Instead of directly encrypting data with the public key, you can use another technology with a symmetric key and then encrypt the symmetric key with the public key. The "recipient" will get the encrypted key along with the encrypted data. Then he will first decrypt the key using his private key and then use it to decrypt data.
In the OpenSSL extension there are functions, which implement that.You can use the openssl_seal() function, which encrypts data using RC4 with a randomly generated key and encrypts that key with the public key. Encrypted data can be then decrypted using the openssl_open() function.
Although there is no problem in using these functions directly, I wrote a simple object oriented library to make the process easier and more "programmer-firendly". It offers more convenience with key manipulation and mey be extended in the future. Example usage:
namespace OpenSslCrypt; $processor = new Processor(); /* * Encryption with the public key. */ $pubKey = Key\Pub::fromCertificateFile('ssl/crypt.crt'); $encData = $processor->encrypt($data, $pubKey); /* * Decryption with the private key. */ $privKey = Key\Priv::fromPrivateKeyFile('ssl/crypt.key'); $decData = $processor->decrypt($encData, $privKey);
You can find it on GitHub.
No comments:
Post a Comment