I am using firebase/php-jwt for generating JWT Token using the following PHP Source Code
<?php
include '../vendor/autoload.php';
use Firebase\JWT\JWT;
use Firebase\JWT\Key;
$privateKey = <<<EOD
-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQC8kGa1pSjbSYZVebtTRBLxBz5H4i2p/llLCrEeQhta5kaQu/Rn
vuER4W8oDH3+3iuIYW4VQAzyqFpwuzjkDI+17t5t0tyazyZ8JXw+KgXTxldMPEL9
5+qVhgXvwtihXC1c5oGbRlEDvDF6Sa53rcFVsYJ4ehde/zUxo6UvS7UrBQIDAQAB
AoGAb/MXV46XxCFRxNuB8LyAtmLDgi/xRnTAlMHjSACddwkyKem8//8eZtw9fzxz
bWZ/1/doQOuHBGYZU8aDzzj59FZ78dyzNFoF91hbvZKkg+6wGyd/LrGVEB+Xre0J
Nil0GReM2AHDNZUYRv+HYJPIOrB0CRczLQsgFJ8K6aAD6F0CQQDzbpjYdx10qgK1
cP59UHiHjPZYC0loEsk7s+hUmT3QHerAQJMZWC11Qrn2N+ybwwNblDKv+s5qgMQ5
5tNoQ9IfAkEAxkyffU6ythpg/H0Ixe1I2rd0GbF05biIzO/i77Det3n4YsJVlDck
ZkcvY3SK2iRIL4c9yY6hlIhs+K9wXTtGWwJBAO9Dskl48mO7woPR9uD22jDpNSwe
k90OMepTjzSvlhjbfuPN1IdhqvSJTDychRwn1kIJ7LQZgQ8fVz9OCFZ/6qMCQGOb
qaGwHmUK6xzpUbbacnYrIM6nLSkXgOAwv7XXCojvY614ILTK3iXiLBOxPu5Eu13k
eUz9sHyD6vkgZzjtxXECQAkp4Xerf5TGfQXGXhxIX52yH+N2LtujCdkQZjXAsGdm
B2zNzvrlgRmgBrklMTrMYgm1NPcW+bRLGcwgW2PTvNM=
-----END RSA PRIVATE KEY-----
EOD;
$publicKey = <<<EOD
-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC8kGa1pSjbSYZVebtTRBLxBz5H
4i2p/llLCrEeQhta5kaQu/RnvuER4W8oDH3+3iuIYW4VQAzyqFpwuzjkDI+17t5t
0tyazyZ8JXw+KgXTxldMPEL95+qVhgXvwtihXC1c5oGbRlEDvDF6Sa53rcFVsYJ4
ehde/zUxo6UvS7UrBQIDAQAB
-----END PUBLIC KEY-----
EOD;
$payload = [
'iss' => 'example.org',
'aud' => 'example.com',
'iat' => time(),
'nbf' => time() + 3600,
];
$jwt = JWT::encode($payload, $privateKey, 'RS256');
echo "Encode:\n" . print_r($jwt, true) . "<br/><br/>";
$decoded = JWT::decode($jwt, new Key($publicKey, 'RS256'));
/*
NOTE: This will now be an object instead of an associative array. To get
an associative array, you will need to cast it as such:
*/
$decoded_array = (array) $decoded;
echo "Decode:\n" . print_r($decoded_array, true) . "<br/>";
The code works fine, I am able to decode the Token properly, but when I try to verify the token using the Debugger on https://jwt.io/, it's giving an error saying, it's an invalid token.
Here is the JWT.io link with all the fields.
Note: I have read all the related questions and I am posting this question since they are unable to fix my issue.
Thanks in advance!!!
Screenshot:
Your key size is 1024 bit:
# key.pem is
# -----BEGIN RSA PRIVATE KEY-----
# MIICXAIBAAKBgQC8kGa1p...
# ...
openssl rsa -text -noout -in key.pem
RSA Private-Key: (1024 bit, 2 primes)
Now let's check for minimum requirements for RS256:
Required key size: At least 2048 bits
You have to create more secured key
Related
I am trying to create a JWT token. The other server is storing the public key in a single line and using that for validation.
