How to store keys (RSA) ?

The last post was about handling RSA cryptosystem in PHP. This post is covering a small aspect of the last post.

Once keys (Public and Private) are generated there should be a method of storing the keys, both private and the public keys to use later. Since the keys are having a specific format you are not able to store them in a raw format. It doesn’t work the next time when you try to use them.

There are few formats and methods we can use. In the last post, the generated keys are in PEM (Privacy Enhanced Mail) format. Dont get confused with that. I am suggesting a technique to store the keys. There are many other ways to get this accomplished. Among them base64 encoding/ decoding would be quite handy and easy.

PEM formatted private key is noted below.

-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,CEC7DF536C0F4B98

sOBuGCgafYqmuOwzmG+HKD9Rq1fkL5PCt1ZfDF2lwKLoSjS3Ao68Sb3vrelkF7Df
3RwUOXL+G9HOMgmEmS6e+DacesaPHipvdjTca7k5z6A2ndRaDPB+6GuuswVBzbwm
CbRerep9G1BEyRY0z/3LKCgr1IbcpiPGAtmfEr/aTuqZURkY3eEosGP9Mn66b7Tr
bYaQOYE0tX2hI6GkQHJP9JGBsVLOA9iQ/QYtF3CjxFUTB3fWR3qPV/36SucBxlPx
pNWHPoXQixIAl9wvmJ0lA+y6mkWe0GBPBRWAF1Xum28Ujaw3E+95Vcxp7e2HvehX
xwpG10Xq5OdO0F+Ov4YULGe/VvJuQh6Lwb96qjserkzdfPNRxXm5vudPCRSQylxz
6N4xYUxtZoOOZ0A3znpTS13F+pTHAjAfHEutd17qTAApSlnOUz/CX7NI070pw+Eq
4QjQ9IJju14XBFqjbK8bdsaIAhZvZgTZY995t5F9R30Rf99XpIWTcPIVpX9Zb8nx
Lfxw0ok0Io2mdymy4jttopXgbrt+mky3zf7d2oxengefreuHH0SUYwrCVk5xKZju
NVZPPXP0Sx/f6nyHdv+MFh9mB1YrbuMeP4LSK3tsgVb2P4k3FOaQGwMU32k5KaBP
R97i7RowhiALljGvMouxo87QxdYUZJTVvcDj/42PiGZP6fQO1X35TWkr8INvGAqB
sUKMLZPsZahaSxWZ5uoIiOfjB8RdvmNB6D5DHUviIavkAFLUtZOT18apXhLzrKMO
f9p7WZP5yGVdD0AnWX9NP157VHQYZGNOu6ZHzPMJ38R4+uEtv7mf55A9FQPrYAXK
NOqxpXd5XNmM2Yl+MVlZJ7IXf1TCZicbG+DjQYyQHg9nK43eG61waZCM4EmjF0Vs
hx/FtelrmV5pw1vna0N8rmF4WG6+e6ruZ0ovFOFCsqb5630UJkkRqWKxkN/2t3FW
2LMjNchpswSoe4WQwIAoM+piv31VR+rGYcreDsJprXVPyzTVUZgxUdb7ku2HN1KH
9z336Aot9snJkkdZrsoqoOMCpQuUP987aMS5bQyHmJDWTo7XxPW2BxLYUjTeeqRA
GAk0LVOzTVP57TYi4Ay6cmrdnBsmv6qlCIxOspx83MzYqjOLqQuEpvag1YYTIgzX
6kc5LGpiP4Itd8EEqSdBkRUTetuDsoHdRfHna16i8YS3HwHTei2eF3BbpLXPAt26
aPsSnACs+fTz1GP/Rr7s2kMmnChh/z6afTJVGG1E6fXBOHozY+S2MO3wNr6hupPp
dtP23x88Gjh3TaPdQ7qkg2j0SqDdLLCekvmGhGyT3gKLCAF60NxrJETlHKfyrPHO
BM26pGB22KsYwUlihXTxFlSfP81tY9NQxpu/GjBCutWvQl74BvghHFQUJKIQuqa+
IgtkY+l4zTZ+meSjYvSzA/r3KfLdTIQt5eIVhDs1Jhont2zPBZ1x7n7T+eevj7FP
zVrV5H8ukp38KhtlJ05ufy6628qBOlelsfMExxGxNZICIh40sGaQO3DsBrNlgAln
D+XcWPK81uBIN9jYeRbtTu00n7/bQrJyIHAbKeU+wAb0TF87ets2VPzIwTpdxzc2
-----END RSA PRIVATE KEY-----

Base64 encoded key (note that it appears as a single line, no line breaks).

LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQ0KUHJvYy1UeXBlOiA0LEVOQ1JZUFRFRA0KREVLLUluZm86IERFUy1FREUzLUNCQywwRTc5NTEyREZBRjJBRTE2DQoNClN3Qllra3J4OTAxTzVMa0M2aUowUWVTNGNLUFRtVm92L1hjRzE2Z1dSZE9HbEdqNkg1blAyRnkzRkFoQSs2SGUNCmllZzV0SXBoWHljV1ZST3Nta2FMbXJxb1hoZ3NjZDJ6cE9DM1RHQ1JqZ0xnUkovcXJyczRhM2dwM3JOVityN3ANCmg1L0MwS0ZmR3hPWHRrOWFXZGRVOW5MY0F5WUdWQXI0Ui9Sdkc4YkowMDZpZ3RwNzgrVG00SW9IendYZy9udmcNCkZqNjJ6NGRFQ1B1U0lvZWswL3pxYVVlcVJuelppTlgxaWtwMmNBTisyN1JadnpBY1lBUk5pdmpEMWdTM0tXL1gNCmJoblhoYjFWQnFjbks5NE90My9SZ090cGRjOVJFVW5INk9na3RJOTBKK0ZKelM4Y21KMzhvUi9EdEtrM040QVANCnBNM2lXWTd0Qmg3OE42TVpFa2Fna0hxUzYxTGEvVFBmSE5Sb1ZyVW9sNExVZCtrMHhjT1RBWmxLbjJyOXZVWHkNCjhWaGRwc1NlNVRqSFlaWXJkU3BBTlA1MXV0RHFxTFhwSkx3ZkE4ZXVKQ0dOUU9IZDFjdER2WFEvc0xDUm1UT0cNCjJqN0Z6YXMwRThrdlh4a0hQYUkvdFA4Ull2Y3lkUFJyQUZ0RFBXTkxQQnE1VHBhYit5V0RZbUE3bGs5c0Z2c0ENCjNEY2VaRzI3QllBYmNoRCtDTUFTSEpNMk5jem54WkRvajBOQlMvZFp6Q1R0QU9vcVZZSnNSU01kR0JuQXBSVS8NCmpPRVUrYVNGKzRtMyt1RTJOUlJTOXhRcVBTMUt1azVzdFZLcWdVYzdwVmtGWndZYTZPWFNDTTBQOVE5UVFCa3ENCkNvRG1CSG5SU1MybFdTNXkyVkN0b0VWaFlCMDV6aFV4Y3pXWWR0eG9DVmx2RzcrM0FDL0luU1NHVGVYeXhzeTYNCkkzRUg5NHhZM25yamtPZ1ZRU1RkWjc1akJxS3FHdmNQVTlLSjBRVzJqTjAyUHJxNWFXRkNkbkliYTVjRS9yaTQNCjVEOURvcys4ZnNDNGdiYXJyK21ZOTl3KzdSaWZadEUybGlzaWVCZEFxR1NiRDg0MWJ0TERXOUl4cU5yOXl0eWYNCjgrOS9kWUhhTG9ySHRXYXgySkJ0SVhOdHpSVjUwQVhrTDk2ekhXMFVhSExRaFZqcEt5alhaWTNrSWV2amxkZjUNCkVuc2JLemxCeENOdmJON3NIdDhBWFVYL3E5Sk9ENHowNkdnMmJPOW5mWngraUx6QklnQVBDcGpFQTdQZlBMWHgNCiswRmJuR3QvWHozUjd0dHM2ejhvSWZMLzN4aURnSWdBZkxjSi84L3Vqa2JGMEVtMzlJZ25tWU5JemVrNDlZVTINCllOTFo2clJiL1RtZDVRRWQxNzcxRHhaZWFKdFdxdzAySUNBQnpjelV1NjNhSFdyRkZDZVlPOWRxRWFUa3EzTmwNClR2bFNyYlNyV0E2by9GUlR0Tks5NEZzZG9QbFlXU09zb3Y5bHE0bzNDNjJIZ3NubnQ2VkNob2FXa2VlRDRUajYNCkErV2FIVHVkbklseWM1NXlKSm4xRkd6dWRUaitDc3owL3JMSTMyLy96V1BUZHdVY3FnZVVjL0FCWnNVMFBhOXQNCjNiQTlnTmQ2ZE55aW5pcVVKYStYS2d2b0pHb0M3eTNPc3hMcHIvRnRnMDZRZ0lJQjlmckhHRzJZcHY4VHFoTFcNCnJkaWpCWnBLaE1HUFBTSVI5VmFzUVd0UnphZTdCYzVqd0Q3b09BVmU0b010ME5XdVo5d2gzQ2pFOWRNTVVFYkQNClNDRzIwYkVBd2xSV2RrMzQvZ2hWVmFVSHdlc1J1cTNmRUlqbTA3aytOYVdhMGU2SmxsSnliOThMZVE5SWYvUloNCndjRVo4T3NpN0lsQnJHOHRsanJPbnNuYTM3M0dsZFIyNDN4UUp2VGw2V1lxWCtPampMQjd0dUtvUzJkWTJsVk8NCmxwUEUzdEVwL2U5NGtaMEx3Yk9FQWxTSkVHdjk5eG84MzJ5TG90ZmZGTG40cURFbnY4dUh2aDBDQ2VsY1hKVjENCjBXdmFoOWMwaCtUZGVydWgvZFJoa0NpZjBuMUUyN25hbFBMeS9oQVJJSHpZQUtGbmRUZjZyNGVESmpqalUrcTQNCi0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0t

You can simply use a “TEXT data typed” filed in MySQL table to store base64 encoded key pair and then when it is needed just base64 decode and use it. Even you can apply further encryption against the base64_encoded string to make the key much more secure. You can hash the base64_encoded string and create signatures of the keys as another security measurement.

Simply use the base64_encode( ) and base64_decode( ) functions in PHP.

$encoded_key = base64_encode(myRSA::$privateKey);

$private_key = base64_decode($encoded_key);

NOTE: base64 encoding doesn’t provide any additional security, it is purely assisting towards storing/ passing the keys in a more comfortable way. Therefore you need to use an additional security layer (eg: database data encryption) on top of the stored keys to make it much more secure.

Advertisements

Please add your valuable idea below, will make a discussion, thanks !

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s