TA_OpenSSL Encrypts and Decrypts using the PHP OpenSSL extension
and the RSA Algorithm. The only one php supports as of 4.3.3
Quick Instructions:
Download the tar.gz file
Extract all files to same directory in a web folder
Navigate to the openssl_test.html page
Copyright (C) 2003 Terra Access
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
A quick note:
I also have a derived class that is able to encrypt large data
sources. I haven't fully test it yet so I didn't release it here.
If anyone is interested in obtaining a copy email me at dev@terraaccess.com and I will email you a copy.
* Requires: OpenSSL Extension Installed and working
* PHP 4.1 or higher ( Tested on 4.3.1, 4.1.2, 4.3.3 )
* Localization File: english_encrypt.php or translated file
* RSA Certificate and Key File
* Note: I included a public and private key with this
* distribution. The passphrase is 'testing'
*
* Private Key File: privkey_test.pem
* Public Key File: cacert_test.pem
*
* Localization Note:
* I've also made it compatible with localization. The english version
* is in file english_encrypt.php. To use other languages just save the
* english_encrypt.php file as [language]_encrypt.php. Translate the defines
* to the language of choice and change the require_once at the top of the class page.
* If you do we would appreciate it if you emailed us a copy of the new translation.
* Thanks <dev@terraaccess.com>
*
*
*If you don't want to use the included keys...
* Creating a Private Key:
* openssl genrsa -des3 -out privkey.pem 2048
* Note: this was taken straight from http://www.openssl.org/docs/HOWTO/keys.txt
* to create a key file without a passphrase remove the -des3 param
* Key Size: In the above example the key size is 2048 bits. The size of your data
* to encrypt is limited by this number. You can only encrypt data of the
* length:
* bytes - 11
* 2048 bits / 8 bits per byte = 256 bytes
* 256 - 11 = 245 byte Maximum size of data to encrypt
*
* Creating a Certificate (Public Key):
* openssl req -new -x509 -key privkey.pem -out cacert.pem -days 1095
* Note: this was taken straight from http://www.openssl.org/docs/HOWTO/certificates.txt
*
SECURITY NOTES:
You should keep your private key just that private. If you use a passphrase
when creating your private key noone can retrieve your data using the
private key without the proper passphrase. I am open to suggestions from
anyone on the most reliable way to accomplish this.
Steps to Using Class:
1. Include the class file in your source
2. Create an instance of the class
3. Set the public key path
4. Set the private key path
5. Set the passphrase ( set to "" if passphrase not used in key generation)
6. To Encrypt:
a. Call encrypt_data_public() to encrypt
b. Call get_encrypted_data() to retrieve data
7. To Decrypt:
a. Call decrypt_data_private
b. Call get_decrypted_data() to retrieve data
See openssl_test.php for commented example
EXAMPLE CODE RESOURCE:
This is the example code that I used to write this class.
I retrieved it from the following page...
http://si.php.net:8888/manual/en/function.openssl-public-encrypt.php
webmaster@costarica-travelinfo.com
<?php
//STEP 1: Encryption with Public Key (you will need Private Key to decrypt - see step2)
$string="Some Important Data";
$fp=fopen ("cert.pem","r");
$pub_key=fread ($fp,8192);
fclose($fp);
$PK="";
$PK=openssl_get_publickey($pub_key);
if (!$PK) {
echo "Cannot get public key";
}
$finaltext="";
openssl_public_encrypt($string,$finaltext,$PK);
if (!empty($finaltext)) {
openssl_free_key($PK);
echo "Encryption OK!";
}else{
echo "Cannot Encrypt";
}
// STEP 2: Decription (Using Private Key)
$fp=fopen ("pk.pem","r");
$priv_key2=fread ($fp,8192);
fclose($fp);
$PK2=openssl_get_privatekey($priv_key2);
$Crypted=openssl_private_decrypt($Data,$Decrypted,$PK2);
if (!$Crypted) {
$MSG.="<p class='error'>Cannot Decrypt ($CCID).</p>";
}else{
echo "Decrypted Data: " . $Decrypted;
}
?> |