Also, the public key being used for validation is in single line.
So, to generate the correct JWT token, what I think is I should also use the private key in a single line (may be with \n or may be without).
I am using openssl_sign to generate the token, which uses openssl_reource as key. I get that paramter from openssl_pkey_get_private.
But problem which happens in this case is, it either accepts the pem file path, or the key in PEM string format. So, if I pass the private_key as a single line, it doesn't give me the required output.
So, how can I resolve this. As I see other language libraries able to generate signature by passing private key in a single line.
In PHP the key can be formatted with line breaks or as a one-liner (with \n). Both works. In the following example I use a 512-bit encrypted RSA-key for simplicity (although in practice a larger key (>= 2048 bit) must be used for security reasons):
<?php
// Private key: 512 bit for simplicity
// Passphrase: MyPassphrase
// openssl genrsa -aes256 -out private.pem 512
$privKeyEnc = "-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-256-CBC,8F2D6F9594B3D379BF9D9748BD174458
RP2fyz1VNBKHiCadC5B9fjxV7z7AMAqbsN2vykFfPhdUFsxlJaecEeTMT7s6IbZN
Pr80+ljLjJ0SxJiK+j8DAc/Wrf+qyYUFcWbsvOhUIPyB5ww9+mEeIERJCigsyZJ7
k/Apau/BypdC9vCXKB3wM9FcmvP1g/ZwVoXfN3TIPEfWTktvuf74yFNoIaVbZAK/
+tzAGduu9wLkr6WTq4Isqy/IPjVCp9VwH1wNnz+hjkO7oELcCpFieIvAidUMKBR9
EdexLQCimbOl2wlfRNLincK8+FDOVWx6ElFFQlhzyWQCt8ed1fdiAggKxOco4Ww2
tFjIzaO4KXlbc9JFGd9PzigpftN/aHbk3c+x0E+3q5u8eySai4vgk38s1KaE7rn/
rarCgtGxOlbbTkI3opkjIrGlrsEyexKtS23mI/Dgcco=
-----END RSA PRIVATE KEY-----";
// One-liner using \n
$privKeyEnc_1Line = "-----BEGIN RSA PRIVATE KEY-----\nProc-Type: 4,ENCRYPTED\nDEK-Info: AES-256-CBC,8F2D6F9594B3D379BF9D9748BD174458\n\nRP2fyz1VNBKHiCadC5B9fjxV7z7AMAqbsN2vykFfPhdUFsxlJaecEeTMT7s6IbZN\nPr80+ljLjJ0SxJiK+j8DAc/Wrf+qyYUFcWbsvOhUIPyB5ww9+mEeIERJCigsyZJ7\nk/Apau/BypdC9vCXKB3wM9FcmvP1g/ZwVoXfN3TIPEfWTktvuf74yFNoIaVbZAK/\n+tzAGduu9wLkr6WTq4Isqy/IPjVCp9VwH1wNnz+hjkO7oELcCpFieIvAidUMKBR9\nEdexLQCimbOl2wlfRNLincK8+FDOVWx6ElFFQlhzyWQCt8ed1fdiAggKxOco4Ww2\ntFjIzaO4KXlbc9JFGd9PzigpftN/aHbk3c+x0E+3q5u8eySai4vgk38s1KaE7rn/\nrarCgtGxOlbbTkI3opkjIrGlrsEyexKtS23mI/Dgcco=\n-----END RSA PRIVATE KEY-----";
// Public key:
// Passphrase: MyPassphrase
// openssl rsa -in private.pem -outform PEM -pubout -out public.pem
$pubKey = "-----BEGIN PUBLIC KEY-----
MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAMjYQLbdIVgKX1mSyKijOIpmlB9YWui1
KoCniRNHUPEsxth+o9fZXZMo1gzh9ZlFs6VLiyU7kv2+5QElOnhNzwcCAwEAAQ==
-----END PUBLIC KEY-----";
// One-liner using \n
