Action:
RSA Private Key Format:
RSA Public Key Format:
Signature Mode:
Encryption Mode:
<?php require __DIR__ . '/vendor/autoload.php'; use phpseclib\Crypt\RSA; $rsa = new RSA(); $rsa->setPassword('password'); $rsa->setPrivateKeyFormat(RSA::PRIVATE_FORMAT_PUTTY); $rsa->setPrivateKeyFormat(RSA::PRIVATE_FORMAT_XML); //$rsa->setPrivateKeyFormat(RSA::PRIVATE_FORMAT_PKCS1); //$rsa->setPublicKeyFormat(RSA::PUBLIC_FORMAT_PKCS1); $rsa->setPublicKeyFormat(RSA::PUBLIC_FORMAT_OPENSSH); $rsa->setPublicKeyFormat(RSA::PUBLIC_FORMAT_XML); $rsa->setPublicKeyFormat(RSA::PUBLIC_FORMAT_RAW); // initial call extract($rsa->createKey(1024, 10)); // subsequent calls extract($rsa->createKey(1024, 10, $partialkey)); $rsa->setPassword('password'); $rsa->setPrivateKeyFormat(RSA::PRIVATE_FORMAT_PUTTY); $rsa->setPrivateKeyFormat(RSA::PRIVATE_FORMAT_XML); //$rsa->setPrivateKeyFormat(RSA::PRIVATE_FORMAT_PKCS1); //$rsa->setPublicKeyFormat(RSA::PUBLIC_FORMAT_PKCS1); $rsa->setPublicKeyFormat(RSA::PUBLIC_FORMAT_OPENSSH); $rsa->setPublicKeyFormat(RSA::PUBLIC_FORMAT_XML); $rsa->setPublicKeyFormat(RSA::PUBLIC_FORMAT_RAW); //define('CRYPT_RSA_EXPONENT', 65537); //define('CRYPT_RSA_SMALLEST_PRIME', 64); // makes it so multi-prime RSA is used extract($rsa->createKey()); // == $rsa->createKey(1024) where 1024 is the key size//$rsa->setPassword('password'); $rsa->loadKey('...'); //$rsa->setPassword(); // clear the password if there was one $rsa->setPassword('password'); // presumably this'll be different than the above password $privatekey = $rsa->getPrivateKey(); // could do RSA::PRIVATE_FORMAT_PKCS1 too $privatekey = $rsa->getPrivateKey(RSA::PRIVATE_FORMAT_PUTTY); $privatekey = $rsa->getPrivateKey(RSA::PRIVATE_FORMAT_XML); $publickey = $rsa->getPublicKey(); // could do RSA::PUBLIC_FORMAT_PKCS1 too $publickey = $rsa->getPublicKey(RSA::PUBLIC_FORMAT_OPENSSH); $publickey = $rsa->getPublicKey(RSA::PUBLIC_FORMAT_XML); $publickey = $rsa->getPublicKey(RSA::PUBLIC_FORMAT_RAW); $rsa->loadKey('...'); $rsa->setPublicKey(); $publickey = $rsa->getPublicKey(); // could do RSA::PUBLIC_FORMAT_PKCS1 too $publickey = $rsa->getPublicKey(RSA::PUBLIC_FORMAT_OPENSSH); $publickey = $rsa->getPublicKey(RSA::PUBLIC_FORMAT_XML); $publickey = $rsa->getPublicKey(RSA::PUBLIC_FORMAT_RAW);//$rsa->setPassword('password'); $rsa->loadKey('...'); // private key $plaintext = '...'; $rsa->setSignatureMode(RSA::SIGNATURE_PKCS1);//$rsa->setSignatureMode(RSA::SIGNATURE_PSS); $signature = $rsa->sign($plaintext); $rsa->loadKey('...'); // public key echo $rsa->verify($plaintext, $signature) ? 'verified' : 'unverified';$rsa->loadKey('...'); // public key $plaintext = '...'; $rsa->setEncryptionMode(RSA::ENCRYPTION_PKCS1);//$rsa->setEncryptionMode(RSA::ENCRYPTION_OAEP); $ciphertext = $rsa->encrypt($plaintext); $rsa->loadKey('...'); // private key echo $rsa->decrypt($ciphertext); ?>
