I was looking at the phpseclib manual for RSA encryption and noticed that the public key is used to decrypt the data and private key to encrypt.
From what I have read and understand is the public key ment to encrypt and private key to decrypt hence why it is private, or am I missing something?
Example
<?php
include('Crypt/RSA.php');
$rsa = new Crypt_RSA();
//extract($rsa->createKey());
$plaintext = 'Hello World!';
$privatekey = '-----BEGIN RSA PRIVATE KEY-----
MIICXQIBAAKBgQCjfQKsF6ExR/zLUKa2qiIr8jwh9s36z5dXIg+S+iZygO3p8ZNHzJlKj9JhHOnp
8FxObW93JwKeoyd17J6Dep1t2vm9SJt+jAm3psNpM2a1fZVJSMhKJSj/S9cNL8AwL8CuAyioKs4R
XFFuq2ASm0gXd1Y6bKHSzeZ49N8onIwueQIDAQABAoGAAvSZ1YQY1yP6wy8qUF+LfhljMmb8isXx
cbMNLoZEpynDA0lpdPETLVijwDsuVFsSxB0w2GnVX4pKBpT4OZ7AFUqphgv1CpeVGXP+6YISZApb
D3yliPL4fwWYi/ttC2ceMylKhohm+Ol6kxYeUitoiOuft2FzE70SCOxZOU23QsECQQDX9PIru6hr
8p4WBq6D829BB4WHnP7K/pj6gCi/iUXNS8cEHml/mJtgOxbSX8aWFDfJFlCmMcp3/zzw35zM/BJh
AkEAwc18aPgie472UunjlPLKelSlS/D8e2ZPLWbB3xyJcBn7CiCzeavpmQSOeVofrKyJfBb3FQut
VZL3AOMnIX9DGQJBALfsnfQxNxf44jrQJgGraq1vwoHla/tnKtLuI8Y9G33lc/JGFIPfbTVgHee+
OlvHjFtu7fEdptrcPwLG77yFUwECQQCq3HIpzVIBYwoSEXh+kgsnDMdqi3zdglad7XFRNcSJ263y
wN/ajlD1ggnmPSmdv8O6bjjKCjB4OIih9KJEKwHJAkBJAFKDTpAWMXBmSWl95Ibkr+2aU6VUQcVS
jhQbDsAWLNOkIrZsS33SS5kEc3LSl6oLH/Lh3759YLkOONHqFFN4
-----END RSA PRIVATE KEY-----';
$publickey = '-----BEGIN PUBLIC KEY-----
MIGJAoGBAKN9AqwXoTFH/MtQpraqIivyPCH2zfrPl1ciD5L6JnKA7enxk0fMmUqP0mEc6enwXE5t
b3cnAp6jJ3XsnoN6nW3a+b1Im36MCbemw2kzZrV9lUlIyEolKP9L1w0vwDAvwK4DKKgqzhFcUW6r
YBKbSBd3VjpsodLN5nj03yicjC55AgMBAAE=
-----END PUBLIC KEY-----';
$rsa->loadKey($privatekey);
$encrypt_text = $rsa->encrypt($plaintext);
$rsa->loadKey($publickey);
$decrypt_text = $rsa->decrypt($encrypt_text);
echo 'INPUT: '.$plaintext.'<br />';
echo 'ENCRYPTED: '.$encrypt_text.'<br />';
echo 'DECRYPTED: '.$decrypt_text.'<br /><br />';
echo 'PRIVATE KEY: '.$privatekey.'<br /><br />';
echo 'PUBLIC KEY: '.$publickey.'<br />';
?>
Thanks
If you encrypt with the private key anyone can decrypt it but only with your public key, thus verifying that it came from you. Of course, if you were doing that you’d probably be better off just signing your message. The PKCS#1 standards does not define signing and encrypting identically and, indeed, the security proof for a signed message is stronger than the security proof for an encrypted message.
W.r.t. the phpseclib documentation… it was probably just an oversight or a snafu on the developers part. Maybe they realized the mistake but didn’t want to fix it immediately as it wasn’t a code issue and now just keep on forgetting about it? I dunno… I know I can do that. I take more pride in my own code than I do in the documentation.