$pubKey_1Line = "-----BEGIN PUBLIC KEY-----\nMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAMjYQLbdIVgKX1mSyKijOIpmlB9YWui1\nKoCniRNHUPEsxth+o9fZXZMo1gzh9ZlFs6VLiyU7kv2+5QElOnhNzwcCAwEAAQ==\n-----END PUBLIC KEY-----";
$dataToSign = 'The quick brown fox jumps over the lazy dog.';
// Signing
//$privateKey = openssl_pkey_get_private("$privKeyEnc", "MyPassphrase"); // also works
$privateKey = openssl_pkey_get_private("$privKeyEnc_1Line", "MyPassphrase");
openssl_sign($dataToSign, $signature, $privateKey, 'sha256');
$signatureBase64 = base64_encode($signature);
print("Signature (Base64): ".$signatureBase64."<br>");
// Verifying
$publicKey = openssl_pkey_get_public("$pubKey");
//$publicKey = openssl_pkey_get_public("$pubKey_1Line"); // also works
$verified = openssl_verify($dataToSign, $signature, $publicKey,'sha256');
print("Verification: ".$verified."<br>");
/*
Output:
Signature (Base64): KVuUd+xy6at0emmhF20rbiD9lWzIN9euwKbeEm7aMvxqEkJ68HrjAoDJ37R3QGPI24woXY3TON9pahAhx+YNhQ==
Verification: 1
*/
?>
To authenticate a google oauth2 token, I'm generating a public key for kid "b863b534069bfc0207197bcf831320d1cdc2cee2" from the modulus (n) and exponent (e) from:
https://www.googleapis.com/oauth2/v3/certs
{
"alg": "RS256",
"n": "8h6tCwOYDPtzyFivNaIguQVc_yBO5eOA2kUu_MAN8s4VWn8tIfCbVvcAz3yNwQuGpkdNg8gTk9QmReXl4SE8m7aCa0iRcBBWLyPUt6TM1RkYE51rOGYhjWxo9V8ogMXSBclE6x0t8qFY00l5O34gjYzXtyvyBX7Sw5mGuNLVAzq2nsCTnIsHrIaBy70IKU3FLsJ_PRYyViXP1nfo9872q3mtn7bJ7_hqss0vDgUiNAqPztVIsrZinFbaTgXjLhBlUjFWgJx_g4p76CJkjQ3-puZRU5A0D04KvqQ_0AWcN1Q8pvwQ9V4uGHm6Bop9nUhIcZJYjjlTM9Pkx_JnVOfekw",
"use": "sig",
"kid": "b863b534069bfc0207197bcf831320d1cdc2cee2",
"e": "AQAB",
"kty": "RSA"
}
I then create the RSA 256 public key in php with:
$rsa = new Crypt_RSA();
$modulus = new Math_BigInteger(base64url_decode($cert["n"]), 256);
$exponent = new Math_BigInteger(base64url_decode($cert["e"]), 256);
$rsa->loadKey(array('n' => $modulus, 'e' => $exponent));
$rsa->setPublicKey();
$public_key = $rsa->getPublicKey();
This generates public key:
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuopEuQyOKMsQq90I/5on
1nNBPc7stMvsN1HC+Pgyu8nJ1qWwaAAqIv4edo2oG/Bo3eg6p+OjG3nbFL62S6hE
aJLUVfxhW5GQuxQlsvaA2MsZuZCRyKTv8bm641wM+biGVZLiDsLRylVdpxf4aGa9
9zZw+QZMVKL4f9B4SunyTugTaCIu8LBOQesCQp/QJaUjqMDhfEvoFQXiCn6zo3rW
EWBiKxiFBizH9jSfWimJecFhn0Vlv/Vs7pRb0X2y66VS3gTvR6/A3ooNz3tYAJPM
GoE8fAiEghYXXHjmWmgdRx9Qt9sa/ACwv7yx0Th27fw+rrsMSrUyaqRpn/fjIMTu
sQIDAQAB
-----END PUBLIC KEY-----
This same method worked with dozens of other RS256 kid's from google, but the public key does not work with this particular kid.
