Php Openssl Generate Encryption Key

Feb 13, 2006 Using OpenSSL on the command line you’d first need to generate a public and private key, you should password protect this file using the -passout argument, there are many different forms that this argument can take so consult the OpenSSL documentation about that. Sep 11, 2018 The first thing to do would be to generate a 2048-bit RSA key pair locally. This pair will contain both your private and public key. You can use Java key tool or some other tool, but we will be working with OpenSSL. To generate a public and private key with a certificate signing request (CSR), run the following OpenSSL command. Laravel's encrypter uses OpenSSL to provide AES-256 and AES-128 encryption. You are strongly encouraged to use Laravel's built-in encryption facilities and not attempt to roll your own 'home grown' encryption algorithms. You should use the php artisan key:generate command to generate this key since this Artisan command will use PHP's secure.

Php Openssl Generate Encryption Key File
Php Openssl Generate Encryption Key Download
Php Openssl Generate Encryption Key Generator

length of the data < length of the private key ..so i divided the message while taking it,put a ':::'.then again encrpt it. look at the pgm to get an idea about this.. 
<?php 
class cry 
{ 
# generate a 1024 bit rsa private key, ask for a passphrase to encrypt it and save to file 
 //openssl genrsa -des3 -out /path/to/privatekey 1024 
 # generate the public key for the private key and save to file 
 //openssl rsa -in /path/to/privatekey -pubout -out /path/to/publickey 
 //programatically using php-openssll 
 //This will call while registration 
function gen_cert($userid) 
 { 
$dn = array('countryName' => 'XX', 'stateOrProvinceName' => 'State', 'localityName' => 'SomewhereCity', 'organizationName' =>'MySelf', 'organizationalUnitName' => 'Whatever', 'commonName' => 'mySelf', 'emailAddress' => 'user@example.com'); 
//Passphrase can be taken during registration 
 //Here its initialized to 1234 for sample 
$privkeypass = 'root'; 
$numberofdays = 365; 
//RSA encryption and 1024 bits length 
$privkey = openssl_pkey_new(array('private_key_bits' => 1024,'private_key_type' => OPENSSL_KEYTYPE_RSA)); 
$csr = openssl_csr_new($dn, $privkey); 
$sscert = openssl_csr_sign($csr, null, $privkey, $numberofdays); 
openssl_x509_export($sscert, $publickey); 
openssl_pkey_export($privkey, $privatekey, $privkeypass); 
openssl_csr_export($csr, $csrStr); 
//Generated keys are stored into files 
$fp=fopen('../PKI/private/$userid.key','w'); 
fwrite($fp,$privatekey); 
fclose($fp); 
$fp=fopen('../PKI/public/$userid.crt','w'); 
fwrite($fp,$publickey); 
fclose($fp); 
 } 
//Encryption with public key 
function encrypt($source,$rc) 
 { 
//path holds the certificate path present in the system 
$path='../PKI/public/server.crt'; 
$fp=fopen($path,'r'); 
$pub_key=fread($fp,8192); 
fclose($fp); 
openssl_get_publickey($pub_key); 
//$source='; 
 //$source='sumanth ahoiadodakjaksdsa;ldadkkllksdalkalsdl;asld;ls sumanthasddddddddddddddddddddddddddddddddfsdfsffdfsdfsumanth'; 
$j=0; 
$x=strlen($source)/10; 
$y=floor($x); 
 for($i=0;$i<$y;$i++) 
 { 
$crypttext='; 
openssl_public_encrypt(substr($source,$j,10),$crypttext,$pub_key);$j=$j+10; 
$crt.=$crypttext; 
$crt.=':::'; 
 } 
 if((strlen($source)%10)>0) 
 { 
openssl_public_encrypt(substr($source,$j),$crypttext,$pub_key); 
$crt.=$crypttext; 
 } 
 return($crt); 
 } 
//Decryption with private key 
function decrypt($crypttext,$userid) 
 { 
$passphrase='root'; 
$path='../PKI/private/server.key'; 
$fpp1=fopen($path,'r'); 
$priv_key=fread($fpp1,8192); 
fclose($fpp1); 
$res1= openssl_get_privatekey($priv_key,$passphrase); 
$tt=explode(':::',$crypttext); 
$cnt=count($tt); 
$i=0; 
 while($i<$cnt) 
 { 
openssl_private_decrypt($tt[$i],$str1,$res1); 
$str.=$str1; 
$i++; 
 } 
 return $str; 
 } 
 function sign($source,$rc) 
 { 
$has=sha1($source); 
$source.='::'; 
$source.=$has; 
$path='../PKI/public/$rc.crt'; 
$fp=fopen($path,'r'); 
$pub_key=fread($fp,8192); 
fclose($fp); 
openssl_get_publickey($pub_key); 
openssl_public_encrypt($source,$mese,$pub_key); 
 return $mese; 
 } 
 function verify($crypttext,$userid) 
 { 
$passphrase='root'; 
$path='../PKI/private/$userid.key'; 
$fpp1=fopen($path,'r'); 
$priv_key=fread($fpp1,8192); 
fclose($fpp1); 
$res1= openssl_get_privatekey($priv_key,$passphrase); 
openssl_private_decrypt($crypttext,$has1,$res1); 
 list($c1,$c2)=split('::',$has1); 
$has=sha1($c1); 
 if($has$c2) 
 { 
$message=$c1; 
 return $message; 
 } 
 } 
 } 
?>

