public
Crypt_RSA
|
#
Crypt_RSA( )
The constructor
If you want to make use of the openssl extension, you'll need to set the mode
manually, yourself. The reason Crypt_RSA doesn't do it is because OpenSSL
doesn't fail gracefully. openssl_pkey_new(), in particular, requires openssl.cnf
be present somewhere and, unfortunately, the only real way to find out is too
late.
Returns
|
public
|
#
createKey( optional $bits = 1024, optional $timeout = false, optional $partial = array() )
Create public / private key pair
Create public / private key pair
Returns an array with the following three elements: - 'privatekey': The
private key. - 'publickey': The public key. - 'partialkey': A partially computed
key (if the execution time exceeded $timeout). Will need to be passed back to
Crypt_RSA::createKey() as the third parameter for further processing.
Parameters
- $bits
optional Integer $bits
- $timeout
optional Integer $timeout
- $partial
optional Math_BigInteger $p
|
public
String
|
#
_convertPrivateKey( String $n, mixed $e, mixed $d, mixed $primes, mixed $exponents, mixed $coefficients )
Convert a private key to the appropriate format.
Convert a private key to the appropriate format.
Parameters
- $n
String $RSAPrivateKey
- $e
- $d
- $primes
- $exponents
- $coefficients
Returns
String
See
|
public
String
|
#
_convertPublicKey( String $n, mixed $e )
Convert a public key to the appropriate format
Convert a public key to the appropriate format
Parameters
- $n
String $RSAPrivateKey
- $e
Returns
String
See
|
public
Array
|
#
_parseKey( String $key, Integer $type )
Break a public or private key down into its constituant components
Break a public or private key down into its constituant components
Parameters
- $key
String $key
- $type
Integer $type
Returns
Array
See
|
public
|
#
_start_element_handler( Resource $parser, String $name, Array $attribs )
Start Element Handler
Called by xml_set_element_handler()
Parameters
- $parser
Resource $parser
- $name
String $name
- $attribs
Array $attribs
|
public
|
#
_stop_element_handler( Resource $parser, String $name )
Stop Element Handler
Called by xml_set_element_handler()
Parameters
- $parser
Resource $parser
- $name
String $name
|
public
|
#
_data_handler( Resource $parser, String $data )
Data Handler
Called by xml_set_character_data_handler()
Parameters
- $parser
Resource $parser
- $data
String $data
|
public
|
#
loadKey( String $key, Integer $type = false )
Loads a public or private key
Loads a public or private key
Returns true on success and false on failure (ie. an incorrect password was
provided or the key was malformed)
Parameters
- $key
String $key
- $type
Integer $type optional
|
public
|
#
setPassword( String $password )
Sets the password
Private keys can be encrypted with a password. To unset the password, pass in
the empty string or false. Or rather, pass in $password such that
empty($password) is true.
Parameters
- $password
String $password
See
|
public
Boolean
|
#
setPublicKey( String $key = false, Integer $type = false )
Defines the public key
Some private key formats define the public exponent and some don't. Those
that don't define it are problematic when used in certain contexts. For example,
in SSH-2, RSA authentication works by sending the public key along with a
message signed by the private key to the server. The SSH-2 server looks the
public key up in an index of public keys and if it's present then proceeds to
verify the signature. Problem is, if your private key doesn't include the public
exponent this won't work unless you manually add the public exponent.
Do note that when a new key is loaded the index will be cleared.
Returns true on success, false on failure
Parameters
- $key
String $key optional
- $type
Integer $type optional
Returns
Boolean
See
|
public
|
#
getPublicKey( String $type = CRYPT_RSA_PUBLIC_FORMAT_PKCS1 )
Returns the public key
The public key is only returned under two circumstances - if the private key
had the public key embedded within it or if the public key was set via
setPublicKey(). If the currently loaded key is supposed to be the public key
this function won't return it since this library, for the most part, doesn't
distinguish between public and private keys.
Parameters
See
|
public
|
#
getPrivateKey( String $type = CRYPT_RSA_PUBLIC_FORMAT_PKCS1 )
Returns the private key
The private key is only returned if the currently loaded key contains the
constituent prime numbers.
Parameters
See
|
public
Array
|
#
_generateMinMax( Integer $bits )
Generates the smallest and largest numbers requiring $bits bits
Generates the smallest and largest numbers requiring $bits bits
Parameters
Returns
Array
|
public
Integer
|
#
_decodeLength( String & $string )
DER-decode the length
DER supports lengths up to (28)127, however, we'll only
support lengths up to (28)4. See X.690 § 8.1.3 for more information.