I am verifying the signature with:
openssl_verify($payload_to_verify, $safe_signature, $public_key, OPENSSL_ALGO_SHA256);
Which responds with '0' for failure.
Edit #2: Found google's version of the public key at:
https://www.googleapis.com/oauth2/v1/certs
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8h6tCwOYDPtzyFivNaIg
uQVc/yBO5eOA2kUu/MAN8s4VWn8tIfCbVvcAz3yNwQuGpkdNg8gTk9QmReXl4SE8
m7aCa0iRcBBWLyPUt6TM1RkYE51rOGYhjWxo9V8ogMXSBclE6x0t8qFY00l5O34g
jYzXtyvyBX7Sw5mGuNLVAzq2nsCTnIsHrIaBy70IKU3FLsJ/PRYyViXP1nfo9872
q3mtn7bJ7/hqss0vDgUiNAqPztVIsrZinFbaTgXjLhBlUjFWgJx/g4p76CJkjQ3+
puZRU5A0D04KvqQ/0AWcN1Q8pvwQ9V4uGHm6Bop9nUhIcZJYjjlTM9Pkx/JnVOfe
kwIDAQAB
-----END PUBLIC KEY-----
My generated public key is different. Why my generated public key is wrong?
I confirm that the key is not correctly converted by the RSA Crypt package.
Wrong key
Good key
I tried to convert that key with another application (web-token/jwt-app) and I got the same result as the one provided by Google.
curl -OL https://github.com/web-token/jwt-app/raw/gh-pages/jose.phar
curl -OL https://github.com/web-token/jwt-app/raw/gh-pages/jose.phar.pubkey
chmod +x jose.phar
./jose.phar key:convert:pkcs1 '{"alg": "RS256","n": "8h6tCwOYDPtzyFivNaIguQVc_yBO5eOA2kUu_MAN8s4VWn8tIfCbVvcAz3yNwQuGpkdNg8gTk9QmReXl4SE8m7aCa0iRcBBWLyPUt6TM1RkYE51rOGYhjWxo9V8ogMXSBclE6x0t8qFY00l5O34gjYzXtyvyBX7Sw5mGuNLVAzq2nsCTnIsHrIaBy70IKU3FLsJ_PRYyViXP1nfo9872q3mtn7bJ7_hqss0vDgUiNAqPztVIsrZinFbaTgXjLhBlUjFWgJx_g4p76CJkjQ3-puZRU5A0D04KvqQ_0AWcN1Q8pvwQ9V4uGHm6Bop9nUhIcZJYjjlTM9Pkx_JnVOfekw","use": "sig","kid": "b863b534069bfc0207197bcf831320d1cdc2cee2","e": "AQAB","kty": "RSA"}'
Best would be to warn phpseclib/phpseclib about that issue.
