php Asymmetric cryptography

by Anish

Posted on Wednesday December 12 , 2018


Asymmetric cryptography is a branch of cryptography where a secret key can be divided into two parts, a public key and a private key. The public key can be given to anyone, trusted or not, while the private key must be kept secret (just like the key in symmetric cryptography).

Encryption with asymmetric cryptography works in a slightly different way from symmetric encryption. Someone with the public key is able to encrypt a message, providing confidentiality, and then only the person in possession of the private key is able to decrypt it.

Some Key Algorithms for Asymmetric cryptography

  • Elliptic curve cryptography
  • RSA
  • Diffie-Hellman key exchange
  • DSA

The length of the cryptographic key is perhaps the most important security parameter that can be set at the discretion of the security professional

As of 2016, the NSA's Commercial National Security Algorithm Suite includes

Cryptosystem Usage
RSA 3072-bit or larger Key Establishment, Digital Signature
Diffie-Hellman (DH) 3072-bit or larger Key Establishment
ECDH with NIST P-384 Key Establishment
ECDSA with NIST P-384 Digital Signature
SHA-384 Integrity
AES-256 Confidentiality

For More information around key length requirement visit keylength.com

Generating Asymmetric Key Pair

openssl_pkey_new: Generates a new private key and public key pair.

  • Supported PHP Versions (PHP 4 >= 4.2.0, PHP5, PHP 7)

The Syntax

openssl_pkey_new ([ array  $configargs ] )
  • configargs: By default, the information in your system openssl.conf is used to initialize the request.

// Configuration for 4096 RSA key Pair with Digest Algo 512  
  
$config = array(  
  "digest_alg" => "sha512",  
  "private_key_bits" => 1024,  
  "private_key_type" => OPENSSL_KEYTYPE_RSA,  
);

private_key_type can be

  • OPENSSL_KEYTYPE_RSA
  • OPENSSL_KEYTYPE_DSA
  • OPENSSL_KEYTYPE_DH
  • OPENSSL_KEYTYPE_EC

Examples

Generate RSA Key Pair in Encrypted/NonEncrypted Format

<?php  
/**  
 * Created by https://8gwifi.org  
  * User: Anish Nath  
 * Date: 2018-12-17 * Time: 10:05 */  
  
// Configuration for 4096 RSA key Pair with Digest Algo 512  
 
$config = array(  
  "digest_alg" => "sha512",  
  "private_key_bits" => 2048,  
  "private_key_type" => OPENSSL_KEYTYPE_RSA,  
);  
 
// Create the keypair  
$res=openssl_pkey_new($config);  
// Get private key  
openssl_pkey_export($res, $privkey );  
// Get public key  
$pubkey=openssl_pkey_get_details($res);  
$pubkey=$pubkey["key"];  
  
echo "====PKCS1 RSA Key in Non Encrypted Format ====\n";  
var_dump($privkey);  
echo "====PKCS1 RSA Key in Encrypted Format====\n ";  
  
// Get private key in Encrypted Format  
openssl_pkey_export($res, $privkey,"myverystrongpassword" );  
// Get public key  
$pubkey=openssl_pkey_get_details($res);  
$pubkey=$pubkey["key"];  
var_dump($privkey);  
echo "RSA Public Key \n ";  
var_dump($pubkey);

The above example will output something similar to:

