Encrypt and Decrypt Text With Rsa in PHP

Encrypt and Decrypt text with RSA in PHP

You can use phpseclib, a pure PHP RSA implementation:

<?php
include('Crypt/RSA.php');

$privatekey = file_get_contents('private.key');

$rsa = new Crypt_RSA();
$rsa->loadKey($privatekey);

$plaintext = new Math_BigInteger('aaaaaa');
echo $rsa->_exponentiate($plaintext)->toBytes();
?>

RSA decryption using private key

phpseclib, a pure PHP RSA implementation, supports XML private keys in this format. Usage example:

<?php
include('Crypt/RSA.php');

$rsa = new Crypt_RSA();
$rsa->loadKey('...'); // private key

echo $rsa->decrypt($ciphertext);
?>

RSA Encryption in PHP

$pubkey_n = 'CA498337FDD3D7C5487DBE5101899309B51B9B4708E647F85CC599A6C96ADFF62D7CD6A184DF346A3F707E7A34C5853ABA9030C65773AF604C59B8ED2E78D869F26B57E03CA9D0D45C67B8791AB010482224D108FCE20B515D8B1904B4DB41D0003950245E2382CA62477727E543850BC4FD4235041A44F213A99514EF5F64BE3D7F9DEE9E383062078D4E64ED92A42B94A0466B5BC36DAC55499DEA719A38C3A0C287724F57C64507AB424E9DBCC7F93112CF38D1B5458BFCD454F4907C5A617EBCD0F79DE40BBF8971D7CF225D9425010CF5CF638EF00B2582CDE7EA41DF7D65419B4129BBD37A872372D270B537B95C2DEE078107515B8CE719D5020CF337';
$pubkey_e = '010001';
$message = "Hello World";

$rsa = new Crypt_RSA();
$r = $rsa->loadkey(
    array(
      'e' => new Math_BigInteger($pubkey_e, 16),
      'n' => new Math_BigInteger($pubkey_n, 16)
    ),
    CRYPT_RSA_PUBLIC_FORMAT_RAW
);
//$rsa->setEncryptionMode(CRYPT_RSA_ENCRYPTION_PKCS1);
var_export( $ciphertext = $rsa->encrypt($message) );

seems to be working.

Decrypt with RSA Public Key

Encryption with the private key and decryption with the public key takes place only in the context of signing/verifying.

In contrast, what is commonly referred to as encryption/decryption (for the purpose of confidentiality) uses the public key for encryption and the private key for decryption.

Note that both processes generally cannot be converted into each other by exchanging the keys, since they use different paddings.

Typically, when verifying, decryption is performed under the hood, only the result of the verification is returned outwards: true or false.

openssl_public_decrypt(), however, supports a low level verification that explicitly allows decryption. If this is executed the resulting plaintext is:

op3f1libgh.biz:3005980741:1622505600

The corresponding PHP code is:

$publicKey = "-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDmnUhgRhvcf39f1OincMXxs6ko
+QXMuGmaSr++7jeMWHUuR1phLm+UY5wL7Ssm7qVm9wFFsDe1DyDvtkfr+oaxfhod
mqXLPSPRu1RAYk6ItgegYmdy8uvJI9aI3po7axvoP/wpMP6LBElsHklmOJyRSmuU
Cc09/RK1GYpthTw5rwIDAQAB
-----END PUBLIC KEY-----";

$signature = base64_decode("P999MR0e//emIov0Z2qtoKKKhFtb1F6l+zMxn9a3q2p18ZWeaTyPXMAlXDAQI3bz6pxmeQzGCuz1P1ms25AiPKGuqhZ+etJXVnjy9Ir4zc2UU3jyeFZhs7UEfGAcZut5LY9dt5tCJKhPhYwbz4s2ZixBVUWPbFDuODCJIi4L3fw=");
        
openssl_public_decrypt($signature, $decrypted, $publicKey, OPENSSL_PKCS1_PADDING);
print($decrypted) . PHP_EOL; // op3f1libgh.biz:3005980741:1622505600

Note that you specified the public key in PKCS#1 format and I converted it to X.509/SPKI format for the PHP code using openssl:

openssl rsa -pubout -RSAPublicKey_in -in <path to pkcs#1 public key> -out <path to x.509/spki public key>

---

Related Topics