\phpseclib\CryptRSA

__construct()

__construct() : \phpseclib\Crypt\RSA

The constructor

If you want to make use of the openssl extension, you'll need to set the mode manually, yourself. The reason \phpseclib\Crypt\RSA doesn't do it is because OpenSSL doesn't fail gracefully. openssl_pkey_new(), in particular, requires openssl.cnf be present somewhere and, unfortunately, the only real way to find out is too late.

Returns

createKey()

createKey(integer  $bits = 1024, integer  $timeout = false,   $partial = array()) 

Create public / private key pair

Returns an array with the following three elements:

• 'privatekey': The private key.
• 'publickey': The public key.
• 'partialkey': A partially computed key (if the execution time exceeded $timeout). Will need to be passed back to \phpseclib\Crypt\RSA::createKey() as the third parameter for further processing.

Parameters

_convertPrivateKey()

_convertPrivateKey(  $n,   $e,   $d,   $primes,   $exponents,   $coefficients) : string

Convert a private key to the appropriate format.

Parameters

Returns

_convertPublicKey()

_convertPublicKey(  $n,   $e) : string

Convert a public key to the appropriate format

Parameters

Returns

_parseKey()

_parseKey(string|array  $key, integer  $type) : array|boolean

Break a public or private key down into its constituant components

Parameters

Returns

getSize()

getSize() : integer

Returns the key size

More specifically, this returns the size of the modulo in bits.

Returns

_start_element_handler()

_start_element_handler(resource  $parser, string  $name, array  $attribs) 

Start Element Handler

Called by xml_set_element_handler()

Parameters

_stop_element_handler()

_stop_element_handler(resource  $parser, string  $name) 

Stop Element Handler

Called by xml_set_element_handler()

Parameters

_data_handler()

_data_handler(resource  $parser, string  $data) 

Data Handler

Called by xml_set_character_data_handler()

Parameters

loadKey()

loadKey(string|\phpseclib\Crypt\RSA|array  $key, boolean|integer  $type = false) : boolean

Loads a public or private key

Returns true on success and false on failure (ie. an incorrect password was provided or the key was malformed)

Parameters

Returns

setPassword()

setPassword(string  $password = false) 

Sets the password

Private keys can be encrypted with a password. To unset the password, pass in the empty string or false. Or rather, pass in $password such that empty($password) && !is_string($password) is true.

Parameters

setPublicKey()

setPublicKey(string  $key = false, integer  $type = false) : boolean

Defines the public key

Some private key formats define the public exponent and some don't. Those that don't define it are problematic when used in certain contexts. For example, in SSH-2, RSA authentication works by sending the public key along with a message signed by the private key to the server. The SSH-2 server looks the public key up in an index of public keys and if it's present then proceeds to verify the signature. Problem is, if your private key doesn't include the public exponent this won't work unless you manually add the public exponent. phpseclib tries to guess if the key being used is the public key but in the event that it guesses incorrectly you might still want to explicitly set the key as being public.

Do note that when a new key is loaded the index will be cleared.

Returns true on success, false on failure

Parameters

Returns

setPrivateKey()

setPrivateKey(string  $key = false, integer  $type = false) : boolean

Defines the private key

If phpseclib guessed a private key was a public key and loaded it as such it might be desirable to force phpseclib to treat the key as a private key. This function will do that.

Do note that when a new key is loaded the index will be cleared.

Returns true on success, false on failure

Parameters

Returns

getPublicKey()

getPublicKey(integer  $type = self::PUBLIC_FORMAT_PKCS8) 

Returns the public key

The public key is only returned under two circumstances - if the private key had the public key embedded within it or if the public key was set via setPublicKey(). If the currently loaded key is supposed to be the public key this function won't return it since this library, for the most part, doesn't distinguish between public and private keys.

Parameters

getPublicKeyFingerprint()

getPublicKeyFingerprint(string  $algorithm = 'md5') : mixed

Returns the public key's fingerprint

The public key's fingerprint is returned, which is equivalent to running ssh-keygen -lf rsa.pub. If there is no public key currently loaded, false is returned. Example output (md5): "c1:b1:30:29:d7:b8:de:6c:97:77:10:d7:46:41:63:87" (as specified by RFC 4716)

Parameters

Returns

getPrivateKey()

getPrivateKey(integer  $type = self::PUBLIC_FORMAT_PKCS1) : mixed

Returns the private key

The private key is only returned if the currently loaded key contains the constituent prime numbers.