I manage to generate private / public keys using the following script :
$res = openssl_pkey_new(array('private_key_bits' => 2048,'private_key_type' => OPENSSL_KEYTYPE_RSA));
openssl_pkey_export($res, $privkey);
file_put_contents('test.private.key', $privkey);
$pubkey = openssl_pkey_get_details($res);
$pubkey = $pubkey["key"];
file_put_contents('test.public.key', $pubkey);
The generated files :
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAwQ5L0JQ2G5zGhC4uDISo6krN/mKrBuULYhrVL9Zdve+C9DuH
6uDTRCC07PvIKcHVj13vKB4YvRlwCCAxHg5p34P3W9vjmrI91rdVJ31noRvJ/i5Z
jNBfy7c8NrIOA6m4gicfPbozuQU741jLSncdQuyZRrADbFWppIz/mLm5WDZk6+NU
yAM2o0jvDsKE7i3sT+IKJpjUC8mE+RONIooNtHB3GJarsCKg5L6e0EaGXlVp9Mez
lSSn/Z5p1Wu3GJq02lNGLT5BVgCfE7ajBDZWRDG+Mbp4/YCt/zXz5XWm2/BxD78c
2wH3qMs/bIjvq5MTta4E2VQTSCxI5fMjRUf5QQIDAQABAoIBAQCvZuXLJF3kyJQ1
FCASj5VJCZ4POmZZZVDqWabIR+Pz5eD9NflPleVdSLoZdslt5wa5s4bO1El1xd7c
AyOdQ0s+IRBlDWvF6Zv1saxUrMOyxSTJJCOIpOnklR7IMw44lcNlvVXNJ5hGylKX
RN2vUnnrjDvW1aTGkS4Iq3KuuE+FrJIOm9Lb7z4Nj7BwmgwUtbB5NQKFDVohPp+w
pFGPHrN6dCy+qoSlY/IP89u6f7g9HBEM+n91uO6dQwSb/YxBROLMffXNJKA+UKex
UIIZlrPUcFN+yDVbQBmMFA3PYbBvwqZfpwzslIoUS+CGE/MorbW77/Qy2P4BC3/D
h8dmRDiBAoGBAOIDLHoMwT3FP+jlgZiAktQjShGRQJ+Li66L1nNIAJSeE8Nna5Sk
E3R1TBIZBmAGUZJ00POUWUMooAQIGF597hnFuENZIYpvulkKDCCUVx24kZDbyady
TcWdnEZfRmun5H7JfTlJl1HjqgGxKOc3ek/xDxoqiNf2WqScIom+dWndAoGBANqr
tQZyvpwv8FZVgkmteCCJb5NZzs04NzrT/i792/mL9Y45VxneLJVbXrAmQw/ClfVi
Z04NamqeOvVwUByoxWvZwLtyNt2dhpmtYlWuMRdo505BW1I75UIZYbWgZTtVq+PR
mf0SxNYXTsJQsqTTkqHQOMOHj8JyoAG1Z04J4qC1AoGAEkDpXa4cCU4d/ERU9Ckm
MqXq/II7sucFUAKRPlxJV7dwpy56HNYnkBdNHoUQ475+5hIzMgkAMJFeYxT4SuFm
0oQKfr37HIArj7dlBViVtJvMfeOSZMixiU1SasiVGmrD5I2HZJIR+5Yki+BwCkSL
x1sTuixHQxHtfi/yBifwua0CgYBPaGFRmSOc5k+5mk244bSo5B/Pe6J8pbhwtYEt
oWRbh7bBUhNOQn8gMdD92Lcrpvb76CMplfeaBiHU9VcyQRuIIcg6iaxg6A50CiGW
ia4sGR0+Lr+x6ixDx6HS6g8479B+56Oq4kD2mfow2Es3TdmGx22Fm9nZu/RdCnoc
Pby9rQKBgAak6zdKdMHzmHd+r2rbCTqT/NOIoip1zYpEGpiginkZcpy7Mz4iBL1Y
H7a2sa5k9Pykm2sQYoFPM8vn7halDcuAV7mjiV4XyiM5wRRWHTqSoUgjElexE0W5
HoQvWv10NBFqySMSfCm+YFXZGY17usxAJPSIySHzoTVRJEIjAw0G
-----END RSA PRIVATE KEY-----
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwQ5L0JQ2G5zGhC4uDISo
6krN/mKrBuULYhrVL9Zdve+C9DuH6uDTRCC07PvIKcHVj13vKB4YvRlwCCAxHg5p
34P3W9vjmrI91rdVJ31noRvJ/i5ZjNBfy7c8NrIOA6m4gicfPbozuQU741jLSncd
QuyZRrADbFWppIz/mLm5WDZk6+NUyAM2o0jvDsKE7i3sT+IKJpjUC8mE+RONIooN
tHB3GJarsCKg5L6e0EaGXlVp9MezlSSn/Z5p1Wu3GJq02lNGLT5BVgCfE7ajBDZW
RDG+Mbp4/YCt/zXz5XWm2/BxD78c2wH3qMs/bIjvq5MTta4E2VQTSCxI5fMjRUf5
QQIDAQAB
-----END PUBLIC KEY-----
Could someone tell me how to retrieve my keys, in order to encrypt / decrypt files. I'm trying the following :
$privkey = openssl_pkey_get_private('file://test.private.key')
$pubkey = openssl_pkey_get_public('file://test.public.key')
But these functions return false...