-----BEGIN RSA PRIVATE KEY----- MIICXAIBAAKBgQCqGKukO1De7zhZj6+H0qtjTkVxwTCpvKe4eCZ0FPqri0cb2JZfXJ/DgYSF6vUp wmJG8wVQZKjeGcjDOL5UlsuusFncCzWBQ7RKNUSesmQRMSGkVb1/3j+skZ6UtW+5u09lHNsj6tQ5 1s1SPrCBkedbNf0Tp0GbMJDyR4e9T04ZZwIDAQABAoGAFijko56+qGyN8M0RVyaRAXz++xTqHBLh 3tx4VgMtrQ+WEgCjhoTwo23KMBAuJGSYnRmoBZM3lMfTKevIkAidPExvYCdm5dYq3XToLkkLv5L2 pIIVOFMDG+KESnAFV7l2c+cnzRMW0+b6f8mR1CJzZuxVLL6Q02fvLi55/mbSYxECQQDeAw6fiIQX GukBI4eMZZt4nscy2o12KyYner3VpoeE+Np2q+Z3pvAMd/aNzQ/W9WaI+NRfcxUJrmfPwIGm63il AkEAxCL5HQb2bQr4ByorcMWm/hEP2MZzROV73yF41hPsRC9m66KrheO9HPTJuo3/9s5p+sqGxOlF L0NDt4SkosjgGwJAFklyR1uZ/wPJjj611cdBcztlPdqoxssQGnh85BzCj/u3WqBpE2vjvyyvyI5k X6zk7S0ljKtt2jny2+00VsBerQJBAJGC1Mg5Oydo5NwD6BiROrPxGo2bpTbu/fhrT8ebHkTz2epl U9VQQSQzY1oZMVX8i1m5WUTLPz2yLJIBQVdXqhMCQBGoiuSoSjafUhV7i1cEGpb88h5NBYZzWXGZ 37sJ5QsW+sJyoNde3xH8vdXhzU7eT82D6X/scw9RZz+/6rCJ4p0= -----END RSA PRIVATE KEY-----
-----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED DEK-Info: DES-EDE3-CBC,E3B1C06E0D0C2633 gvmXzl6W7eV1a3N5rQNwBWKY9on3IgxZudS33cip5f88FotsPSDJMvqj6LVw2RxobDjhlOOzqmTb VrlTnoQ6CogXFZSfiPmixiyyptCUEKJkSiEhYGM5GQm0OoGcLeLbgBb9tRpWh5IlXulKD6XFhx8q /eGg5a+mSkX1i7kv2+Ih3jHmEKwrnfzhcA29pBF3OQJo+Ks9IYneuk676pHtsIs7CpFKq1tDvD8Q O7URxnVnHLltaFvIxshqyZu92xbUYZR7YzjXl5+3w4TVgeAHUogEV+H9iZTosD/copUsbQO+78w2 E1D3iDS94wRgx0Tjv4xlwrTpOV38FS5rdL32492DcCRlCYM4VtuwjYeWi5shJg69jCb0EwGRqfAo xko+lbKWELTuFKwD7n1rc/2fTarbGuf8S2AEggBLZyfXHC/9N84mXLFO2XKq+0WdiEFhQj2Cze+a 9qcSK6tPSrjK1LPlnOOppFgDElZaZ0rxsgjtiWSIAEw/Ad+SIM5u+vqwzF8J317JlsdKoBFDw8mS MxCMuMksKJ23mgvY+THRIVgH3E7lEDZQzCi1Uy6ldLJcran/6wHwP88pVM2odiHkpnrJGcEBbbIk qsxJZhFT8aUt/cUEBj3fnP7cxoNLQfTHMPqUTqKBWaVufFzGU9YB1R+XWFULLddwJHnV7gPheBlk MDapowb+Is77+a9Y2VDsOXEvNpqTY0giiSrckG05IZnrhJ24JnSCwyNd99lm7XKdEGGrjBCMqIyI Fqox8Ahkv3KWAJPYK1eOCc5d/KwZHlnlFJq7ZYy9u3fEnxQCjOEmeXLkLangKA== -----END RSA PRIVATE KEY-----
PuTTY-User-Key-File-2: ssh-rsa Encryption: none Comment: phpseclib-generated-key Public-Lines: 4 AAAAB3NzaC1yc2EAAAADAQABAAAAgQCqGKukO1De7zhZj6+H0qtjTkVxwTCpvKe4 eCZ0FPqri0cb2JZfXJ/DgYSF6vUpwmJG8wVQZKjeGcjDOL5UlsuusFncCzWBQ7RK NUSesmQRMSGkVb1/3j+skZ6UtW+5u09lHNsj6tQ51s1SPrCBkedbNf0Tp0GbMJDy R4e9T04ZZw== Private-Lines: 8 AAAAgBYo5KOevqhsjfDNEVcmkQF8/vsU6hwS4d7ceFYDLa0PlhIAo4aE8KNtyjAQ LiRkmJ0ZqAWTN5TH0ynryJAInTxMb2AnZuXWKt106C5JC7+S9qSCFThTAxvihEpw BVe5dnPnJ80TFtPm+n/JkdQic2bsVSy+kNNn7y4uef5m0mMRAAAAQQDeAw6fiIQX GukBI4eMZZt4nscy2o12KyYner3VpoeE+Np2q+Z3pvAMd/aNzQ/W9WaI+NRfcxUJ rmfPwIGm63ilAAAAQQDEIvkdBvZtCvgHKitwxab+EQ/YxnNE5XvfIXjWE+xEL2br oquF470c9Mm6jf/2zmn6yobE6UUvQ0O3hKSiyOAbAAAAQBGoiuSoSjafUhV7i1cE Gpb88h5NBYZzWXGZ37sJ5QsW+sJyoNde3xH8vdXhzU7eT82D6X/scw9RZz+/6rCJ 4p0= Private-MAC: 03e2cb74e1d67652fbad063d2ed0478f31bdf256
