Pure-PHP PKCS#1 compliant implementation of RSA.
Methods
The constructor
Crypt_RSA() : \Crypt_RSA
If you want to make use of the openssl extension, you'll need to set the mode manually, yourself. The reason
Crypt_RSA doesn't do it is because OpenSSL doesn't fail gracefully. openssl_pkey_new(), in particular, requires
openssl.cnf be present somewhere and, unfortunately, the only real way to find out is too late.
Returns
Performs RSA Blinding
_blind(\Math_BigInteger $x, \Math_BigInteger $r, Integer $i) : \Math_BigInteger
Protects against timing attacks by employing RSA Blinding.
Returns $x->modPow($this->exponents[$i], $this->primes[$i])
Parameters
$i
Integer
Returns
Convert a private key to the appropriate format.
_convertPrivateKey($n, $e, $d, $primes, $exponents, $coefficients) : String
access |
private |
see |
\global\setPrivateKeyFormat() |
Parameters
$n
$e
$d
$primes
$exponents
$coefficients
Returns
String
Convert a public key to the appropriate format
_convertPublicKey($n, $e) : String
access |
private |
see |
\global\setPublicKeyFormat() |
Parameters
$n
$e
Returns
String
Data Handler
_data_handler(Resource $parser, String $data)
Called by xml_set_character_data_handler()
Parameters
$parser
Resource
$data
String
_decodeLength()
_decodeLength($string)
EMSA-PKCS1-V1_5-ENCODE
_emsa_pkcs1_v1_5_encode(String $m, Integer $emLen) : String
EMSA-PSS-ENCODE
_emsa_pss_encode(String $m, Integer $emBits)
EMSA-PSS-VERIFY
_emsa_pss_verify(String $m, String $em, Integer $emBits) : String
_encodeLength()
_encodeLength($length)
Generates the smallest and largest numbers requiring $bits bits
_generateMinMax(Integer $bits) : Array
Parameters
$bits
Integer
Returns
Array
Integer-to-Octet-String primitive
_i2osp(\Math_BigInteger $x, Integer $xLen) : String
MGF1
_mgf1(String $mgfSeed, $maskLen) : String
Break a public or private key down into its constituant components
_parseKey(String $key, Integer $type) : Array
access |
private |
see |
\global\_convertPublicKey() |
see |
\global\_convertPrivateKey() |
Parameters
$key
String
$type
Integer
Returns
Array
Generates a random string x bytes long
_random(Integer $bytes, \optional $nonzero) : String
Parameters
$bytes
Integer
$nonzero
\optional
Integer $nonzero
Returns
String
RSAES-OAEP-DECRYPT
_rsaes_oaep_decrypt(String $c, String $l) : String
See RFC3447#section-7.1.2. The fact that the error
messages aren't distinguishable from one another hinders debugging, but, to quote from RFC3447#section-7.1.2:
Note. Care must be taken to ensure that an opponent cannot
distinguish the different error conditions in Step 3.g, whether by
error message or timing, or, more generally, learn partial
information about the encoded message EM. Otherwise an opponent may
be able to obtain useful information about the decryption of the
ciphertext C, leading to a chosen-ciphertext attack such as the one
observed by Manger [36].
As for $l... to quote from RFC3447#page-17:
Both the encryption and the decryption operations of RSAES-OAEP take
the value of a label L as input. In this version of PKCS #1, L is
the empty string; other uses of the label are outside the scope of
this document.
Parameters
$c
String
$l
String
Returns
String
RSAES-OAEP-ENCRYPT
_rsaes_oaep_encrypt(String $m, String $l) : String
See RFC3447#section-7.1.1 and
{http://en.wikipedia.org/wiki/Optimal_Asymmetric_Encryption_Padding OAES}.
Parameters
$m
String
$l
String
Returns
String
RSAES-PKCS1-V1_5-DECRYPT
_rsaes_pkcs1_v1_5_decrypt(String $c) : String
See RFC3447#section-7.2.2.
For compatability purposes, this function departs slightly from the description given in RFC3447.
The reason being that RFC2313#section-8.1 (PKCS#1 v1.5) states that ciphertext's encrypted by the
private key should have the second byte set to either 0 or 1 and that ciphertext's encrypted by the
public key should have the second byte set to 2. In RFC3447 (PKCS#1 v2.1), the second byte is supposed
to be 2 regardless of which key is used. for compatability purposes, we'll just check to make sure the
second byte is 2 or less. If it is, we'll accept the decrypted string as valid.
As a consequence of this, a private key encrypted ciphertext produced with Crypt_RSA may not decrypt
with a strictly PKCS#1 v1.5 compliant RSA implementation. Public key encrypted ciphertext's should but
not private key encrypted ciphertext's.
Parameters
$c
String
Returns
String
RSAES-PKCS1-V1_5-ENCRYPT
_rsaes_pkcs1_v1_5_encrypt(String $m) : String
RSASSA-PKCS1-V1_5-SIGN
_rsassa_pkcs1_v1_5_sign(String $m) : String
RSASSA-PKCS1-V1_5-VERIFY
_rsassa_pkcs1_v1_5_verify(String $m, $s) : String
RSASSA-PSS-SIGN
_rsassa_pss_sign(String $m) : String
RSASSA-PSS-VERIFY
_rsassa_pss_verify(String $m, String $s) : String
Start Element Handler
_start_element_handler(Resource $parser, String $name, Array $attribs)
Called by xml_set_element_handler()
Parameters
$parser
Resource
$name
String
$attribs
Array
Stop Element Handler
_stop_element_handler(Resource $parser, String $name)
Called by xml_set_element_handler()
Parameters
$parser
Resource
$name
String
String Shift
_string_shift(String $string, \optional $index) : String
Inspired by array_shift
Parameters
$string
String
$index
\optional
Integer $index
Returns
String
Create public / private key pair
createKey(\optional $bits, \optional $timeout, \optional $partial)
Returns an array with the following three elements:
- 'privatekey': The private key.