Encrypt and decrypt files to public keys via the OpenSSL Command Line

Published: 25-10-2018 | Author: Remy van Elst | Text only version of this article

This small tutorial will show you how to use the openssl command line to encryptand decrypt a file using a public key. We will first generate a random key,encrypt that random key against the public key of the other person and use thatrandom key to encrypt the actual file with using symmetric encryption.

Because of how the RSA algorithm works it is not possible to encrypt largefiles. If you create a key of n bits, then the file you want to encrypt mustnot larger than (n minus 11) bits. The most effective use of RSA crypto is toencrypt a random generated password, then encrypt the file with the passwordusing symmetric crypto. If the file is larger then the key size the encryptioncommand will fail:

We generate a random file and use that as the key to encrypt the large file withsymmetric crypto. That random file acts as the password so to say. We encryptthe large file with the small password file as password. Then we send theencrypted file and the encrypted key to the other party and then can decrypt thekey with their public key, the use that key to decrypt the large file.

The following commands are relevant when you work with RSA keys:

openssl genrsa: Generates an RSA private keys.
openssl rsa: Manage RSA private keys (includes generating a public key from it).
openssl rsautl: Encrypt and decrypt files with RSA keys.

The key is just a string of random bytes. We use a base64 encoded string of 128bytes, which is 175 characters. Since 175 characters is 1400 bits, even a smallRSA key will be able to encrypt it.

Get the public key

Let the other party send you a certificate or their public key. If they send toa certificate you can extract the public key using this command:

Generate the random password file

Use the following command to generate the random key:

Do this every time you encrypt a file. Use a new key every time!

Update 25-10-2018

The key format is HEX because the base64 format adds newlines. The -passargument later on only takes the first line of the file, so the full key is notused. (Thanks Ken Larson for pointing this to me)

Encrypt the file with the random key

Use the following command to encrypt the large file with the random key:

The file size doesn't grows that much:

It's encrypted however:

Encrypt the random key with the public keyfile

Use the following command to encrypt the random keyfile with the other personspublic key:

You can safely send the key.bin.enc and the largefile.pdf.enc to the otherparty.

You might want to sign the two files with your public key as well.

Decrypt the random key with our private key file

If you want to decrypt a file encrypted with this setup, use the followingcommand with your privte key (beloning to the pubkey the random key was cryptedto) to decrypt the random key: