如何在Codeigniter RSA库中生成签名和密钥

Question

I am doing some encryption and decryption in php using codeigniter framework. I am using this library https://github.com/Dirktheman/rsa-codeigniter-library . What I want to do is I generate a signature like this encrypt_method(value,private_key) .

That will return signature. Then I want to verify the value that is equal to out previous value or not decrypt(signature,previous_input,public_key). What my problem is there is no method to generate private and public key. For generating signature as well. So, how can I achieve it using RSA library in PHP?

Answer 1

Do not use that library. It is completely insecure.

A secure RSA implementation depends on the use of randomly generated large prime numbers (eg, at least 2048 bits!) as part of a private key. However, this library does not use large prime numbers, nor does it even generate them randomly — it picks them from an array of 570 pregenerated four-digit numbers . This means that there are only about 162,000 (570 * 569 ÷ 2) possible keys that could be generated; this is few enough that you could easily generate a list of all possible public and private key pairs.

Additionally, this library is using RSA in an inappropriate mode. It is "encrypting" and "decrypting" messages by encrypting each group of three letters as a separate, independent message. This scheme is insecure, as the individual blocks can be edited and reordered to create new messages. (For instance, an encrypted message that said SEND JO $123 could easily be edited to say SEND JO $123123 by repeating the last block!) Worse, if the content of one message is known, it is possible to search for blocks from that first message within another message to recover parts of its contents.