Thanks
Ok sorry forget about this post, I just tried to make it hard where it's very simple : A file_get_contents('test.public.key') is enough to retrieve the keys ;)
Private key:
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,A3CEE9AD263E2C7F
td8ySvosoIOBjoZMxA5rnr//1YoZsyReia9P9xJVXf1D+ime68AFTEf0A+is9whB
9dthPGhJ3SiOBrFZICNuFZrPmXtrw0T5VoJHs3I71yHIclgKA6AMKYVwUBfzdwLL
1RKwkGeZI7nkXTCmG1ZF0pa0v6CmWinZCv6capTF8WVEwTxggvOyxbCqltkVsDyV
cO5j2zZhhqIP+/peMxzTs7lqsWIhHgohsCPAVsBp8fFyuu1I6RUSgVANzjkN4K+k
sQ1+l7oJKJh4FnzWNaj0VMwNPGXastA97TSTmqciSUohb6yUOArFZUxIQ9o9mH8c
P4ajkmLrYOUcwA1+e9QPTTeQko2wF3Lla1a57Wq8zLIjexsF2E5klkBUCopyeBOL
p8MgmB18k9/43W45v4fQZjojRyn07Q+Wu25tTdqC00GFDCzH2CR7p9O+Uc67SjcB
4FqKjLez9QwJbPoZvdAhjbiarV251eoXwq2RtHv7teH8S629x/9vGryUNnNHw5mJ
2XPiIWWW/y/lIw3e1GIRsNm8cW2KSkB9pYHGbVEwEjCp1ozFsTLockjpMpqVvHET
l4XVYhQx6RXQQx8NkofwYBSlqI7KvbCSPDxPhLDe6vY0aPITFmmevEL5SY7qb6QU
5Yj2blmA9UxDMqsAfWQZrTonwa1NiYzh0FAc+kPb0cUOWkP3EMfmVvY8fLtJ7Y+w
C5cWO24j8k1E5KNr8kYuT2tKfMNB3V5hL35Dq1XZNYvXbT167+wDWjiaSwZuQQKi
eFJoqj0nHLkGzdgrPifxNyoP4IqZ28sdOcYHfN/EQZFNEKy0DlujOg==
-----END RSA PRIVATE KEY-----
And string:
eyJhZ2VudCI6InBsYWFheS10ZXN0IiwidGltZXNhbHQiOjEzMjY4MTUxMDgsImFjdGlvbiI6InRlc3QiLCJ2ZXJzaW9uIjoiMS4wLjEiLCJpZCI6MX0=
I need generate signature to that string.