Parameters
Returns
Integer
|
public
String
|
#
_encodeLength( Integer $length )
DER-encode the length
DER supports lengths up to (28)127, however, we'll only
support lengths up to (28)4. See X.690 § 8.1.3 for more information.
Parameters
Returns
String
|
public
String
|
#
_string_shift( String & $string, optional $index = 1 )
String Shift
Inspired by array_shift
Parameters
- $string
String $string
- $index
optional Integer $index
Returns
String
|
public
|
#
setPrivateKeyFormat( Integer $format )
Determines the private key format
Determines the private key format
Parameters
See
|
public
|
#
setPublicKeyFormat( Integer $format )
Determines the public key format
Determines the public key format
Parameters
See
|
public
|
#
setHash( String $hash )
Determines which hashing function should be used
Determines which hashing function should be used
Used with signature production / verification and (if the encryption mode is
CRYPT_RSA_ENCRYPTION_OAEP) encryption and decryption. If $hash isn't supported,
sha1 is used.
Parameters
|
public
|
#
setMGFHash( String $hash )
Determines which hashing function should be used for the mask generation
function
Determines which hashing function should be used for the mask generation
function
The mask generation function is used by CRYPT_RSA_ENCRYPTION_OAEP and
CRYPT_RSA_SIGNATURE_PSS and although it's best if Hash and MGFHash are set to
the same thing this is not a requirement.
Parameters
|
public
|
#
setSaltLength( Integer $sLen )
Determines the salt length
Determines the salt length
To quote from RFC3447#page-38:
Typical salt lengths in octets are hLen (the length of the output of the hash
function Hash) and 0.
Parameters
|
public
String
|
#
_random( Integer $bytes, optional $nonzero = false )
Generates a random string x bytes long
Generates a random string x bytes long
Parameters
- $bytes
Integer $bytes
- $nonzero
optional Integer $nonzero
Returns
String
|
public
String
|
|
public
Math_BigInteger
|
#
_os2ip( String $x )
Octet-String-to-Integer primitive
|
public
Math_BigInteger
|
#
_exponentiate( Math_BigInteger $x )
Exponentiate with or without Chinese Remainder Theorem
|
public
Math_BigInteger
|
#
_blind( Math_BigInteger $x, Math_BigInteger $r, Integer $i )
Performs RSA Blinding
Protects against timing attacks by employing RSA Blinding. Returns
$x->modPow($this->exponents[$i], $this->primes[$i])
Parameters
Returns
|
public
Boolean
|
#
_equals( String $x, String $y )
Performs blinded RSA equality testing
|
public
Math_BigInteger
|
|
public
Math_BigInteger
|
|
public
Math_BigInteger
|
|
public
Math_BigInteger
|
|
public
String
|
#
_mgf1( String $mgfSeed, Integer $maskLen )
|
public
String
|
#
_rsaes_oaep_encrypt( String $m, String $l = '' )
RSAES-OAEP-ENCRYPT
See RFC3447#section-7.1.1 and
{http://en.wikipedia.org/wiki/Optimal_Asymmetric_Encryption_Padding OAES}.
Parameters
Returns
String
|
public
String
|
#
_rsaes_oaep_decrypt( String $c, String $l = '' )
RSAES-OAEP-DECRYPT
See RFC3447#section-7.1.2. The fact that the error messages aren't distinguishable
from one another hinders debugging, but, to quote from RFC3447#section-7.1.2:
Note. Care must be taken to ensure that an opponent cannot distinguish the
different error conditions in Step 3.g, whether by error message or timing, or,
more generally, learn partial information about the encoded message EM.
Otherwise an opponent may be able to obtain useful information about the
decryption of the ciphertext C, leading to a chosen-ciphertext attack such as
the one observed by Manger [36].
As for $l... to quote from RFC3447#page-17:
Both the encryption and the decryption operations of RSAES-OAEP take the value
of a label L as input. In this version of PKCS #1, L is the empty string; other
uses of the label are outside the scope of this document.
Parameters
Returns
String
|
public
String
|
#
_rsaes_pkcs1_v1_5_encrypt( String $m )
|
public
String
|
#
_rsaes_pkcs1_v1_5_decrypt( String $c )
RSAES-PKCS1-V1_5-DECRYPT
See RFC3447#section-7.2.2.
For compatability purposes, this function departs slightly from the
description given in RFC3447. The reason being that RFC2313#section-8.1 (PKCS#1
v1.5) states that ciphertext's encrypted by the private key should have the
second byte set to either 0 or 1 and that ciphertext's encrypted by the public
key should have the second byte set to 2. In RFC3447 (PKCS#1 v2.1), the second
byte is supposed to be 2 regardless of which key is used. for compatability
purposes, we'll just check to make sure the second byte is 2 or less. If it is,
we'll accept the decrypted string as valid.