$ /usr/bin/php pkey_new_rsa.php
====PKCS1 RSA Key in Non Encrypted Format ====
string(916) "-----BEGIN PRIVATE KEY-----
MIICeAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGBAN5Grau1PqtgQNt3
SpFkPVlxkMfoZg2Z1/mdgD3cWm6YinCpfdeoiVGqVH+MitBQjFHFhTF467tQuH76
43rJI9CZNaWF+E8iwOhRc8Fh+lGVjFBJ1uYQbT1nQ2dPEGAVgLSuatUYi4bQo2Vi
x04B352+QmTYWjLdVRRlR43xdrNvAgMBAAECgYEA0YYMVYyey4sK+BXF27GCxxpv
IJHoCTAYzzpxVV6ufAwci8CpWC2Na8bEqgsAGweijb5EJHNYupSHpWK4JdkOgOPy
3/wpPL/fE0VveWmLUTpyVz7A4peEms8PX+qggsjFzP7TAZbEJZoSIdWwZGCkleu6
AVDFOothmVOjMfslzYkCQQD/gE9FJDxlXkq7SIi1nwrWKDRBaT7LzUEoDEjWQhHS
ZI/OvP4GBUUIbvtRPoZwjCZfxC3x9bqhppLsVox9//UjAkEA3rXDl0MAq/keXqhf
gHtOSENPv7XBp605TyogvRaA+obFy/ug3uAhD4TT7AW+bQ729JuB/TG8/84pmWlB
iixrRQJAMAjOXmBWnnQgtp8HXKXe4q5CTL3dmXEoO8A7fVSEhzpystpjI3ygItrC
kt6fZc9jc4OtY5zgDn4Dhz0qQpH5YwJBAL0po9zpszte2FXMK3nkweQNEEKkbb0v
G9tKzA3vfFPOf1i3/LbxpgMZbist4cWeDVJMd4eIZKDeCmVciqeC/QUCQQDcxTgQ
5apClv2+gDxa3WNac0uq3ARn964dtiX4T793MXPXXQAdcNEdzoGe7QD9GIioxLpN
v1L22DBC8CVy3oru
-----END PRIVATE KEY-----
"
====PKCS1 RSA Key in Encrypted Format====
 string(1041) "-----BEGIN ENCRYPTED PRIVATE KEY-----
MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIG7dKRedVC1wCAggA
MBQGCCqGSIb3DQMHBAhCcAUNBTl43QSCAoBSVs3x46TwKGGYkcMuIpTTl/JewbK3
wpamx/XHmEg//kEC7t36BwdqmuiOqTdhKxIgCADaXyZJilv8oij5kMyJrO2MGS2I
uBoWiNrRGu1VfkJbyTecOZ5lY7h6kjbT+0aB2FxNo8Ru6V0Eixfgf1SYL//Ruj0N
F7AMXyQ2pQzbH/Dj1+boRmFPR1/qp90omLMslq5/QPW+guXj+DyDnpkWR+Su+0vs
rPhDylBkiZjYlsLe4QXoOT3S2zqM+RGnPmYjzYBqPuCTOXG4DuSk/4PqM8fZcoMb
gWrXia2Q9mulMERkCHvG23naLoDgFEANu9/5JvEL0gPZZVHkFhZ8WQwAnj3/LQW/
HdMjj60QYe2LSGDpZcq2kDqjOBRhKHV5utQjlQ+3yXkdd0+WJTlRsUPg/fYO9PPq
RWuPYPmUqjw7z9yJ1IU4FbbsAjb0cyeOHQmeTxcIWQfvyPrMYm7bM8pMq6FH39hs
1YfyCzRJ7HtynYLXs5djdA+BXZS+uCucg/YYHnuTz3XvKZ60fE8audcchdWAXeJm
3lLhhjsg0w9AUrV4DJCNca8sy5CyXqGYBu+UEtwGGV+Hq8iG+mtrhtNEej92kqWl
0qHMFQuW6rqa9bwitdSCnjlF2ZIvDfQoy0L36oRze670NljBQzS1fQjULM1ViOI/
VotfEToYMXb5c1x1DAfw926rBVCFHNp6+h/Mdi5UPV155v1BD7aYt+EtiZaiWTae
werojsw1+PQ0N9/kgh1Dxey8w8agNuGS4OFjn5hClfahfniRY0zl/fI6ZyWUJ653
7UVI3/LD1GzcusOtGPN1fKSx77wW1/9izDr8EMhER30zyri8RJcor0mq
-----END ENCRYPTED PRIVATE KEY-----
"
RSA Public Key  
 string(272) "-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDeRq2rtT6rYEDbd0qRZD1ZcZDH
6GYNmdf5nYA93FpumIpwqX3XqIlRqlR/jIrQUIxRxYUxeOu7ULh++uN6ySPQmTWl
hfhPIsDoUXPBYfpRlYxQSdbmEG09Z0NnTxBgFYC0rmrVGIuG0KNlYsdOAd+dvkJk
2Foy3VUUZUeN8XazbwIDAQAB
-----END PUBLIC KEY-----
"

Note: that output format is PKCS#1 Type.