Code:
$xpacket = eyJhZ2VudCI6InBsYWFheS10ZXN0IiwidGltZXNhbHQiOjEzMjY4MTUxMDgsImFjdGlvbiI6InRlc3QiLCJ2ZXJzaW9uIjoiMS4wLjEiLCJpZCI6MX0=;
include('Crypt/RSA.php');
$rsa = new Crypt_RSA();
$rsa->loadKey(file_get_contents('private_rsa'), CRYPT_RSA_PUBLIC_FORMAT_PKCS1); //tryied any format there
$rsa->setSignatureMode(CRYPT_DES_MODE_3CBC);
$rsa->setPassword('my_password');
$signature = $rsa->sign($xpacket); //
echo $signature;
First i'd recieve this error:
Warning: mcrypt_generic_init() [function.mcrypt-generic-init]: Key size too large; supplied length: 26, max: 24 in /var/www/u2113183/data/www/plaaay.ru/api/Crypt/TripleDES.php on line 708
Than i tried to change in TripleDES.php line 255 from
define('CRYPT_DES_MODE', CRYPT_DES_MODE_MCRYPT);
to
define('CRYPT_DES_MODE', CRYPT_DES_MODE_INTERNAL);
To force internal mode. But in internal mode i recieve that error:
Warning: unpack() [function.unpack]: Type N: not enough input, need 4, have 2 in /var/www/u2113183/data/www/plaaay.ru/api/Crypt/DES.php on line 1047
Tell me please what is wrong?
Thank you.
$rsa->setPassword() should be called before $rsa->loadKey().
Also, CRYPT_DES_MODE_3CBC isn't a valid signature mode. The fact that the private key is encrypted key will be auto-detected by phpseclib because of the DEK-Info: DES-EDE3-CBC,A3CEE9AD263E2C7F line in the private key. The valid parameters for $rsa->setSignatureMode() are CRYPT_RSA_SIGNATURE_PSS and CRYPT_RSA_SIGNATURE_PKCS1.
I've got following php test code:
$priv_key = '-----BEGIN DSA PRIVATE KEY-----
MIIDVQIBAAKCAQEAgoiNtnpekz2WSBOiEO9bq73SEkws9OYxMyV7Tf3JBpBIIyvc
fci8ez+dLmFN3jZiDQKm7h/h70ainWjdHRMqQubv5M087fWnVbN7/vk4cpYOJ4AK
XpshLipJ93dajRBxGRSk709ykmK+fCcAuqCvsBl80d6hGqpnGDYb9h1g0/+afNm7
Wun/yA7QSpqmvqDu5fyp8s7Pa8sjFT7Yad/K8ZH6MeEl7hltiFjhpWRSdI5NCa0m
lxopbp0V8ekZgoTfYOLynTIXTJQxWc4dnELhFtQ//x6cle+XcXeU6fA+KvgrYJV2
QkWBfBmDXMByl/3GJ9ImyBFHT4WcaQnXf6KaZwIhAIZVyb3K2kt/BGYDCzrXBQAt
Y7IaPQ8njArMPSiXuxrBAoIBAFEKon1yjx4NlnnJ3S1KQawiB6Ct+UjR5wAf3WCk
+bE0nPbq02sHPDZTOAMpwd54O0nYIKoLT67cX17DMcV/yA2qcodZfKySDzEwleIS
hlNXUYOxMQ3hWP9L+Hamus0KvpXxiJ9ayXbCq7AD8wXujQPYyptazvW02ay9AQzZ
GydmVFYa00IfG7scSzneDRpafg0HB1HoG4Aer+WxMTWXlyc+4F+wEn5zCU6qrUAX
/x6qV4L6FDA7qIIUSbrdLekvrTe/1vo+59+LLp5T9oIl0oKSs1+Zdd7aZoeSH/j4
j73X79e6PdrmRcUlTW8bdXLsOsQcsttI9pDYM6FtO/t6d9ECggEAJv33pYZL4tFb
