php Asymmetric cryptography
by Anish
Posted on Wednesday December 12 , 2018
Asymmetric cryptography is a branch of cryptography where a secret key can be divided into two parts, a public key and a private key. The public key can be given to anyone, trusted or not, while the private key must be kept secret (just like the key in symmetric cryptography).
Encryption with asymmetric cryptography works in a slightly different way from symmetric encryption. Someone with the public key is able to encrypt a message, providing confidentiality, and then only the person in possession of the private key is able to decrypt it.
Some Key Algorithms for Asymmetric cryptography
- Elliptic curve cryptography
- RSA
- Diffie-Hellman key exchange
- DSA
The length of the cryptographic key is perhaps the most important security parameter that can be set at the discretion of the security professional
As of 2016, the NSA's Commercial National Security Algorithm Suite includes
| Cryptosystem | Usage |
|---|---|
| RSA 3072-bit or larger | Key Establishment, Digital Signature |
| Diffie-Hellman (DH) 3072-bit or larger | Key Establishment |
| ECDH with NIST P-384 | Key Establishment |
| ECDSA with NIST P-384 | Digital Signature |
| SHA-384 | Integrity |
| AES-256 | Confidentiality |
For More information around key length requirement visit keylength.com
Generating Asymmetric Key Pair
openssl_pkey_new: Generates a new private key and public key pair.
- Supported PHP Versions (PHP 4 >= 4.2.0, PHP5, PHP 7)
The Syntax
openssl_pkey_new ([ array $configargs ] )
- configargs: By default, the information in your system openssl.conf is used to initialize the request.
// Configuration for 4096 RSA key Pair with Digest Algo 512
$config = array(
"digest_alg" => "sha512",
"private_key_bits" => 1024,
"private_key_type" => OPENSSL_KEYTYPE_RSA,
);
private_key_type can be
- OPENSSL_KEYTYPE_RSA
- OPENSSL_KEYTYPE_DSA
- OPENSSL_KEYTYPE_DH
- OPENSSL_KEYTYPE_EC
Examples
Generate RSA Key Pair in Encrypted/NonEncrypted Format
<?php
/**
* Created by https://8gwifi.org
* User: Anish Nath
* Date: 2018-12-17 * Time: 10:05 */
// Configuration for 4096 RSA key Pair with Digest Algo 512
$config = array(
"digest_alg" => "sha512",
"private_key_bits" => 2048,
"private_key_type" => OPENSSL_KEYTYPE_RSA,
);
// Create the keypair
$res=openssl_pkey_new($config);
// Get private key
openssl_pkey_export($res, $privkey );
// Get public key
$pubkey=openssl_pkey_get_details($res);
$pubkey=$pubkey["key"];
echo "====PKCS1 RSA Key in Non Encrypted Format ====\n";
var_dump($privkey);
echo "====PKCS1 RSA Key in Encrypted Format====\n ";
// Get private key in Encrypted Format
openssl_pkey_export($res, $privkey,"myverystrongpassword" );
