rsa.html

RCA encryption algorithm implementation

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML>
<HEAD>
	<META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=utf-8">
	<TITLE></TITLE>
	<META NAME="GENERATOR" CONTENT="OpenOffice.org 2.0-pre  (Linux)">
	<META NAME="CREATED" CONTENT="20050731;21132900">
	<META NAME="CHANGED" CONTENT="20050731;21563900">
	<STYLE type="text/css">
	<!--
		H1.heading-2-western { font-family: "Thorndale AMT", serif; font-size: 18pt }
		H1.heading-2-cjk { font-family: "Albany AMT"; font-size: 18pt }
		H1.heading-2-ctl { font-family: "Lucidasans"; font-size: 18pt }
	-->
	</STYLE>
</HEAD>
<BODY LANG="en-US" DIR="LTR">
<H1>RSA Library</H1>
<P>Based on the RSA algorithm by <A HREF="http://www.rsasecurity.com/">www.rsasecurity.com</A></P>
<P>Distributed on <A HREF="http://www.sourceforge.net/">SourceForge.net</A>
under GNU/LGPL license. You can read the full license on the attached
LICENSE.TXT file.</P>
<H1 CLASS="heading-2-western">Basic information</H1>
<P><B>What is RSA?</B></P>
<P STYLE="font-weight: medium">RSA is a cryptography algorithm
created by Ronald Rivest, Adi Shamir and Leonard Adelman. It uses a
pair of keys to encrypt data. Due to their complexity, it is commonly
impossible to find the keys. RSA is considered the most secure
cryptography system available. You can us RSA in your programs to
secure sensitive data from unwanted eyes.</P>
<P><B>When you should use cryptography</B></P>
<P STYLE="font-weight: medium">You should always use cryptography
when developing web software that requires the user to identify
himself, or when the user is required to transmit sensitive data like
credit card number or personal information. However, using SSL would
be better in this case. You will find out why later on this document.</P>
<P><B>When you should NOT use cryptography</B></P>
<P STYLE="font-weight: medium">You should not use cryptography for
securing everything in your programs. First of all, cryptography is
very much CPU using, and using it will slow down the performance of
your machine. If you are using SSL on WWW applications, you are
already using RSA and you should not use this program. You should not
use this program when you are transmitting the key pair over a public
channel (ie HTTP). In this case cryptography is completely useless,
because everyone can intercept your key pair and decode every
RSA-secured transmission. However, due to the nature of RSA itself,
feel free to transmit the &quot;public&quot; part of your key pair over a
public and insecure channel. Everyone will be able to RSA-encrypt
data but you will be the only one able to decrypt it.</P>
<P><B>When you should use this library</B></P>
<P STYLE="font-weight: medium">You can use RSA Library when you meet
all the above requirements. You can use RSA to encrypt every kind of
data, but remember that its security is related to the difficulty to
find the private key. Here are some examples:</P>
<P STYLE="font-weight: medium">You can use this program to encrypt
files on a disk, but you should keep your private key in a VERY SAFE
PLACE (for example, a small USB memory that you can buy in any shop
for a very low price)</P>
<P STYLE="font-weight: medium">You can use this program to encrypt
e-mails. Send your public key to everyone that may want to contact
you, but keep the private key for you!</P>
<P><SPAN STYLE="font-weight: medium">You can use this program to
emulate SSL when your web server is not enabled to. You'll have
almost the same results than using SSL. However, you can encrypt only
inputs (ie username, password, cookies) for your scripting.</SPAN></P>
<H1 CLASS="heading-2-western">Using RSA Library in your software</H1>
<P>You will find two different files in this package. 
</P>
<P>rsa-keygen.php - Used to generate a pair of valid RSA keys. Just
run it from command line or browser to obtain a key pair and use the
keys you obtained in your program</P>
<P>rsalib.php - The main RSA Library file, implementing the RSA
class allowing you to encrypt and decrypt data. Include it in your
program and initialize a new instance of RSA class. Follow the
examples below</P>
<H1 CLASS="heading-2-western">How to implement RSA in your PHP
software (examples)</H1>
<P>First of all, anywhere BEFORE the point you need to use RSA,
include rsalib.php with this line of PHP code:</P>
<P ALIGN=LEFT><I>include(&quot;rsalib.php&quot;);</I></P>
<P ALIGN=LEFT STYLE="font-style: normal">We are assuming that
rsalib.php is in the same directory of the file you are launching. If
rsalib.php is inside a directory, called, for example, include/, use
this line:</P>
<P ALIGN=LEFT><I>include(&quot;include/rsalib.php&quot;);</I></P>
<P ALIGN=LEFT STYLE="font-style: normal">For further information on
the usage of include statement, please consult PHP documentation on
<A HREF="http://www.php.net/">www.php.net</A></P>
<P ALIGN=LEFT STYLE="font-style: normal">Now you have to make sure
you have declared 3 variables in your PHP program, according to the
output of the key generator. RSA keys, in fact, consist in a common
modulus, a public part and a private part. They are all integer
numbers. If you are developing an application that has to be
distributed publicly, you should ask the user to run rsa key
generator himself, and then edit the configuration file properly. Let
us suppose you defined the following variables:</P>
<UL>
	<LI><P ALIGN=LEFT STYLE="font-style: normal">$rsa_modulo</P>
	<LI><P ALIGN=LEFT STYLE="font-style: normal">$rsa_public</P>
	<LI><P ALIGN=LEFT STYLE="font-style: normal">$rsa_private</P>
</UL>
<P ALIGN=LEFT STYLE="font-style: normal">In order to initialize the
RSA cryptography engine, add a line like the following:</P>
<P ALIGN=LEFT><I>$rsa = new RSA($rsa_modulo, $rsa_public,
$rsa_private);</I></P>
<P ALIGN=LEFT STYLE="font-style: normal">this way you'll have a
variable called RSA that is an instance of the RSA cryptography
engine.</P>
<P ALIGN=LEFT STYLE="font-style: normal">In order to encrypt a text
string using the initialized RSA object, use</P>
<P ALIGN=LEFT><I>$output = $rsa-&gt;encrypt($input);</I></P>
<P ALIGN=LEFT STYLE="font-style: normal">In order to decrypt an
encrypted string, use</P>
<P ALIGN=LEFT><I>$input = $rsa-&gt;decrypt($output);</I></P>
<P ALIGN=LEFT STYLE="font-style: normal">And you'll obtain the
original string.</P>
<H1 CLASS="heading-2-western">Detailed information</H1>
<P>Here is the syntax of the class constructor and the methods</P>
<P>Constructor: <B>RSA(integer, integer, integer);</B></P>
<P>Encrypt function: <B>string encrypt(string);</B></P>
<P>Decrypt function: <B>string decrypt(string);</B></P>
<p>
<a href="http://validator.w3.org/check?uri=referer"><img
src="http://www.w3.org/Icons/valid-html40"
alt="Valid HTML 4.0 Transitional" height="31" width="88" border="0"></a>
</p>

</BODY>
</HTML>