USE CASE:
- encrypt something with a C++ application using server's public key and send to a PHP application
- PHP application can decrypt it using a private key
- PHP application sends a cleartext response with a signature
- C++ application verifies the message using the signature
Gist of it: among others, there are PKSC1v15 and PSS (Probabilistic Signature Scheme) en/decryption and signature schemes Wiki quote: " In general, RSA-PSS should be used as a replacement for RSA-PKCS#1 v1.5. "
PHP has OpenSSL out of box and for en/decryption it supports OPENSSL_PKCS1_OAEP_PADDING which is PKCS1 with SHA1 For signing, more secure SHA256 can be used, but I could not make SHA512 work with Crypto++ <=> PHP However it does not have support for PSS out of box so that's something to create another gist for (https://gist.github.com/edin-m/c8f7d004acb95f9968344e2d10d76342)
First step, generate keys:
- install openssl
- generate key $ ssh-keygen -t rsa
it will output two files, pirvate and public
- use openssl to generate public files
$ openssl rsa -in private_key_filename -pubout -outform PEM -out public_key_output_filename
- use original private key, and generated key as a public key
e.g. $ ssh-keygen -t rsa Enter file in which to save the key (C:\Users\edin-m/.ssh/id_rsa): C:\del\dpimkey2 C:\del>openssl rsa -in dpimkey2 -pubout -outform PEM -out dpimpubkey2.out C:\del>ls dpimkey2 dpimpubkey2.out dpimkey2 dpimpubkey2.out