- 'publickey': The public key.
- 'partialkey': A partially computed key (if the execution time exceeded $timeout).
Will need to be passed back to Crypt_RSA::createKey() as the third parameter for further processing.
Parameters
$bits
\optional
Integer $bits
$timeout
\optional
Integer $timeout
$partial
\optional
Math_BigInteger $p
Decryption
decrypt($ciphertext) : String
see |
\global\encrypt() |
access |
public |
Parameters
$ciphertext
Returns
String
Encryption
encrypt(String $plaintext) : String
Both CRYPT_RSA_ENCRYPTION_OAEP and CRYPT_RSA_ENCRYPTION_PKCS1 both place limits on how long $plaintext can be.
If $plaintext exceeds those limits it will be broken up so that it does and the resultant ciphertext's will
be concatenated together.
see |
\global\decrypt() |
access |
public |
Parameters
$plaintext
String
Returns
String
Returns the public key
getPublicKey(Integer $type)
The public key is only returned under two circumstances - if the private key had the public key embedded within it
or if the public key was set via setPublicKey(). If the currently loaded key is supposed to be the public key this
function won't return it since this library, for the most part, doesn't distinguish between public and private keys.
see |
\global\getPublicKey() |
access |
public |
Parameters
Loads a public or private key
loadKey(String $key, Integer $type)
Returns true on success and false on failure (ie. an incorrect password was provided or the key was malformed)
Parameters
$key
String
Set Encryption Mode
setEncryptionMode(Integer $mode)
Valid values include CRYPT_RSA_ENCRYPTION_OAEP and CRYPT_RSA_ENCRYPTION_PKCS1.
Parameters
$mode
Integer
Determines which hashing function should be used
setHash(String $hash)
Used with signature production / verification and (if the encryption mode is CRYPT_RSA_ENCRYPTION_OAEP) encryption and
decryption. If $hash isn't supported, sha1 is used.
Parameters
$hash
String
Determines which hashing function should be used for the mask generation function
setMGFHash(String $hash)
The mask generation function is used by CRYPT_RSA_ENCRYPTION_OAEP and CRYPT_RSA_SIGNATURE_PSS and although it's
best if Hash and MGFHash are set to the same thing this is not a requirement.
Parameters
$hash
String
Sets the password
setPassword(String $password)
Private keys can be encrypted with a password. To unset the password, pass in the empty string or false.
Or rather, pass in $password such that empty($password) is true.
see |
\global\createKey() |
see |
\global\loadKey() |
access |
public |
Parameters
$password
String
Defines the public key
setPublicKey(String $key, Integer $type) : Boolean
Some private key formats define the public exponent and some don't. Those that don't define it are problematic when
used in certain contexts. For example, in SSH-2, RSA authentication works by sending the public key along with a
message signed by the private key to the server. The SSH-2 server looks the public key up in an index of public keys
and if it's present then proceeds to verify the signature. Problem is, if your private key doesn't include the public
exponent this won't work unless you manually add the public exponent.
Do note that when a new key is loaded the index will be cleared.
Returns true on success, false on failure
see |
\global\getPublicKey() |
access |
public |
Parameters
$key
String
Returns
Boolean
Determines the salt length
setSaltLength($sLen)
To quote from RFC3447#page-38:
Typical salt lengths in octets are hLen (the length of the output
of the hash function Hash) and 0.
Parameters
$sLen
Set Signature Mode
setSignatureMode(Integer $mode)
Valid values include CRYPT_RSA_SIGNATURE_PSS and CRYPT_RSA_SIGNATURE_PKCS1
Parameters
$mode
Integer
Create a signature
sign(String $message) : String
see |
\global\verify() |
access |
public |
Parameters
$message
String
Returns
String
Verifies a signature
verify(String $message, String $signature) : Boolean
see |
\global\sign() |
access |
public |
Parameters
$message
String
$signature
String
Returns
Boolean
Properties
Coefficients for Chinese Remainder Theorem (ie.
$coefficients : Array
Components
$components : Array
For use with parsing XML formatted keys. PHP's XML Parser functions use utilized - instead of PHP's DOM functions -
because PHP's XML Parser functions work on PHP4 whereas PHP's DOM functions - although surperior - don't.
see |
\global\Crypt_RSA::_start_element_handler() |
access |
private |
Current String
$current : Mixed
For use with parsing XML formatted keys.
see |
\global\Crypt_RSA::_character_handler() |
see |
\global\Crypt_RSA::_stop_element_handler() |
access |
private |
Encryption mode
$encryptionMode : Integer
Exponents for Chinese Remainder Theorem (ie.
$exponents : Array
Length of hash function output
$hLen : Integer
Hash name
$hashName : String
Length of MGF hash function output
$mgfHLen : Integer
Hash function for the Mask Generation Function
$mgfHash : \Crypt_Hash
Precomputed One
$one : Array
Password
$password : String
Primes for Chinese Remainder Theorem (ie.
$primes : Array
Public Exponent
$publicExponent : Mixed
Length of salt
$sLen : Integer
Signature mode
$signatureMode : Integer
Precomputed Zero
$zero : Array