#ecc ph(g)p
##Elliptic curve cryptography in PHP, similar to PGP
A simple elliptic curve public key cryptography implementation in PHP, using NIST's recommended curve P-521.
###Requirements
PHP 5.1.2+ (cli), or earlier with Hash extension
GMP extension
Mcrypt extension
###Commands
| g | Generate keypair |
| Generates new security and public keys, saving them into two separate files: sec.key and pub.key. Old keyfiles will be overwritten! |
|
| e <pubkey> <infile> <destfile> | Encrypt |
| Encode <infile> with <pubkey>, and save the encoded data to <destfile>. The encoded crypt key saved to <destfile>.key |
|
| d <seckey> <infile> <destfile> | Decrypt |
| Decode <infile> with <seckey> and <infile>.key, then save the decoded data to <destfile> |
|
| s <seckey> <file> | Sign |
| Sign <file> with <seckey> and save the signature to <file>.sig |
|
| v <pubkey> <file> | Verify signature |
| Verify the signature in <file>.sig on <file> with <pubkey> and print the result |
|
###Technical info
Encrypt and decrypt uses the AES256 (Rijndael-256) block cipher algorithm. The encrypt process picks a random point on the curve; this point's X coordinate SHA256 hash will be the 256 bit key, and Y coodinate's SHA256 hash will be the 256 bit IV for the AES256 block cipher. The <infile> encoded with these key and IV parameters, and saved to <destfile>. The X and Y coordinates are encoded and decoded with EC-ElGamal algorithm. The result are four numbers, but we only save the two X coordinates to <destfile>.key file, because the Y coordinate can be easily calculates from X coordinate.
Sign file and verify uses the ECDSA algorithm, and the hash function is SHA512. Signing results are two numbers that will be saved to <file>.sig file. Verification checks the signature in this .sig file for <file>, and prints if the signature matches or not.
###Why elliptic curve cryptography is "better" than RSA?
- Elliptic curve mathematics is more complex than RSA, but the keysize is smaller, so the calculations are faster, and waste less energy.
| Symmetric Key Size (bits) | RSA and Diffie-Hellman Key Size (bits) | Elliptic Curve Key Size (bits) |
|---|---|---|
| 80 | 1024 | 160 |
| 112 | 2048 | 224 |
| 128 | 3072 | 256 |
| 192 | 7680 | 384 |
| 256 | 15360 | 521 |
| NIST Recommended Key Sizes | ||
- The RSA keypair generation needs to generate big primes, elliptic curve keypair generation only needs random numbers.
- Elliptic curve crypt use the ElGamal algorithm that works with random numbers, so the same plaintext is encoded into a different ciphertext each time, which is more secure.