How to Encrypt Large Messages with Asymmetric Keys and phpseclib

This tutorial demonstrates how to encrypt large messages using asymmetric keys and the PHPseclib library.

---

Key Concepts

Asymmetric encryption, like RSA, solves key distribution challenges by employing a public key for encryption and a private key for decryption. This allows safe public key sharing, as only the private key holder can decrypt.

RSA's limitation is its restricted plaintext capacity; a 2048-bit key typically handles a maximum of 256 bytes.

Hybrid encryption (combining symmetric and asymmetric methods) overcomes this. A symmetric key encrypts the message, then this symmetric key is encrypted with the recipient's public key and appended. The recipient decrypts the symmetric key using their private key, then uses it to decrypt the message.

PHP Secure Communications Library (phpseclib) is a free, open-source library offering pure-PHP implementations of various encryption algorithms, including RSA and symmetric algorithms (DES, AES). It supports hybrid encryption and functions reliably even without faster encryption extensions.

Introduction

Encrypting sensitive data before transmission is crucial. Encryption converts plaintext (normal data) into ciphertext (secret data) using a key and an algorithm. Decryption reverses this process.

The encryption algorithm applies mathematical operations to the key and plaintext's numerical values to produce ciphertext. Larger keys enhance security.

Key distribution is a critical challenge: how to securely transmit keys to authorized recipients? The solution depends on the algorithm and key type.

Encryption Algorithms and Keys

Two main encryption algorithm types exist:

1. Symmetric Algorithms: Use the same key for encryption and decryption. Key exchange is a vulnerability.
2. Asymmetric Algorithms: Use separate public and private keys. Data encrypted with the public key is only decryptable with the corresponding private key. This solves the key distribution problem because the public key can be shared without compromising security.

Choosing Encryption Algorithms

Strong algorithms rely on advanced mathematics. Strength is determined by the time required for decryption without the key. The National Institute of Standards and Technology (NIST) provides recommendations. Common asymmetric algorithms include RSA and DSA, with RSA often preferred commercially due to its scalability. Rijndael (AES) is a widely used symmetric algorithm.

RSA Key Limitations

While asymmetric algorithms solve key distribution, RSA has a limited plaintext encryption capacity. A 2048-bit key might only encrypt up to 256 bytes.

The Solution: Hybrid Encryption

The optimal solution combines symmetric and asymmetric encryption:

1. Symmetric Encryption: Encrypt the large message with a randomly generated symmetric key.
2. Asymmetric Encryption: Encrypt the symmetric key using the recipient's public key.
3. Transmission: Send the encrypted message and the encrypted symmetric key to the recipient.

The recipient reverses the process: decrypts the symmetric key with their private key, then decrypts the message.

Implementation with PHPseclib

This example uses the PHP Secure Communications Library (phpseclib). Install it via Composer. Documentation is at https://www.php.cn/link/4662efebaa2ef1b42bb1097a941393ef.

Generating Keys

$rsa = new Crypt_RSA();
$keys = $rsa->createKey(2048);

file_put_contents('key.pri', $keys['privatekey']);
file_put_contents('key.pub', $keys['publickey']);

Encryption Function

function encrypt_message($plaintext, $asym_key, $key_length = 150) {
    $rsa = new Crypt_RSA();
    $rij = new Crypt_Rijndael();

    $sym_key = crypt_random_string($key_length);
    $rij->setKey($sym_key);
    $ciphertext = $rij->encrypt($plaintext);
    $ciphertext = base64_encode($ciphertext);

    $rsa->loadKey($asym_key);
    $sym_key = $rsa->encrypt($sym_key);
    $sym_key = base64_encode($sym_key);
    $len = strlen($sym_key);
    $len = dechex($len);
    $len = str_pad($len, 3, '0', STR_PAD_LEFT);

    $message = $len . $sym_key . $ciphertext;
    return $message;
}

Decryption Function

function decrypt_message($message, $asym_key) {
    $rsa = new Crypt_RSA();
    $rij = new Crypt_Rijndael();

    $len = substr($message, 0, 3);
    $len = hexdec($len);
    $sym_key = substr($message, 0, $len);
    $message = substr($message, 3);
    $ciphertext = substr($message, $len);
    $ciphertext = base64_decode($ciphertext);

    $rsa->loadKey($asym_key);
    $sym_key = base64_decode($sym_key);
    $sym_key = $rsa->decrypt($sym_key);

    $rij->setKey($sym_key);
    $plaintext = $rij->decrypt($ciphertext);
    return $plaintext;
}

Conclusion

Secure data communication is essential. Hybrid encryption, leveraging both symmetric and asymmetric algorithms, offers a robust solution. phpseclib provides a reliable and versatile tool for implementing this approach in PHP. The source code is available on GitHub (link provided in original text).

The above is the detailed content of How to Encrypt Large Messages with Asymmetric Keys and phpseclib. For more information, please follow other related articles on the PHP Chinese website!