0x9MBZapgzybtYeDKMkXmU5cY1Sx20U5XV1+Hr5XKo5ccEiBHBLeII87wRasMM74
P1dzTvXxl4YIcKm8wfbLNSEpZnLqFYkS0Rnxo0LNMdL/r2pIT2oFAix4O7+twHee
R8IHmwT7JRHUiJaco2Va/fGpIHa8XannET3ItB0rw84nKJ4ikyfXqkJDPj85xcrW
43Vd+YZsWbzvSr41dfKEs5ZFz0JcyjVYM+csalq7lj7s9t+qkiI0YFw2qGk0cdp2
zks7lqknfMLvBTd2m5/gcz82JaqrZPA5FZ3SyYWWdZMMD7pubXteCaDBfdZaQyCQ
KfAwGF7SRgIgRTnow19Mz5gmWpgmSfIJSZ8aGDUxnm7Y4+1AQh/whU4=
-----END DSA PRIVATE KEY-----
';
$data = "test";//$_GET['i'];
// compute signature
if(!openssl_sign($data, $signature, $priv_key,OPENSSL_ALGO_DSS1)){
echo "Failed to sign data: $data";
}
echo base64_encode($signature);
$pukeyid = '-----BEGIN PUBLIC KEY-----
MIIDRjCCAjkGByqGSM44BAEwggIsAoIBAQCCiI22el6TPZZIE6IQ71urvdISTCz0
5jEzJXtN/ckGkEgjK9x9yLx7P50uYU3eNmINAqbuH+HvRqKdaN0dEypC5u/kzTzt
9adVs3v++Thylg4ngApemyEuKkn3d1qNEHEZFKTvT3KSYr58JwC6oK+wGXzR3qEa
qmcYNhv2HWDT/5p82bta6f/IDtBKmqa+oO7l/Knyzs9ryyMVPthp38rxkfox4SXu
GW2IWOGlZFJ0jk0JrSaXGilunRXx6RmChN9g4vKdMhdMlDFZzh2cQuEW1D//HpyV
75dxd5Tp8D4q+CtglXZCRYF8GYNcwHKX/cYn0ibIEUdPhZxpCdd/oppnAiEAhlXJ
vcraS38EZgMLOtcFAC1jsho9DyeMCsw9KJe7GsECggEAUQqifXKPHg2WecndLUpB
rCIHoK35SNHnAB/dYKT5sTSc9urTawc8NlM4AynB3ng7SdggqgtPrtxfXsMxxX/I
Dapyh1l8rJIPMTCV4hKGU1dRg7ExDeFY/0v4dqa6zQq+lfGIn1rJdsKrsAPzBe6N
A9jKm1rO9bTZrL0BDNkbJ2ZUVhrTQh8buxxLOd4NGlp+DQcHUegbgB6v5bExNZeX
Jz7gX7ASfnMJTqqtQBf/HqpXgvoUMDuoghRJut0t6S+tN7/W+j7n34sunlP2giXS
gpKzX5l13tpmh5If+PiPvdfv17o92uZFxSVNbxt1cuw6xByy20j2kNgzoW07+3p3
0QOCAQUAAoIBACb996WGS+LRW9MfTAWWqYM8m7WHgyjJF5lOXGNUsdtFOV1dfh6+
VyqOXHBIgRwS3iCPO8EWrDDO+D9Xc0718ZeGCHCpvMH2yzUhKWZy6hWJEtEZ8aNC
zTHS/69qSE9qBQIseDu/rcB3nkfCB5sE+yUR1IiWnKNlWv3xqSB2vF2p5xE9yLQd
K8POJyieIpMn16pCQz4/OcXK1uN1XfmGbFm870q+NXXyhLOWRc9CXMo1WDPnLGpa
u5Y+7PbfqpIiNGBcNqhpNHHads5LO5apJ3zC7wU3dpuf4HM/NiWqq2TwORWd0smF
lnWTDA+6bm17XgmgwX3WWkMgkCnwMBhe0kY=
-----END PUBLIC KEY-----';
$valid = openssl_verify($data, $signature, $pukeyid, OPENSSL_ALGO_DSS1);
echo "<br/>Signature validity: ".$valid;
When I run it on Amazon server, it works as expected. But when I try to transfer it to shared hosting on hostgator or ovh.co.uk it simply fails.
On hostgator it returns a valid-looking signature but fails to verify that the signature is correct. On ovh.co.uk it returns following:
QA==
Signature validity: -1
Those are obviously problems with servers. What should be fixed for this to work?