// Get public key
$pubkey=openssl_pkey_get_details($res);
$pubkey=$pubkey["key"];
var_dump($privkey);
echo "RSA Public Key \n ";
var_dump($pubkey);
The above example will output something similar to:
$ /usr/bin/php pkey_new_rsa.php
====PKCS1 RSA Key in Non Encrypted Format ====
string(916) "-----BEGIN PRIVATE KEY-----
MIICeAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGBAN5Grau1PqtgQNt3
SpFkPVlxkMfoZg2Z1/mdgD3cWm6YinCpfdeoiVGqVH+MitBQjFHFhTF467tQuH76
43rJI9CZNaWF+E8iwOhRc8Fh+lGVjFBJ1uYQbT1nQ2dPEGAVgLSuatUYi4bQo2Vi
x04B352+QmTYWjLdVRRlR43xdrNvAgMBAAECgYEA0YYMVYyey4sK+BXF27GCxxpv
IJHoCTAYzzpxVV6ufAwci8CpWC2Na8bEqgsAGweijb5EJHNYupSHpWK4JdkOgOPy
3/wpPL/fE0VveWmLUTpyVz7A4peEms8PX+qggsjFzP7TAZbEJZoSIdWwZGCkleu6
AVDFOothmVOjMfslzYkCQQD/gE9FJDxlXkq7SIi1nwrWKDRBaT7LzUEoDEjWQhHS
ZI/OvP4GBUUIbvtRPoZwjCZfxC3x9bqhppLsVox9//UjAkEA3rXDl0MAq/keXqhf
gHtOSENPv7XBp605TyogvRaA+obFy/ug3uAhD4TT7AW+bQ729JuB/TG8/84pmWlB
iixrRQJAMAjOXmBWnnQgtp8HXKXe4q5CTL3dmXEoO8A7fVSEhzpystpjI3ygItrC
kt6fZc9jc4OtY5zgDn4Dhz0qQpH5YwJBAL0po9zpszte2FXMK3nkweQNEEKkbb0v
G9tKzA3vfFPOf1i3/LbxpgMZbist4cWeDVJMd4eIZKDeCmVciqeC/QUCQQDcxTgQ
5apClv2+gDxa3WNac0uq3ARn964dtiX4T793MXPXXQAdcNEdzoGe7QD9GIioxLpN
v1L22DBC8CVy3oru
-----END PRIVATE KEY-----
"
====PKCS1 RSA Key in Encrypted Format====
string(1041) "-----BEGIN ENCRYPTED PRIVATE KEY-----
MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIG7dKRedVC1wCAggA
MBQGCCqGSIb3DQMHBAhCcAUNBTl43QSCAoBSVs3x46TwKGGYkcMuIpTTl/JewbK3
wpamx/XHmEg//kEC7t36BwdqmuiOqTdhKxIgCADaXyZJilv8oij5kMyJrO2MGS2I
uBoWiNrRGu1VfkJbyTecOZ5lY7h6kjbT+0aB2FxNo8Ru6V0Eixfgf1SYL//Ruj0N
F7AMXyQ2pQzbH/Dj1+boRmFPR1/qp90omLMslq5/QPW+guXj+DyDnpkWR+Su+0vs
rPhDylBkiZjYlsLe4QXoOT3S2zqM+RGnPmYjzYBqPuCTOXG4DuSk/4PqM8fZcoMb
gWrXia2Q9mulMERkCHvG23naLoDgFEANu9/5JvEL0gPZZVHkFhZ8WQwAnj3/LQW/
HdMjj60QYe2LSGDpZcq2kDqjOBRhKHV5utQjlQ+3yXkdd0+WJTlRsUPg/fYO9PPq
RWuPYPmUqjw7z9yJ1IU4FbbsAjb0cyeOHQmeTxcIWQfvyPrMYm7bM8pMq6FH39hs
1YfyCzRJ7HtynYLXs5djdA+BXZS+uCucg/YYHnuTz3XvKZ60fE8audcchdWAXeJm
3lLhhjsg0w9AUrV4DJCNca8sy5CyXqGYBu+UEtwGGV+Hq8iG+mtrhtNEej92kqWl
0qHMFQuW6rqa9bwitdSCnjlF2ZIvDfQoy0L36oRze670NljBQzS1fQjULM1ViOI/
VotfEToYMXb5c1x1DAfw926rBVCFHNp6+h/Mdi5UPV155v1BD7aYt+EtiZaiWTae
werojsw1+PQ0N9/kgh1Dxey8w8agNuGS4OFjn5hClfahfniRY0zl/fI6ZyWUJ653
7UVI3/LD1GzcusOtGPN1fKSx77wW1/9izDr8EMhER30zyri8RJcor0mq
-----END ENCRYPTED PRIVATE KEY-----
"
RSA Public Key
string(272) "-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDeRq2rtT6rYEDbd0qRZD1ZcZDH
6GYNmdf5nYA93FpumIpwqX3XqIlRqlR/jIrQUIxRxYUxeOu7ULh++uN6ySPQmTWl
hfhPIsDoUXPBYfpRlYxQSdbmEG09Z0NnTxBgFYC0rmrVGIuG0KNlYsdOAd+dvkJk
2Foy3VUUZUeN8XazbwIDAQAB
-----END PUBLIC KEY-----
"
Note: that output format is PKCS#1 Type.
