RSA sign verification library server side and client


#1

I’m trying to verify an RSA signature generated on a web server using phpseclib (this server can only handle pure php libraries), and I’m verifying it on my plugin with Crypto++. I embedded Crypto++ to my project quite sucessfully on OsX, but it is not working on Windows I get tons of linking errors. I was going to try libsodium but then I saw that they don’t have RSA implemeted on the library. Does anyone have any recomendations on a c++ library that is compatible with RSA algorithms of phpseclib?.


#2

I don’t know about any cryptographic library, but I would be happy to help you with the linker errors you got on Windows when trying to link Crypto++. Feel free to share them.


#3

FYI I hacked together a PHP script that generates the license key for the Unlocker class as dropin replacement for the command line utility in case your server can‘t execute binaries.

The RSA generated are compatible to the JUCE class (with only minor syntax changes like adding a comma between private and public key), so I am not sure you need to party around with embedding another crypto library just for handling RSA keys.


#4

That script works well and is a good solution to create keys on any webserver having PHP support. Just be aware that for longer keys the runtime increases exponentially and enryption has to be done with the private key in this case which already is a magnitude slower than applying the public key. A reasonable trade-off between key length, complexity and security is up to you :slight_smile:

If you have Python that may be a better choice, its big integer implementation is very performant from my experience.


#5

Thanks a lot for all your answers :slight_smile: ! I was evaluating all possible solutions you shared (I’m evaluating the possibility to launch a plugin). I have my custom licensing system in PHP, so using Tracktion Marketplace keys was not an option. And cripto++ ended being too complex to maintain for my plugin. So I reimplemented all the licensing with libsodium (it also was a huge PITA), but at least is way more easy to maintain than crypto++.

Thanks again!