I have a situation where I need my Windows Phone 8 app to communicate with my PHP server in a secure fashion. My initial thought was to use SSL and I got all my server side code working with a self-signed certificate and me just interfacing with it through my browser but when I started coding the WP app I discovered self-signed certificates are not supported by Windows Phone app SSL and I cannot afford to pay for a proper certificate for this project.
The plan I came up with is to use a sort of PHP encryption tunnel to let the app interface with the pages. What I mean is that say the request would have been "https://sub.mysite.com/mypage.php?param=value" now what I do I have a page called crypt.php and I request "http://sub.mysite.com?crypt.php?request=encryptedrequest" where "encryptedrequest" equals the RSA encrypted version of "mypage.php?param=value". The crypt page should then decrypt the request, request it locally, encrypt the result echoed by the other page and then send the encrypted result back to the app which can then decrypt it.
Getting info for using RSA on PHP and C# should not really be a problem and I can package the app with the public key for the server and vice versa so that part should not be a problem.
Unfortunately though I am a very inexperienced PHP developer and have no idea if it is somehow possible to request another PHP page on the localhost from a PHP page and then capture the echoed result, I am also struggling to find any information regarding this. Any help would be greatly appreciated.
PS. If you happen to have any info on RSA encrytpion on C# and/or PHP it would also help...
EDIT: Ok I have now sort of implemented this with http://phpseclib.sourceforge.net but the performance knock of using this instead of native SSL is just ridiculous, is there not some library that I can use to perform the cryptography more natively on my linux server?