Archive for October, 2008

I came across a really cool JavaScript library a while back that allows you to do client-side RSA encryption & decryption. If you don’t know much about RSA, read up on it here. Essentially, it’s an algorithm for public/private key encryption/decryption. You encrypt using the Public Key and Modulus and decrypt using the Private Key and Modulus.

More often than not, you would want to encrypt client-side (browser) and decrypt server-side. For my purposes, I wanted to encrypt passwords 13 characters or less in JavaScript and decrypt them in PHP. The creator of the RSA library also created a convenient Windows application that generates RSA keys for you. Using that program I created the following 128bit keys:

e = Public Key = 553799486327459813656784787218239817 (6aa86c39bbe678f7f7967a587a1149)
d = Private key = 1401845535567450041611005523755666809 (10dfc5235ef69148bdfdc6832860d79)
m = Modulus = 11570601966616835094916890432003700913 (8b46ab8a951615d07b66bdd2420f8b1)

By default the RSA library outputs encrypted strings in Hex, but because there is no built in PHP function to convert from Hex to Binary, I decided to modify the RSA.js file slightly (within the encryptedString function – line 62) to output the full Integer:

var text = key.radix == 16 ? biToDecimal(crypt)/*biToHex(crypt)*/ : biToString(crypt, key.radix);

The Key Generator also conveniently creates the JavaScript needed to create the new key pair. I’ve removed the decryption (Private) key:

setMaxDigits(19);
key = new RSAKeyPair(”6aa86c39bbe678f7f7967a587a1149″, “”, “8b46ab8a951615d07b66bdd2420f8b1″);
w.value = encryptedString(key,”1234567890123″ + “\x01″);

The trick here is adding “\x01″ to the end of the string you want to encrypt. The PEAR library used to decrypt the encrypted string will look for this, and throws an error if not found. That said, the above encrypted string is:

1276850306890326374886324100793107985

The PEAR package used to decrypt this string is called Crypt_RSA. You install this just like any other PEAR package:

PEAR install Crypt_RSA

The package depends on one of 3 Math libraries (BCMath, GMP or big_int), of which BCMath is slowest but installed by default (at least in my version of PHP 5.2.0-8+etch13 & XAMPP-win). The Crypt_RSA package works in binary, so the keys and encrypted text needs to be converted before calling the package. The following code converts the Integers to Binary and performs the decryption. Bare in mind your dealing with very large numbers, so you need to use one of the above Math libraries to work with them.

require_once ‘Crypt/RSA.php’;
//
$wrapper_name = “BCMath”;
$math_obj = &Crypt_RSA_MathLoader::loadWrapper($wrapper_name);
//
$d = $math_obj->int2bin(”1401845535567450041611005523755666809″);
$m = $math_obj->int2bin(”11570601966616835094916890432003700913″);
//
$pk = new Crypt_RSA_Key($m, $d, “private”, $wrapper_name);
$rsa_obj = new Crypt_RSA;
$rsa_obj->setParams(array(’dec_key’ => $pk));
$dec = $rsa_obj->decryptBinary($math_obj->int2bin(”1276850306890326374886324100793107985″));
echo $dec;

You can download my sample code here.

The seventh video is up on Thursday for Dinner titled Eva’s Classic Moussaka:

Moussaka is a layered casserole made with layers of eggplant, meat, and a béchamel sauce. In this video, Eva shows us her slightly healthier take on this classic Greek dish. Rather than frying the eggplant, Eva broils the sliced eggplant in the oven for 10 minutes on each side. Her recipe also calls for sliced potatoes to serve as the base of the dish along with the eggplant.

Check out the video and recipe on Thursday for Dinner.

Subscribe by Email & iTunes

The sixth video is up on Thursday for Dinner titled Moog Dal (Four Lentil Soup).

Moog dal is a traditional Indian lentil soup. Moog dal is the main ingredient in the soup, hence the name. However, you can add other types of lentils such as, masoor dal, val dal and chora dal, as we do below. In different parts of India, this dal is made differently. In the north, it is made to have a much thicker texture. Today we will be making it Gujarati style, which means it is more like a soup.

Check out the video and recipe on thursdayfordinner.com.

Subscribe by Email & iTunes

I just finished installing the PECL filter extension on my Debian install (AMD64), and by God, it was painful. This process was so brutal with so many ways to screw up. Here are the steps:

Install php5-dev package. During the process of not figuring out what was going on, I also installed the php4-dev package. I’m pretty sure I only needed php5-dev.

Download PCRE – Perl Compatible Regular Expressions from here. Be sure you have g++ installed (not just gcc as I was getting a strange error). Extract, configure, make and make install. If your running AMD64, be sure to compile using the -fPIC flag. See here for information why. Filter will look for the library in /usr/local/, so you’ll have to setup a link or copy it from /usr/local/lib/ so the PECL install can find it.

The Filter package also looks for the header files from the php_pcre extension. The only way I found to get at these header files was to download the PHP source. So depending on what version of PHP you have, go here and download the zip. Copy the entire pcre folder from within the extension (ext) folder into your /usr/include/php5/ext/ folder.

Now it’s time to attempt the actual PECL Filter install. If your doing this from the tarball and your running on an AMD64, as above, be sure to add the -fPIC flag. I used the PECL installer, so I ran: pecl install filter. Since the package is not “stable” yet, you’ll need to point right to the channel, just read the message, in my case it was: pecl install channel://pecl.php.net/filter-0.11.0. After the compile/install is done, add extension=filter.so to your php.ini file. If you can’t find it, type find / -name php.ini from your command line.

That’s it. I may have forgotten a step, if so add a comments please.