Generate DSA Key Pair in Encrypted Format
<?php
/**
* Created by https://8gwifi.org
* User: Anish Nath
* Date: 2018-12-17 * Time: 10:05 */
// Configuration for 2048 DSA key Pair with Digest Algo 512
$config = array(
"digest_alg" => "sha512",
"private_key_bits" => 2048,
"private_key_type" => OPENSSL_KEYTYPE_DSA,
);
// Create the keypair
$res=openssl_pkey_new($config);
// Get private key
openssl_pkey_export($res, $privkey, "mystrongpassword" );
// Get public key
$pubkey=openssl_pkey_get_details($res);
$pubkey=$pubkey["key"];
var_dump($privkey);
var_dump($pubkey);
Generate EC Key Pair
Elliptic curve based algorithms use significantly smaller key sizes than their non elliptic curve equivalents.
The approximate equivalence in security strength for symmetric algorithms compared to standard asymmetric algorithms and elliptic curve algorithms is shown in the table below.
| AES Symmetric Keysize (Bits) | RSA and DSA Keysize (Bits) | ECC Keysize (Bits) |
|---|---|---|
| 80 | 1024 | 160 |
| 112 | 2048 | 224 |
| 128 | 3072 | 256 |
| 192 | 7680 | 384 |
| 256 | 15360 | 512 |
Required PHP Version: (PHP 7 >= 7.1.0)
<?php
/**
* Created by https://8gwifi.org
* User: Anish Nath
* Date: 2018-12-17 * Time: 10:05 */
// Configuration for 2048 DSA key Pair with Digest Algo 512
$config = array(
"digest_alg" => "sha512",
"curve_name" => prime256v1,
"private_key_type" => OPENSSL_KEYTYPE_EC,
);
// Create the keypair
$res=openssl_pkey_new($config);
// Get private key
openssl_pkey_export($res, $privkey, "mystrongpassword" );
// Get public key
$pubkey=openssl_pkey_get_details($res);
$pubkey=$pubkey["key"];
var_dump($privkey);
var_dump($pubkey);
The above example will output something similar to:
$ /bin/php-7.1.19 pkey_new_ec.php
string(299) "-----BEGIN EC PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,606FAE9BA918BDEC
xo8McQWsbm/5A16e9DLneus2yfWEdSFkiG9DJ3Y9tjN1khWjQ0kKb+L40csSmrel
LvcxyO1pHmKXd5lW68T7sV5tUJwjXEkLslbCiSbqcCp+LT7+fw2Jdz5dEduElZGb
oK/e53CFZl0fL7PM7wDmj6G06F+I19iRL9wf3T8w+rs=
-----END EC PRIVATE KEY-----
"
string(178) "-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEWcxIutWEkMXuakdcHhJW3hpOECBo
/7/aqoS7M2ruspT+AVRFN6RPwPkRNnJE4a2I5Sun/Ny0Bg9c+1c0BUFmYw==
-----END PUBLIC KEY-----
"
Continue Reading Part 2 (php Asymmetric Key Encryption/Decryption/Sign Verify The message)
Thanku for reading !!! Give a Share for Support
Your Support Matters!
Instead of directly asking for donations, I'm thrilled to offer you all nine of my books for just $9 on leanpub By grabbing this bundle you not only help cover my coffee, beer, and Amazon bills but also play a crucial role in advancing and refining this project. Your contribution is indispensable, and I'm genuinely grateful for your involvement in this journey!
Any private key value that you enter or we generate is not stored on this site, this tool is provided via an HTTPS URL to ensure that private keys cannot be stolen, for extra security run this software on your network, no cloud dependency
Go Lang Cryptography Topics
Applied Cryptography Topics
Web Crypto API Topics
Ansible Related Topics
Kubernetes Related Topics
Openstack Articles
Linux Related Topics
python Cryptography Topics
PHP Cryptography Topics
Topics
For Coffee/ Beer/ Amazon Bill and further development of the project Support by Purchasing, The Modern Cryptography CookBook for Just $9 Coupon Price
Kubernetes for DevOps
Hello Dockerfile