RSA Keypair Functions

This commit is contained in:
Elizabeth Cray 2023-10-01 22:16:26 -04:00
parent 0458ab5e8b
commit 7b90d0f927
3 changed files with 64 additions and 0 deletions

2
secret/README.md Normal file → Executable file
View File

@ -1,3 +1,5 @@
# The Secret Folder # The Secret Folder
This MUST NOT be accessible by normal system users or the web server. This MUST NOT be accessible by normal system users or the web server.
Should use 770 permissions and be owned by www-data:www-data.

0
secret/config.json.example Normal file → Executable file
View File

62
secret/rsa.php Normal file → Executable file
View File

@ -1,2 +1,64 @@
<?php <?php
function getPassphrase() {
$passphrase = trim(shell_exec("/usr/bin/hostname")).trim(shell_exec("/usr/bin/cat /sys/class/net/*/address"));
return $passphrase;
}
function ensureKey() {
if (file_exists("/var/www/usergen/secret/private.key") && file_exists("/var/www/usergen/secret/public.key")) {
return;
}
$passphrase = getPassphrase();
$config = array(
"digest_alg" => "sha256",
"private_key_bits" => 4096,
"private_key_type" => OPENSSL_KEYTYPE_RSA,
"encrypt_key" => true,
"encrypt_key_cipher" => OPENSSL_CIPHER_AES_256_CBC
);
$res = openssl_pkey_new($config);
openssl_pkey_export($res, $privkey, $passphrase);
$oldMask = umask(0007);
file_put_contents("/var/www/usergen/secret/private.key", $privkey);
$pubkey = openssl_pkey_get_details($res);
umask($oldMask);
file_put_contents("/var/www/usergen/secret/public.key", $pubkey["key"]);
}
function getPublic() {
ensureKey();
$public = file_get_contents("/var/www/usergen/secret/public.key");
return $public;
}
function getFingerprint() {
ensureKey();
$fingerprint = shell_exec("/usr/bin/openssl pkey -pubin -in /var/www/usergen/secret/public.key -outform DER | /usr/bin/openssl dgst -sha256 -c | /usr/bin/sed -e 's/^.* //' | /usr/bin/sed -e 's/://g'");
return $fingerprint;
}
function encrypt($input){
// Encrypt with public key
ensureKey();
$public = getPublic();
$public = openssl_get_publickey($public);
openssl_public_encrypt($input, $encrypted, $public);
return base64_encode($encrypted);
}
function decrypt($input){
// Decrypt with private key
ensureKey();
openssl_private_decrypt(
base64_decode($input),
$decrypted,
openssl_get_privatekey(
file_get_contents("/var/www/usergen/secret/private.key"),
getPassphrase()
)
);
return $decrypted;
}
?> ?>