Login | Register   
RSS Feed
Download our iPhone app
Browse DevX
Sign up for e-mail newsletters from DevX

By submitting your information, you agree that devx.com may send you DevX offers via email, phone and text message, as well as email offers about other products and services that DevX believes may be of interest to you. DevX will process your information in accordance with the Quinstreet Privacy Policy.


A Guide to Cryptography in PHP : Page 5

This comprehensive guide discusses where to get, how to install, and how to use the various cryptography packages available to enhance the security of your PHP applications.




Application Security Testing: An Integral Part of DevOps

Generating Secret Keys with the Crypt_DiffieHellman PEAR Package
This PEAR package implements the Diffie-Hellman Key Exchange cryptographic protocol in PHP5. You can use the protocol to generate a secret key for two foreign parties, who can then use the generated key for communications even on insecure channels. You can download the latest release, version 0.2.1 (beta) and then install it the same way as any other PEAR package.

> pear install pear_package_name

The following two code examples show two applications for generating a secret key between two parties: subject_1 and subject_2. The first example shows you the simplest way to obtain a secure key based on Diffie Hellman algorithm:

<?php //include Diffie Hellman functions require_once 'Crypt/DiffieHellman.php'; //set the required options for two subjects $subject_1 = array('prime'=>'123', 'generator'=>'7', 'private'=>'3'); $subject_2 = array('prime'=>'123', 'generator'=>'7', 'private'=>'34'); //apply Diffie Hellman algorithm $subject_1_GK = new Crypt_DiffieHellman( $subject_1['prime'], $subject_1['generator'], $subject_1['private']); $subject_2_GK = new Crypt_DiffieHellman( $subject_2['prime'], $subject_2['generator'], $subject_2['private']); //generate keys $subject_1_GK->generateKeys(); $subject_2_GK->generateKeys(); //compute the secret keys $subject_1_SK = $subject_1_GK->computeSecretKey( $subject_2_GK->getPublicKey())->getSharedSecretKey(); $subject_2_SK = $subject_2_GK->computeSecretKey( $subject_1_GK->getPublicKey())->getSharedSecretKey(); //displaying the secret keys echo('Subject_1_SK:'.$subject_1_SK.'<br />'); echo('Subject_2_SK:'.$subject_2_SK); ?>

The second example shows you how to generate a secret key using the Diffie Hellman BINARY mode:

<?php //include Diffie Hellman functions require_once 'Crypt/DiffieHellman.php'; //set the required options for two subjects $subject_1 = array('prime' => '9568094558049898340935098349053', 'generator'=>'2', 'private' => '2232370277237628823279273723742872289398723'); $subject_2 = array('prime' => '9568094558049898340935098349053', 'generator'=>'2', 'private' => '0389237288721323987429834389298232433363463'); //apply Diffie Hellman algorithm $subject_1_GK = new Crypt_DiffieHellman( $subject_1['prime'], $subject_1['generator'], $subject_1['private']); $subject_2_GK = new Crypt_DiffieHellman( $subject_2['prime'], $subject_2['generator'], $subject_2['private']); //generate keys $subject_1_GK->generateKeys(); $subject_2_GK->generateKeys(); //compute the secret keys using BINARY mode $subject_1_SK = $subject_1_GK->computeSecretKey( $subject_2_GK->getPublicKey(Crypt_DiffieHellman::BINARY), Crypt_DiffieHellman::BINARY)-> getSharedSecretKey(Crypt_DiffieHellman::BINARY); $subject_2_SK = $subject_2_GK->computeSecretKey( $subject_1_GK->getPublicKey(Crypt_DiffieHellman::BINARY), Crypt_DiffieHellman::BINARY)-> getSharedSecretKey(Crypt_DiffieHellman::BINARY); //display the secret keys echo('subject_1_SK:'.$subject_1_SK.'<br />'); echo('subject_2_SK:'.$subject_2_SK.'<br />'); ?>

With the wide variety of cryptographic options you've seen here, you should be able to achieve nearly anything you want. Cryptography is a delicate security problem—and as you can see there are many solutions and implementations. The information in this article can help you get started, but beyond that, only experience and hard work with secure systems will help you to choose the cryptographic implementation that represents the perfect compromise between security, speed, and implementation time.

Octavia Andreea Anghel is a senior PHP developer currently working as a primary trainer for programming teams that participate at national and international software-development contests. She consults on developing educational projects at a national level. She is a coauthor of the book "XML Technologies—XML in Java" (Albastra, ISBN 978-973-650-210-1), for which she wrote the XML portions. In addition to PHP and XML, she's interested in software architecture, web services, UML, and high-performance unit tests.
Comment and Contribute






(Maximum characters: 1200). You have 1200 characters left.



Thanks for your registration, follow us on our social networks to keep up-to-date