PuTTY-User-Key-File-2: ssh-rsa Encryption: aes256-cbc Comment: phpseclib-generated-key Public-Lines: 4 AAAAB3NzaC1yc2EAAAADAQABAAAAgQCqGKukO1De7zhZj6+H0qtjTkVxwTCpvKe4 eCZ0FPqri0cb2JZfXJ/DgYSF6vUpwmJG8wVQZKjeGcjDOL5UlsuusFncCzWBQ7RK NUSesmQRMSGkVb1/3j+skZ6UtW+5u09lHNsj6tQ51s1SPrCBkedbNf0Tp0GbMJDy R4e9T04ZZw== Private-Lines: 8 llx04QMegql0/nE5RvcJSrGrodxt6ytuv/JX2caeZBUyQwQc2WBNYagLHyHPM9jI 9OUWz59FLhjFXZMDNMoUXxVmjwQpOAaVPYNxxFM9AF6/NXFji64K7huD9n4A+kLn sHwMLWPR5a/tZA0r05DZNz9ULA3mQu7Hz4EQ8ifu3uTPJuTmL51x6RmudYKysb20 fM8VzC3ukvzzRh0pujUVTr/yQdmciASVFnZlt4xQy+ZEOVUAOfwjd//AFfXTvk6x 7A45rNlU/uicHwLgoY1APvRHCFxw7F+uVW5L4mSX7NNzqBKkZ+1qpQTAfQvIfEIb 444+CXsgIyOpqt6VxJH2u6elAtE1wau3YaFR8Alm8m97rFYzRi3oDP5NZYkTCWSV EOpSeghXSs7IilJu8I6/sB1w5dakdeBSFkIynrlFXkO0uUw+QJJWjxY8SypzgIuP DzduF6XsQrCyo6dnIpGQCQ== Private-MAC: 35134b7434bf828b21404099861d455e660e8740
<RSAKeyValue> <Modulus>AKoYq6Q7UN7vOFmPr4fSq2NORXHBMKm8p7h4JnQU+quLRxvYll9cn8OBhIXq9SnCYkbzBVBkqN4ZyMM4vlSWy66wWdwLNYFDtEo1RJ6yZBExIaRVvX/eP6yRnpS1b7m7T2Uc2yPq1DnWzVI+sIGR51s1/ROnQZswkPJHh71PThln</Modulus> <Exponent>AQAB</Exponent> <P>AN4DDp+IhBca6QEjh4xlm3iexzLajXYrJid6vdWmh4T42nar5nem8Ax39o3ND9b1Zoj41F9zFQmuZ8/AgabreKU=</P> <Q>AMQi+R0G9m0K+AcqK3DFpv4RD9jGc0Tle98heNYT7EQvZuuiq4XjvRz0ybqN//bOafrKhsTpRS9DQ7eEpKLI4Bs=</Q> <DP>FklyR1uZ/wPJjj611cdBcztlPdqoxssQGnh85BzCj/u3WqBpE2vjvyyvyI5kX6zk7S0ljKtt2jny2+00VsBerQ==</DP> <DQ>AJGC1Mg5Oydo5NwD6BiROrPxGo2bpTbu/fhrT8ebHkTz2eplU9VQQSQzY1oZMVX8i1m5WUTLPz2yLJIBQVdXqhM=</DQ> <InverseQ>EaiK5KhKNp9SFXuLVwQalvzyHk0FhnNZcZnfuwnlCxb6wnKg117fEfy91eHNTt5PzYPpf+xzD1FnP7/qsIninQ==</InverseQ> <D>Fijko56+qGyN8M0RVyaRAXz++xTqHBLh3tx4VgMtrQ+WEgCjhoTwo23KMBAuJGSYnRmoBZM3lMfTKevIkAidPExvYCdm5dYq3XToLkkLv5L2pIIVOFMDG+KESnAFV7l2c+cnzRMW0+b6f8mR1CJzZuxVLL6Q02fvLi55/mbSYxE=</D> </RSAKeyValue>
-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqGKukO1De7zhZj6+H0qtjTkVxwTCpvKe4eCZ0 FPqri0cb2JZfXJ/DgYSF6vUpwmJG8wVQZKjeGcjDOL5UlsuusFncCzWBQ7RKNUSesmQRMSGkVb1/ 3j+skZ6UtW+5u09lHNsj6tQ51s1SPrCBkedbNf0Tp0GbMJDyR4e9T04ZZwIDAQAB -----END PUBLIC KEY-----
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQCqGKukO1De7zhZj6+H0qtjTkVxwTCpvKe4eCZ0FPqri0cb2JZfXJ/DgYSF6vUpwmJG8wVQZKjeGcjDOL5UlsuusFncCzWBQ7RKNUSesmQRMSGkVb1/3j+skZ6UtW+5u09lHNsj6tQ51s1SPrCBkedbNf0Tp0GbMJDyR4e9T04ZZw== phpseclib-generated-key
