Generate an RSA keypair with a 4096 bit private key
Execute command: openssl genrsa -out private_key.pem 4096
e.g.
$ openssl genrsa -out private_key.pem 4096 Generating RSA private key, 4096 bit long modulus .............................++++++ ................................................................++++++ e is 65537 (0x10001)
Make sure to prevent other users from reading your key by executing chmod go-r private_key.pem
afterward.
Extracting the public key from an RSA keypair
Execute command: openssl rsa -pubout -in private_key.pem -out public_key.pem
e.g.
$ openssl rsa -pubout -in private_key.pem -out public_key.pem writing RSA key
A new file is created, public_key.pem
, with the public key.
It is relatively easy to do some cryptographic calculations to calculate the public key from the prime1 and prime2 values in the public key file. However, OpenSSL has already pre-calculated the public key and stored it in the private key file. So this command doesn't actually do any cryptographic calculation -- it merely copies the public key bytes out of the file and writes the Base64 PEM encoded version of those bytes into the output public key file.
Use phpseclib - PHP Secure Communications Library
Encryption
<?php header('Content-Type: text/xml; charset=utf-8'); include_once(dirname(dirname(__FILE__)).DIRECTORY_SEPARATOR.'phpseclib'.DIRECTORY_SEPARATOR.'Math'.DIRECTORY_SEPARATOR.'BigInteger.php'); include_once(dirname(dirname(__FILE__)).DIRECTORY_SEPARATOR.'phpseclib'.DIRECTORY_SEPARATOR.'Crypt'.DIRECTORY_SEPARATOR.'AES.php'); include_once(dirname(dirname(__FILE__)).DIRECTORY_SEPARATOR.'phpseclib'.DIRECTORY_SEPARATOR.'Crypt'.DIRECTORY_SEPARATOR.'RSA.php'); /* |-------------------------------------------------------------------------- | Encryption |-------------------------------------------------------------------------- | */ $publickey = <<<EOD -----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqGKukO1De7zhZj6+H0qtjTkVxwTCpvKe4eCZ0 FPqri0cb2JZfXJ/DgYSF6vUpwmJG8wVQZKjeGcjDOL5UlsuusFncCzWBQ7RKNUSesmQRMSGkVb1/ 3j+skZ6UtW+5u09lHNsj6tQ51s1SPrCBkedbNf0Tp0GbMJDyR4e9T04ZZwIDAQAB -----END PUBLIC KEY----- EOD; $rsa = new Crypt_RSA(); $rsa->loadKey($publickey); // public key $plaintext = '...'; $ciphertext = $rsa->encrypt($plaintext); echo '<pre>' . base64_encode($ciphertext) . '</pre>';
Decryption
<?php header('Content-Type: text/xml; charset=utf-8'); include_once(dirname(dirname(__FILE__)).DIRECTORY_SEPARATOR.'phpseclib'.DIRECTORY_SEPARATOR.'Math'.DIRECTORY_SEPARATOR.'BigInteger.php'); include_once(dirname(dirname(__FILE__)).DIRECTORY_SEPARATOR.'phpseclib'.DIRECTORY_SEPARATOR.'Crypt'.DIRECTORY_SEPARATOR.'AES.php'); include_once(dirname(dirname(__FILE__)).DIRECTORY_SEPARATOR.'phpseclib'.DIRECTORY_SEPARATOR.'Crypt'.DIRECTORY_SEPARATOR.'RSA.php'); /* |-------------------------------------------------------------------------- | Decryption |-------------------------------------------------------------------------- | */ $ciphertext = base64_decode(str_replace(' ', '+', $_GET['crypttext'])); $privatekey = <<<EOD -----BEGIN RSA PRIVATE KEY----- MIICXAIBAAKBgQCqGKukO1De7zhZj6+H0qtjTkVxwTCpvKe4eCZ0FPqri0cb2JZfXJ/DgYSF6vUp wmJG8wVQZKjeGcjDOL5UlsuusFncCzWBQ7RKNUSesmQRMSGkVb1/3j+skZ6UtW+5u09lHNsj6tQ5 1s1SPrCBkedbNf0Tp0GbMJDyR4e9T04ZZwIDAQABAoGAFijko56+qGyN8M0RVyaRAXz++xTqHBLh 3tx4VgMtrQ+WEgCjhoTwo23KMBAuJGSYnRmoBZM3lMfTKevIkAidPExvYCdm5dYq3XToLkkLv5L2 pIIVOFMDG+KESnAFV7l2c+cnzRMW0+b6f8mR1CJzZuxVLL6Q02fvLi55/mbSYxECQQDeAw6fiIQX GukBI4eMZZt4nscy2o12KyYner3VpoeE+Np2q+Z3pvAMd/aNzQ/W9WaI+NRfcxUJrmfPwIGm63il AkEAxCL5HQb2bQr4ByorcMWm/hEP2MZzROV73yF41hPsRC9m66KrheO9HPTJuo3/9s5p+sqGxOlF L0NDt4SkosjgGwJAFklyR1uZ/wPJjj611cdBcztlPdqoxssQGnh85BzCj/u3WqBpE2vjvyyvyI5k X6zk7S0ljKtt2jny2+00VsBerQJBAJGC1Mg5Oydo5NwD6BiROrPxGo2bpTbu/fhrT8ebHkTz2epl U9VQQSQzY1oZMVX8i1m5WUTLPz2yLJIBQVdXqhMCQBGoiuSoSjafUhV7i1cEGpb88h5NBYZzWXGZ 37sJ5QsW+sJyoNde3xH8vdXhzU7eT82D6X/scw9RZz+/6rCJ4p0= -----END RSA PRIVATE KEY----- EOD; $rsa = new Crypt_RSA(); $rsa->loadKey($privatekey); // private key $plaintext = $rsa->decrypt($ciphertext); echo '<pre>' . $plaintext . '</pre>'; /* |-------------------------------------------------------------------------- | Signature Verifiy |-------------------------------------------------------------------------- | */ $publickey = <<<EOD -----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqGKukO1De7zhZj6+H0qtjTkVxwTCpvKe4eCZ0 FPqri0cb2JZfXJ/DgYSF6vUpwmJG8wVQZKjeGcjDOL5UlsuusFncCzWBQ7RKNUSesmQRMSGkVb1/ 3j+skZ6UtW+5u09lHNsj6tQ51s1SPrCBkedbNf0Tp0GbMJDyR4e9T04ZZwIDAQAB -----END PUBLIC KEY----- EOD; $signature = $rsa->sign($plaintext); $rsa->loadKey($publickey); echo $rsa->verify($plaintext, $signature) ? 'verified' : 'unverified';