Public-Key Cryptography in PHP

I have just been implementing a Public-Key cryptography system in PHP. This will allow users of my Automated Word Speller to link to sound files without them having their address/code in plain text and without me having to run a server-side database storing sensitive data.

I chose to make a system based on Diffie-Hellman key exchange. I share with you the parameters g and p that we will be using, along with my 'public key' g^y mod p; I keep my 'private key', y secret. You will generate your own private key, x and keep it secret (probably hidden in your code) but you will send me your public key, g^x mod p with every request. We can now both generate a key, k = g^xy mod p = (g^x mod p)^y mod p = (g^y mod p)^x mod p. This key will be used as a key to a function that does the base 10 equivalent of Vernam Encryption (addition/subtraction modulo 10). If the plaintext is longer than the generated key then the plaintext is split into blocks and ECB chaining is used.

Links to sound files look something like this: http://da.vidnicholson.com/reader/test.php?enc=eNoNysENAEEMwsCWIOQg9N%2FY7cvSyFSv61T8aKDkhtLyjCfDGoJNANPXRLyOZ6ay81YgacBbf1CFfsaeMyfIPwP%2FFF8%3D&pk=eNoNy8ERADAIAsGWEAW0%2F8aS583s9XRoZm6lxuh3XS2ILXncR%2FVBNdJZDrdBLnCi6KrwLx03bqykAmR9H3nR6wcIwRR5
Where:

• enc is a base64 encoding of a gzipped comma-separated list of encrypted blocks, and
• pk is a base64 encoding of your gzipped public key.

This URL cannot be converted to the original plain text without my private key (I invite you to try).

To create some encrypted links for yourself you can use the form below, or you may wish to see some sample code.

Try it out; enter a word: (supports a-z, 0-9, @ and .)

All source code and related services that I release are "dontation-ware". If you use the above please make a dontation (pay whatever you think the it is worth) or (where applicable) leave the link to my site attached.