Parameters

Returns

_getPrivatePublicKey()

_getPrivatePublicKey(  $mode = self::PUBLIC_FORMAT_PKCS8) 

Returns a minimalistic private key

Returns the private key without the prime number constituants. Structurally identical to a public key that hasn't been set as the public key

Parameters

__toString()

__toString() : string

__toString() magic method

Returns

__clone()

__clone() : \phpseclib\Crypt\Crypt_RSA

__clone() magic method

Returns

_generateMinMax()

_generateMinMax(integer  $bits) : array

Generates the smallest and largest numbers requiring $bits bits

Parameters

Returns

_decodeLength()

_decodeLength(string  $string) : integer

DER-decode the length

DER supports lengths up to (28)127, however, we'll only support lengths up to (28)4. See X.690 paragraph 8.1.3 for more information.

Parameters

Returns

_encodeLength()

_encodeLength(integer  $length) : string

DER-encode the length

DER supports lengths up to (28)127, however, we'll only support lengths up to (28)4. See X.690 paragraph 8.1.3 for more information.

Parameters

Returns

_string_shift()

_string_shift(string  $string, integer  $index = 1) : string

String Shift

Inspired by array_shift

Parameters

Returns

setPrivateKeyFormat()

setPrivateKeyFormat(integer  $format) 

Determines the private key format

Parameters

setPublicKeyFormat()

setPublicKeyFormat(integer  $format) 

Determines the public key format

Parameters

setHash()

setHash(string  $hash) 

Determines which hashing function should be used

Used with signature production / verification and (if the encryption mode is self::ENCRYPTION_OAEP) encryption and decryption. If $hash isn't supported, sha1 is used.

Parameters

setMGFHash()

setMGFHash(string  $hash) 

Determines which hashing function should be used for the mask generation function

The mask generation function is used by self::ENCRYPTION_OAEP and self::SIGNATURE_PSS and although it's best if Hash and MGFHash are set to the same thing this is not a requirement.

Parameters

setSaltLength()

setSaltLength(  $sLen) 

Determines the salt length

To quote from RFC3447#page-38:

Typical salt lengths in octets are hLen (the length of the output of the hash function Hash) and 0.

Parameters

_i2osp()

_i2osp(\phpseclib\Math\BigInteger  $x, integer  $xLen) : string

Integer-to-Octet-String primitive

See RFC3447#section-4.1.

Parameters

Returns

_os2ip()

_os2ip(string  $x) : \phpseclib\Math\BigInteger

Octet-String-to-Integer primitive

See RFC3447#section-4.2.

Parameters

Returns

_exponentiate()

_exponentiate(\phpseclib\Math\BigInteger  $x) : \phpseclib\Math\BigInteger

Exponentiate with or without Chinese Remainder Theorem

See RFC3447#section-5.1.2.

Parameters

Returns

_blind()

_blind(\phpseclib\Math\BigInteger  $x, \phpseclib\Math\BigInteger  $r, integer  $i) : \phpseclib\Math\BigInteger

Performs RSA Blinding

Protects against timing attacks by employing RSA Blinding. Returns $x->modPow($this->exponents[$i], $this->primes[$i])

Parameters

Returns

_equals()

_equals(string  $x, string  $y) : boolean

Performs blinded RSA equality testing

Protects against a particular type of timing attack described.

See A Lesson In Timing Attacks (or, Don't use MessageDigest.isEquals)

Thanks for the heads up singpolyma!

Parameters

Returns

_rsaep()

_rsaep(\phpseclib\Math\BigInteger  $m) : \phpseclib\Math\BigInteger

RSAEP

See RFC3447#section-5.1.1.

Parameters

Returns

_rsadp()

_rsadp(\phpseclib\Math\BigInteger  $c) : \phpseclib\Math\BigInteger

RSADP

See RFC3447#section-5.1.2.

Parameters

Returns

_rsasp1()

_rsasp1(\phpseclib\Math\BigInteger  $m) : \phpseclib\Math\BigInteger

RSASP1

See RFC3447#section-5.2.1.

Parameters

Returns

_rsavp1()

_rsavp1(\phpseclib\Math\BigInteger  $s) : \phpseclib\Math\BigInteger

RSAVP1

See RFC3447#section-5.2.2.

Parameters

Returns

_mgf1()

_mgf1(string  $mgfSeed,   $maskLen) : string

MGF1

See RFC3447#appendix-B.2.1.

Parameters

Returns

_rsaes_oaep_encrypt()

_rsaes_oaep_encrypt(string  $m, string  $l = '') : string

RSAES-OAEP-ENCRYPT

See RFC3447#section-7.1.1 and {http://en.wikipedia.org/wiki/Optimal_Asymmetric_Encryption_Padding OAES}.

Parameters

Returns

_rsaes_oaep_decrypt()

_rsaes_oaep_decrypt(string  $c, string  $l = '') : string

RSAES-OAEP-DECRYPT

See RFC3447#section-7.1.2. The fact that the error messages aren't distinguishable from one another hinders debugging, but, to quote from RFC3447#section-7.1.2:

Note. Care must be taken to ensure that an opponent cannot distinguish the different error conditions in Step 3.g, whether by error message or timing, or, more generally, learn partial information about the encoded message EM. Otherwise an opponent may be able to obtain useful information about the decryption of the ciphertext C, leading to a chosen-ciphertext attack such as the one observed by Manger [36].

