Where magic lives

Tuesday, July 11, 2006

Public-Key Cryptography in PHP

I have just been implementing a Public-Key cryptography system in PHP. This will allow users of my Automated Word Speller to link to sound files without them having their address/code in plain text and without me having to run a server-side database storing sensitive data.

I chose to make a system based on Diffie-Hellman key exchange. I share with you the parameters g and p that we will be using, along with my 'public key' g^y mod p; I keep my 'private key', y secret. You will generate your own private key, x and keep it secret (probably hidden in your code) but you will send me your public key, g^x mod p with every request. We can now both generate a key, k = g^xy mod p = (g^x mod p)^y mod p = (g^y mod p)^x mod p. This key will be used as a key to a function that does the base 10 equivalent of Vernam Encryption (addition/subtraction modulo 10). If the plaintext is longer than the generated key then the plaintext is split into blocks and ECB chaining is used.

Links to sound files look something like this:

  • enc is a base64 encoding of a gzipped comma-separated list of encrypted blocks, and
  • pk is a base64 encoding of your gzipped public key.
This URL cannot be converted to the original plain text without my private key (I invite you to try).

To create some encrypted links for yourself you can use the form below, or you may wish to see some sample code.

Try it out; enter a word: (supports a-z, 0-9, @ and .)



  • this is incredibly complex (to me at least) but am rather impressed... I don't really have much use of it but quite like seeing "Nicholas" encrypted in lots of random characters

    still get more excited by the pictures=>blog mechanism


    By Anonymous Anonymous, At 11:52 pm  

  • Very impressive and I can see me using it for providing a fine basic security layer for remote function calling and extension sharing. (A script I've been working on)

    But what you wrote I would call an example of programming art. Very very impressive!

    By Blogger Unknown, At 11:11 pm  

Post a comment

Subscribe to Post Comments [Atom]

<< Home