Generate DSA Key Pair in Encrypted Format

<?php  
/**  
 * Created by https://8gwifi.org  
  * User: Anish Nath  
 * Date: 2018-12-17 * Time: 10:05 */  
  
// Configuration for 2048 DSA key Pair with Digest Algo 512  
  
$config = array(  
  "digest_alg" => "sha512",  
  "private_key_bits" => 2048,  
  "private_key_type" => OPENSSL_KEYTYPE_DSA,  
);  
  
// Create the keypair  
$res=openssl_pkey_new($config);  
  
// Get private key  
openssl_pkey_export($res, $privkey, "mystrongpassword" );  
  
// Get public key  
$pubkey=openssl_pkey_get_details($res);  
$pubkey=$pubkey["key"];  
var_dump($privkey);  
var_dump($pubkey);

Generate EC Key Pair

Elliptic curve based algorithms use significantly smaller key sizes than their non elliptic curve equivalents.

The approximate equivalence in security strength for symmetric algorithms compared to standard asymmetric algorithms and elliptic curve algorithms is shown in the table below.

AES Symmetric Keysize (Bits) RSA and DSA Keysize (Bits) ECC Keysize (Bits)
80 1024 160
112 2048 224
128 3072 256
192 7680 384
256 15360 512

Required PHP Version: (PHP 7 >= 7.1.0)


<?php  
/**  
 * Created by https://8gwifi.org  
  * User: Anish Nath  
 * Date: 2018-12-17 * Time: 10:05 */  
  
// Configuration for 2048 DSA key Pair with Digest Algo 512  
  
$config = array(  
  "digest_alg" => "sha512",  
  "curve_name" => prime256v1,  
  "private_key_type" => OPENSSL_KEYTYPE_EC,  
);  
 
// Create the keypair  
$res=openssl_pkey_new($config);  
  
// Get private key  
openssl_pkey_export($res, $privkey, "mystrongpassword" );  
  
// Get public key  
$pubkey=openssl_pkey_get_details($res);  
$pubkey=$pubkey["key"];  
var_dump($privkey);  
var_dump($pubkey);

The above example will output something similar to:

$ /bin/php-7.1.19 pkey_new_ec.php

string(299) "-----BEGIN EC PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,606FAE9BA918BDEC

xo8McQWsbm/5A16e9DLneus2yfWEdSFkiG9DJ3Y9tjN1khWjQ0kKb+L40csSmrel
LvcxyO1pHmKXd5lW68T7sV5tUJwjXEkLslbCiSbqcCp+LT7+fw2Jdz5dEduElZGb
oK/e53CFZl0fL7PM7wDmj6G06F+I19iRL9wf3T8w+rs=
-----END EC PRIVATE KEY-----
"
string(178) "-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEWcxIutWEkMXuakdcHhJW3hpOECBo
/7/aqoS7M2ruspT+AVRFN6RPwPkRNnJE4a2I5Sun/Ny0Bg9c+1c0BUFmYw==
-----END PUBLIC KEY-----
"

Continue Reading Part 2 (php Asymmetric Key Encryption/Decryption/Sign Verify The message)


Thanku for reading !!! Give a Share for Support

Asking for donation sound bad to me, so i'm raising fund from The Modern Cryptography CookBook for Just $9. Leanpub books Discount coupon first 100 reader. No hurry read the sample chapters here then decide.

Alternatively you can buy My all four Cryptography book Just $10.99


Referefce
  • The Modern Cryptography Book.
  • Python Cryptography
  • Cryptography for JavaScript Developer
  • Go lang Cryptography for developers


python Cryptography Topics
Topics
For Coffee/ Beer/ Amazon Bill and further development of the project Support by Purchasing, The Modern Cryptography CookBook for Just $9 Coupon Price

Cryptography for Python Developers

Cryptography for JavaScript Developers

Go lang ryptography for Developers