<RSAKeyValue> <Modulus>AKoYq6Q7UN7vOFmPr4fSq2NORXHBMKm8p7h4JnQU+quLRxvYll9cn8OBhIXq9SnCYkbzBVBkqN4ZyMM4vlSWy66wWdwLNYFDtEo1RJ6yZBExIaRVvX/eP6yRnpS1b7m7T2Uc2yPq1DnWzVI+sIGR51s1/ROnQZswkPJHh71PThln</Modulus> <Exponent>AQAB</Exponent> </RSAKeyValue>
array(2) { ["e"]=> object(Math_BigInteger) ... ["n"]=> object(Math_BigInteger) ... }
-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqGKukO1De7zhZj6+H0qtjTkVxwTCpvKe4eCZ0 FPqri0cb2JZfXJ/DgYSF6vUpwmJG8wVQZKjeGcjDOL5UlsuusFncCzWBQ7RKNUSesmQRMSGkVb1/ 3j+skZ6UtW+5u09lHNsj6tQ51s1SPrCBkedbNf0Tp0GbMJDyR4e9T04ZZwIDAQAB -----END PUBLIC KEY-----
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQCqGKukO1De7zhZj6+H0qtjTkVxwTCpvKe4eCZ0FPqri0cb2JZfXJ/DgYSF6vUpwmJG8wVQZKjeGcjDOL5UlsuusFncCzWBQ7RKNUSesmQRMSGkVb1/3j+skZ6UtW+5u09lHNsj6tQ51s1SPrCBkedbNf0Tp0GbMJDyR4e9T04ZZw== phpseclib-generated-key
<RSAKeyValue> <Modulus>AKoYq6Q7UN7vOFmPr4fSq2NORXHBMKm8p7h4JnQU+quLRxvYll9cn8OBhIXq9SnCYkbzBVBkqN4ZyMM4vlSWy66wWdwLNYFDtEo1RJ6yZBExIaRVvX/eP6yRnpS1b7m7T2Uc2yPq1DnWzVI+sIGR51s1/ROnQZswkPJHh71PThln</Modulus> <Exponent>AQAB</Exponent> </RSAKeyValue>
Output of var_dump($publickey)
:
array(2) { ["e"]=> object(Math_BigInteger) ... ["n"]=> object(Math_BigInteger) ... }
$rsa->setHash()
tells Crypt_RSA which hash algorithm to use. The default hash algorithm is sha1.
$rsa->setMGFHash()
tells Crypt_RSA which hash to use as the mask generation function. The default hash algorithm is sha1.
$rsa->setSaltLength()
sets the salt length. The PKCS#1 standard recommends this value either be 0 (which is what it is by default) or the length of the output of the hash function as set via setHash().
$rsa->setHash()
tells Crypt_RSA which hash algorithm to use. The default hash algorithm is sha1.
$rsa->setMGFHash()
tells Crypt_RSA which hash to use as the mask generation function. The default hash algorithm is sha1.
phpseclib implements PKCS#1 v2.1 whereas OpenSSL implemenents PKCS#1 v1.5. The problem with this is that strings encrypted with phpseclib won't be able to be decrypted by OpenSSL. Not unless you do define('CRYPT_RSA_PKCS15_COMPAT', true);
before the encrypt()
call.
Creating an RSA key can be a computationally expensive process. The fastest way to do it is to have the gmp extension installed and, failing that, the slower bcmath extension. If neither of those are available RSA keys can still be generated but it'll be slower still.
In the event that a webserver has a timeout limit in place for scripts it may help to perform multiple successive calls to $rsa->createKey()
, via AJAX, or something. $partialkey
is returned to the clients browser and the clients browser resends an HTTP request via AJAX with $partialkey
for example.