As a consequence of this, a private key encrypted ciphertext produced with
Crypt_RSA may not decrypt with a strictly PKCS#1 v1.5 compliant RSA
implementation. Public key encrypted ciphertext's should but not private key
encrypted ciphertext's.
Parameters
Returns
String
|
public
|
#
_emsa_pss_encode( String $m, Integer $emBits )
|
public
String
|
#
_emsa_pss_verify( String $m, String $em, Integer $emBits )
EMSA-PSS-VERIFY
See RFC3447#section-9.1.2.
Parameters
- $m
String $m
- $em
String $em
- $emBits
Integer $emBits
Returns
String
|
public
String
|
#
_rsassa_pss_sign( String $m )
|
public
String
|
#
_rsassa_pss_verify( String $m, String $s )
|
public
String
|
#
_emsa_pkcs1_v1_5_encode( String $m, Integer $emLen )
EMSA-PKCS1-V1_5-ENCODE
See RFC3447#section-9.2.
Parameters
- $m
String $m
- $emLen
Integer $emLen
Returns
String
|
public
String
|
#
_rsassa_pkcs1_v1_5_sign( String $m )
|
public
String
|
#
_rsassa_pkcs1_v1_5_verify( String $m, mixed $s )
|
public
|
#
setEncryptionMode( Integer $mode )
Set Encryption Mode
Valid values include CRYPT_RSA_ENCRYPTION_OAEP and
CRYPT_RSA_ENCRYPTION_PKCS1.
Parameters
|
public
|
#
setSignatureMode( Integer $mode )
Set Signature Mode
Valid values include CRYPT_RSA_SIGNATURE_PSS and
CRYPT_RSA_SIGNATURE_PKCS1
Parameters
|
public
String
|
#
encrypt( String $plaintext )
Encryption
Both CRYPT_RSA_ENCRYPTION_OAEP and CRYPT_RSA_ENCRYPTION_PKCS1 both place
limits on how long $plaintext can be. If $plaintext exceeds those limits it will
be broken up so that it does and the resultant ciphertext's will be concatenated
together.
Parameters
- $plaintext
String $plaintext
Returns
String
See
|
public
String
|
#
decrypt( String $ciphertext )
Decryption
Parameters
- $ciphertext
String $plaintext
Returns
String
See
|
public
String
|
#
sign( String $message )
Create a signature
Parameters
Returns
String
See
|
public
Boolean
|
#
verify( String $message, String $signature )
Verifies a signature
Parameters
- $message
String $message
- $signature
String $signature
Returns
Boolean
See
|
public
Array
|
$zero |
|
public
Array
|
$one |
|
public
Integer
|
$privateKeyFormat |
|
public
Integer
|
$publicKeyFormat |
|
public
Math_BigInteger
|
$modulus |
|
public
Math_BigInteger
|
$k |
|
public
Math_BigInteger
|
$exponent |
|
public
Array
|
$primes |
#
Primes for Chinese Remainder Theorem (ie. p and q)
Primes for Chinese Remainder Theorem (ie. p and q)
|
public
Array
|
$exponents |
#
Exponents for Chinese Remainder Theorem (ie. dP and dQ)
Exponents for Chinese Remainder Theorem (ie. dP and dQ)
|
public
Array
|
$coefficients |
#
Coefficients for Chinese Remainder Theorem (ie. qInv)
Coefficients for Chinese Remainder Theorem (ie. qInv)
|
public
String
|
$hashName |
|
public
Crypt_Hash
|
$hash |
|
public
Integer
|
$hLen |
#
Length of hash function output
Length of hash function output
|
public
Integer
|
$sLen |
|
public
Crypt_Hash
|
$mgfHash |
#
Hash function for the Mask Generation Function
Hash function for the Mask Generation Function
|
public
Integer
|
$mgfHLen |
#
Length of MGF hash function output
Length of MGF hash function output
|
public
Integer
|
$encryptionMode |
|
public
Integer
|
$signatureMode |
|
public
Mixed
|
$publicExponent |
|
public
String
|
$password |
|
public
Array
|
$components |
#
Components
For use with parsing XML formatted keys. PHP's XML Parser functions use
utilized - instead of PHP's DOM functions - because PHP's XML Parser functions
work on PHP4 whereas PHP's DOM functions - although surperior - don't.
See
|
public
Mixed
|
$current |
#
Current String
For use with parsing XML formatted keys.
See
|