Blog : RSA Encrypting and Decrypting data with Zend_Crypt_Rsa Library

RSA Encrypting and Decrypting data with Zend_Crypt_Rsa Library

Public/private key based encryption is very popular because of the strength it sets in encryption, specially above 1024 bits. Now there are external library to encrypt data using RSA encryption like RSA in – the fun is we were also using this library in one of our ZF based project. But last week I’ve found that there is a hidden gem in the Library/Zend/Crypt folder (Zend_Crypt_Rsa) which can do the same thing using openssl library. The bad thing is that there is no official documentation on how to use this library Thats why I’ve decided to write a blog post to show you how to use Zend_Crypt_Rsa and encrypt your data with your public/private key and decrypt to get it back in original form.

Step 1: Create your RSA public/private key using ssh-keygen

cd /path/to/keyfolder/

ssh-keygen -t RSA

When it will ask for the path of the key file, input “./id_rsa” . It will then prompt for passphrase which actually works like a password and you cant retrieve your data if you forget this. So input something like “MySecretWord” – This will output something like this

ssh-keygen -t rsa

Generating public/private rsa key pair.

Enter file in which to save the key (/Users/hasinhayder/.ssh/id_rsa): ./id_rsa

Enter passphrase (empty for no passphrase):

Enter same passphrase again:

Your identification has been saved in ./id_rsa.

Your public key has been saved in ./

The key fingerprint is:

c8:dc:cd:a8:90:98:67:42:65:45:20:f8:58:39:74:66 hasinhayder@hasin-hayders-macbook-pro.local

The key's randomart image is:

+--[ RSA 2048]----+

| oo.E+o  |

|. +B  |

| +..  |

|...o + o +  |

|  + = + S o  |

|  + . .  |

|  .  |

|  |

|  |


After a while you will see that there are two files in the same directory named “id_rsa” and “”. First one is your private key and the second one is the public key.

Step 2: Encrypt data using your public key
As we have our RSA public and private keys in our hand, its time to start playing with these. We will now encrypt our data with our public key. In that way you can only decrypt it with your private key. I hope it is clear now that why we should encrypt using public key only? If now, let me clarify it a bit more. Your public key is “public” to the world. Now if you encrypt your data with your private key, anyone will be able to decrypt it with your public key – so that’s plain meaningless

public function encAction(){



$zrsa =new Zend_Crypt_Rsa(array("passPhrase"=>"MySecretWord","pemPath"=>"/path/to/your/keyfolder/id_rsa")); //thats the path to the private key file

$string = "Yeah, this is my SECRET MESSAGE";

$enc = $zrsa->encrypt($string, $zrsa->getPublicKey(),Zend_Crypt_Rsa::BASE64);

echo "Secret Message: {$enc}";


In the code above, we are generating output in BASE64 format, because that is readable to everyone – after you execute this action in your browser, you can see something like the following (it will differ based on your key)








Thats your encrypted string in base64 format. Plain gibberish, eh?

Now its time to decrypt the ciphered text

Step 3: Decrypt the cipher
Well, now we have our encrypted string. Lets decrypt it

$dec = $zrsa->decrypt($enc, $zrsa->getPrivateKey(),Zend_Crypt_Rsa::BASE64);

echo $dec;

Now it will output the original message “Yeah, this is my SECRET MESSAGE”

So here is everything together


public function encAction(){



$zrsa =new Zend_Crypt_Rsa(array("passPhrase"=>"MySecretWord","pemPath"=>"/path/to/your/keyfolder/id_rsa")); //thats the path to the private key file

$string = "Yeah, this is my SECRET MESSAGE";

$enc = $zrsa->encrypt($string, $zrsa->getPublicKey(),Zend_Crypt_Rsa::BASE64);

echo "Secret Message: {$enc}";

echo "

$dec = $zrsa->decrypt($enc, $zrsa->getPrivateKey(),Zend_Crypt_Rsa::BASE64);

echo $dec;
