------- 24jhdf2iuhdf29323dy23d2837dy23dy2837dy382 ------ PUBLIC RSA KEY END -------
I dont know how to convert the openSSL key e, d and n which is what the javascrip needs to work. Does that make sense? I did find a PHP class which can make a key which is made of e, d and n but it needs a prime number generator as the key gen function requries 2 primes to work.
User avatar
kaisellgren
DevNet Resident
Posts: 1675
Joined: Sat Jan 07, 2006 5:52 am
Location: Lahti, Finland.

Re: Javascript PHP RSA

Post by kaisellgren »

Well at first I would think that the public key is n + e and the private key is the exponent d. I don't have OpenSSL on my laptop and time to test out, but I think you should ask somewhere on JavaScript forums, not PHP...

Are you doing this to encrypt traffic on your site (or for the sites powered by your software)? You should definitely buy an SSL certificate. JavaScript won't encrypt anything, but your body and there's plenty of things you need to do to before you gain some strength with this (like preventing the steal of the session identifier).

Register.com offers a certificate for $24/year: http://www.register.com/product/securit ... ntial.rcmx

That was a *hint*.
scatty1985
Forum Newbie
Posts: 24
Joined: Fri Dec 18, 2009 8:57 am

Re: Javascript PHP RSA

Post by scatty1985 »

Haha I'll look into it. This is not for any kind of project which requires secure connections I am just playing about in order to learn a few things. The more I've thought about it the more I realise that to have proper security and prevent evesdropping the only thing you can do is use SSL.

I need to start working on a website for a friend who wants to sell imported books but I think I'm going to rely on PayPal rather than set up secure payment processing and stuff like that!
Post Reply