As for $l... to quote from RFC3447#page-17:

Both the encryption and the decryption operations of RSAES-OAEP take the value of a label L as input. In this version of PKCS #1, L is the empty string; other uses of the label are outside the scope of this document.

Parameters

Returns

_raw_encrypt()

_raw_encrypt(string  $m) : string

Raw Encryption / Decryption

Doesn't use padding and is not recommended.

Parameters

Returns

_rsaes_pkcs1_v1_5_encrypt()

_rsaes_pkcs1_v1_5_encrypt(string  $m) : string

RSAES-PKCS1-V1_5-ENCRYPT

See RFC3447#section-7.2.1.

Parameters

Returns

_rsaes_pkcs1_v1_5_decrypt()

_rsaes_pkcs1_v1_5_decrypt(string  $c) : string

RSAES-PKCS1-V1_5-DECRYPT

See RFC3447#section-7.2.2.

For compatibility purposes, this function departs slightly from the description given in RFC3447. The reason being that RFC2313#section-8.1 (PKCS#1 v1.5) states that ciphertext's encrypted by the private key should have the second byte set to either 0 or 1 and that ciphertext's encrypted by the public key should have the second byte set to 2. In RFC3447 (PKCS#1 v2.1), the second byte is supposed to be 2 regardless of which key is used. For compatibility purposes, we'll just check to make sure the second byte is 2 or less. If it is, we'll accept the decrypted string as valid.

As a consequence of this, a private key encrypted ciphertext produced with \phpseclib\Crypt\RSA may not decrypt with a strictly PKCS#1 v1.5 compliant RSA implementation. Public key encrypted ciphertext's should but not private key encrypted ciphertext's.

Parameters

Returns

_emsa_pss_encode()

_emsa_pss_encode(string  $m, integer  $emBits) 

EMSA-PSS-ENCODE

See RFC3447#section-9.1.1.

Parameters

_emsa_pss_verify()

_emsa_pss_verify(string  $m, string  $em, integer  $emBits) : string

EMSA-PSS-VERIFY

See RFC3447#section-9.1.2.

Parameters

Returns

_rsassa_pss_sign()

_rsassa_pss_sign(string  $m) : string

RSASSA-PSS-SIGN

See RFC3447#section-8.1.1.

Parameters

Returns

_rsassa_pss_verify()

_rsassa_pss_verify(string  $m, string  $s) : string

RSASSA-PSS-VERIFY

See RFC3447#section-8.1.2.

Parameters

Returns

_emsa_pkcs1_v1_5_encode()

_emsa_pkcs1_v1_5_encode(string  $m, integer  $emLen) : string

EMSA-PKCS1-V1_5-ENCODE

See RFC3447#section-9.2.

Parameters

Returns

_rsassa_pkcs1_v1_5_sign()

_rsassa_pkcs1_v1_5_sign(string  $m) : string

RSASSA-PKCS1-V1_5-SIGN

See RFC3447#section-8.2.1.

Parameters

Returns

_rsassa_pkcs1_v1_5_verify()

_rsassa_pkcs1_v1_5_verify(string  $m,   $s) : string

RSASSA-PKCS1-V1_5-VERIFY

See RFC3447#section-8.2.2.

Parameters

Returns

setEncryptionMode()

setEncryptionMode(integer  $mode) 

Set Encryption Mode

Valid values include self::ENCRYPTION_OAEP and self::ENCRYPTION_PKCS1.

Parameters

setSignatureMode()

setSignatureMode(integer  $mode) 

Set Signature Mode

Valid values include self::SIGNATURE_PSS and self::SIGNATURE_PKCS1

Parameters

setComment()

setComment(string  $comment) 

Set public key comment.

Parameters

getComment()

getComment() : string

Get public key comment.

Returns

encrypt()

encrypt(string  $plaintext) : string

Encryption

Both self::ENCRYPTION_OAEP and self::ENCRYPTION_PKCS1 both place limits on how long $plaintext can be. If $plaintext exceeds those limits it will be broken up so that it does and the resultant ciphertext's will be concatenated together.

Parameters

Returns

decrypt()

decrypt(  $ciphertext) : string

Decryption

Parameters

Returns

sign()

sign(string  $message) : string

Create a signature

Parameters

Returns

verify()

verify(string  $message, string  $signature) : boolean

Verifies a signature

Parameters

Returns

_extractBER()

_extractBER(string  $str) : string

Extract raw BER from Base64 encoding

Parameters

Returns