RSA Encryption & Decryption on PHP

Generate an RSA keypair with a 4096 bit private key

Execute command: openssl genrsa -out private_key.pem 4096

e.g.

$ openssl genrsa -out private_key.pem 4096
Generating RSA private key, 4096 bit long modulus
.............................++++++
................................................................++++++
e is 65537 (0x10001)

Make sure to prevent other users from reading your key by executing chmod go-r private_key.pem afterward.

Extracting the public key from an RSA keypair

Execute command: openssl rsa -pubout -in private_key.pem -out public_key.pem

e.g.

$ openssl rsa -pubout -in private_key.pem -out public_key.pem
writing RSA key

A new file is created, public_key.pem, with the public key.

It is relatively easy to do some cryptographic calculations to calculate the public key from the prime1 and prime2 values in the public key file. However, OpenSSL has already pre-calculated the public key and stored it in the private key file. So this command doesn't actually do any cryptographic calculation -- it merely copies the public key bytes out of the file and writes the Base64 PEM encoded version of those bytes into the output public key file.

Use phpseclib - PHP Secure Communications Library

Encryption

<?php

header('Content-Type: text/xml; charset=utf-8');

include_once(dirname(dirname(__FILE__)).DIRECTORY_SEPARATOR.'phpseclib'.DIRECTORY_SEPARATOR.'Math'.DIRECTORY_SEPARATOR.'BigInteger.php');
include_once(dirname(dirname(__FILE__)).DIRECTORY_SEPARATOR.'phpseclib'.DIRECTORY_SEPARATOR.'Crypt'.DIRECTORY_SEPARATOR.'AES.php');
include_once(dirname(dirname(__FILE__)).DIRECTORY_SEPARATOR.'phpseclib'.DIRECTORY_SEPARATOR.'Crypt'.DIRECTORY_SEPARATOR.'RSA.php');


/*
|--------------------------------------------------------------------------
| Encryption
|--------------------------------------------------------------------------
|
*/

$publickey = <<<EOD
-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqGKukO1De7zhZj6+H0qtjTkVxwTCpvKe4eCZ0
FPqri0cb2JZfXJ/DgYSF6vUpwmJG8wVQZKjeGcjDOL5UlsuusFncCzWBQ7RKNUSesmQRMSGkVb1/
3j+skZ6UtW+5u09lHNsj6tQ51s1SPrCBkedbNf0Tp0GbMJDyR4e9T04ZZwIDAQAB
-----END PUBLIC KEY-----
EOD;

$rsa = new Crypt_RSA();
$rsa->loadKey($publickey); // public key

$plaintext = '...';

$ciphertext = $rsa->encrypt($plaintext);

echo '<pre>' . base64_encode($ciphertext) . '</pre>';

Decryption

<?php

header('Content-Type: text/xml; charset=utf-8');

include_once(dirname(dirname(__FILE__)).DIRECTORY_SEPARATOR.'phpseclib'.DIRECTORY_SEPARATOR.'Math'.DIRECTORY_SEPARATOR.'BigInteger.php');
include_once(dirname(dirname(__FILE__)).DIRECTORY_SEPARATOR.'phpseclib'.DIRECTORY_SEPARATOR.'Crypt'.DIRECTORY_SEPARATOR.'AES.php');
include_once(dirname(dirname(__FILE__)).DIRECTORY_SEPARATOR.'phpseclib'.DIRECTORY_SEPARATOR.'Crypt'.DIRECTORY_SEPARATOR.'RSA.php');

/*
|--------------------------------------------------------------------------
| Decryption
|--------------------------------------------------------------------------
|
*/

$ciphertext = base64_decode(str_replace(' ', '+', $_GET['crypttext']));

$privatekey = <<<EOD
-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQCqGKukO1De7zhZj6+H0qtjTkVxwTCpvKe4eCZ0FPqri0cb2JZfXJ/DgYSF6vUp
wmJG8wVQZKjeGcjDOL5UlsuusFncCzWBQ7RKNUSesmQRMSGkVb1/3j+skZ6UtW+5u09lHNsj6tQ5
1s1SPrCBkedbNf0Tp0GbMJDyR4e9T04ZZwIDAQABAoGAFijko56+qGyN8M0RVyaRAXz++xTqHBLh
3tx4VgMtrQ+WEgCjhoTwo23KMBAuJGSYnRmoBZM3lMfTKevIkAidPExvYCdm5dYq3XToLkkLv5L2
pIIVOFMDG+KESnAFV7l2c+cnzRMW0+b6f8mR1CJzZuxVLL6Q02fvLi55/mbSYxECQQDeAw6fiIQX
GukBI4eMZZt4nscy2o12KyYner3VpoeE+Np2q+Z3pvAMd/aNzQ/W9WaI+NRfcxUJrmfPwIGm63il
AkEAxCL5HQb2bQr4ByorcMWm/hEP2MZzROV73yF41hPsRC9m66KrheO9HPTJuo3/9s5p+sqGxOlF
L0NDt4SkosjgGwJAFklyR1uZ/wPJjj611cdBcztlPdqoxssQGnh85BzCj/u3WqBpE2vjvyyvyI5k
X6zk7S0ljKtt2jny2+00VsBerQJBAJGC1Mg5Oydo5NwD6BiROrPxGo2bpTbu/fhrT8ebHkTz2epl
U9VQQSQzY1oZMVX8i1m5WUTLPz2yLJIBQVdXqhMCQBGoiuSoSjafUhV7i1cEGpb88h5NBYZzWXGZ
37sJ5QsW+sJyoNde3xH8vdXhzU7eT82D6X/scw9RZz+/6rCJ4p0=
-----END RSA PRIVATE KEY-----
EOD;

$rsa = new Crypt_RSA();
$rsa->loadKey($privatekey); // private key
$plaintext = $rsa->decrypt($ciphertext);
echo '<pre>' . $plaintext . '</pre>';

/*
|--------------------------------------------------------------------------
| Signature Verifiy
|--------------------------------------------------------------------------
|
*/

$publickey = <<<EOD
-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqGKukO1De7zhZj6+H0qtjTkVxwTCpvKe4eCZ0
FPqri0cb2JZfXJ/DgYSF6vUpwmJG8wVQZKjeGcjDOL5UlsuusFncCzWBQ7RKNUSesmQRMSGkVb1/
3j+skZ6UtW+5u09lHNsj6tQ51s1SPrCBkedbNf0Tp0GbMJDyR4e9T04ZZwIDAQAB
-----END PUBLIC KEY-----
EOD;

$signature = $rsa->sign($plaintext);
$rsa->loadKey($publickey);
echo $rsa->verify($plaintext, $signature) ? 'verified' : 'unverified';
RSA Encryption & Decryption on PHP
27 votes, 4.69 avg. rating (93% score)