I am trying to create a JWT token. The other server is storing the public key in a single line and using that for validation.
Also, the public key being used for validation is in single line.
So, to generate the correct JWT token, what I think is I should also use the private key in a single line (may be with \n or may be without).
I am using openssl_sign to generate the token, which uses openssl_reource as key. I get that paramter from openssl_pkey_get_private.
But problem which happens in this case is, it either accepts the pem file path, or the key in PEM string format. So, if I pass the private_key as a single line, it doesn't give me the required output.
So, how can I resolve this. As I see other language libraries able to generate signature by passing private key in a single line.
In PHP the key can be formatted with line breaks or as a one-liner (with \n). Both works. In the following example I use a 512-bit encrypted RSA-key for simplicity (although in practice a larger key (>= 2048 bit) must be used for security reasons):
<?php
// Private key: 512 bit for simplicity
// Passphrase: MyPassphrase
// openssl genrsa -aes256 -out private.pem 512
$privKeyEnc = "-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-256-CBC,8F2D6F9594B3D379BF9D9748BD174458
RP2fyz1VNBKHiCadC5B9fjxV7z7AMAqbsN2vykFfPhdUFsxlJaecEeTMT7s6IbZN
Pr80+ljLjJ0SxJiK+j8DAc/Wrf+qyYUFcWbsvOhUIPyB5ww9+mEeIERJCigsyZJ7
k/Apau/BypdC9vCXKB3wM9FcmvP1g/ZwVoXfN3TIPEfWTktvuf74yFNoIaVbZAK/
+tzAGduu9wLkr6WTq4Isqy/IPjVCp9VwH1wNnz+hjkO7oELcCpFieIvAidUMKBR9
EdexLQCimbOl2wlfRNLincK8+FDOVWx6ElFFQlhzyWQCt8ed1fdiAggKxOco4Ww2
tFjIzaO4KXlbc9JFGd9PzigpftN/aHbk3c+x0E+3q5u8eySai4vgk38s1KaE7rn/
rarCgtGxOlbbTkI3opkjIrGlrsEyexKtS23mI/Dgcco=
-----END RSA PRIVATE KEY-----";
// One-liner using \n
$privKeyEnc_1Line = "-----BEGIN RSA PRIVATE KEY-----\nProc-Type: 4,ENCRYPTED\nDEK-Info: AES-256-CBC,8F2D6F9594B3D379BF9D9748BD174458\n\nRP2fyz1VNBKHiCadC5B9fjxV7z7AMAqbsN2vykFfPhdUFsxlJaecEeTMT7s6IbZN\nPr80+ljLjJ0SxJiK+j8DAc/Wrf+qyYUFcWbsvOhUIPyB5ww9+mEeIERJCigsyZJ7\nk/Apau/BypdC9vCXKB3wM9FcmvP1g/ZwVoXfN3TIPEfWTktvuf74yFNoIaVbZAK/\n+tzAGduu9wLkr6WTq4Isqy/IPjVCp9VwH1wNnz+hjkO7oELcCpFieIvAidUMKBR9\nEdexLQCimbOl2wlfRNLincK8+FDOVWx6ElFFQlhzyWQCt8ed1fdiAggKxOco4Ww2\ntFjIzaO4KXlbc9JFGd9PzigpftN/aHbk3c+x0E+3q5u8eySai4vgk38s1KaE7rn/\nrarCgtGxOlbbTkI3opkjIrGlrsEyexKtS23mI/Dgcco=\n-----END RSA PRIVATE KEY-----";
// Public key:
// Passphrase: MyPassphrase
// openssl rsa -in private.pem -outform PEM -pubout -out public.pem
$pubKey = "-----BEGIN PUBLIC KEY-----
MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAMjYQLbdIVgKX1mSyKijOIpmlB9YWui1
KoCniRNHUPEsxth+o9fZXZMo1gzh9ZlFs6VLiyU7kv2+5QElOnhNzwcCAwEAAQ==
-----END PUBLIC KEY-----";
// One-liner using \n
$pubKey_1Line = "-----BEGIN PUBLIC KEY-----\nMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAMjYQLbdIVgKX1mSyKijOIpmlB9YWui1\nKoCniRNHUPEsxth+o9fZXZMo1gzh9ZlFs6VLiyU7kv2+5QElOnhNzwcCAwEAAQ==\n-----END PUBLIC KEY-----";
$dataToSign = 'The quick brown fox jumps over the lazy dog.';
// Signing
//$privateKey = openssl_pkey_get_private("$privKeyEnc", "MyPassphrase"); // also works
$privateKey = openssl_pkey_get_private("$privKeyEnc_1Line", "MyPassphrase");
openssl_sign($dataToSign, $signature, $privateKey, 'sha256');
$signatureBase64 = base64_encode($signature);
print("Signature (Base64): ".$signatureBase64."<br>");
// Verifying
$publicKey = openssl_pkey_get_public("$pubKey");
//$publicKey = openssl_pkey_get_public("$pubKey_1Line"); // also works
$verified = openssl_verify($dataToSign, $signature, $publicKey,'sha256');
print("Verification: ".$verified."<br>");
/*
Output:
Signature (Base64): KVuUd+xy6at0emmhF20rbiD9lWzIN9euwKbeEm7aMvxqEkJ68HrjAoDJ37R3QGPI24woXY3TON9pahAhx+YNhQ==
Verification: 1
*/
?>
Related
I am using firebase/php-jwt for generating JWT Token using the following PHP Source Code
<?php
include '../vendor/autoload.php';
use Firebase\JWT\JWT;
use Firebase\JWT\Key;
$privateKey = <<<EOD
-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQC8kGa1pSjbSYZVebtTRBLxBz5H4i2p/llLCrEeQhta5kaQu/Rn
vuER4W8oDH3+3iuIYW4VQAzyqFpwuzjkDI+17t5t0tyazyZ8JXw+KgXTxldMPEL9
5+qVhgXvwtihXC1c5oGbRlEDvDF6Sa53rcFVsYJ4ehde/zUxo6UvS7UrBQIDAQAB
AoGAb/MXV46XxCFRxNuB8LyAtmLDgi/xRnTAlMHjSACddwkyKem8//8eZtw9fzxz
bWZ/1/doQOuHBGYZU8aDzzj59FZ78dyzNFoF91hbvZKkg+6wGyd/LrGVEB+Xre0J
Nil0GReM2AHDNZUYRv+HYJPIOrB0CRczLQsgFJ8K6aAD6F0CQQDzbpjYdx10qgK1
cP59UHiHjPZYC0loEsk7s+hUmT3QHerAQJMZWC11Qrn2N+ybwwNblDKv+s5qgMQ5
5tNoQ9IfAkEAxkyffU6ythpg/H0Ixe1I2rd0GbF05biIzO/i77Det3n4YsJVlDck
ZkcvY3SK2iRIL4c9yY6hlIhs+K9wXTtGWwJBAO9Dskl48mO7woPR9uD22jDpNSwe
k90OMepTjzSvlhjbfuPN1IdhqvSJTDychRwn1kIJ7LQZgQ8fVz9OCFZ/6qMCQGOb
qaGwHmUK6xzpUbbacnYrIM6nLSkXgOAwv7XXCojvY614ILTK3iXiLBOxPu5Eu13k
eUz9sHyD6vkgZzjtxXECQAkp4Xerf5TGfQXGXhxIX52yH+N2LtujCdkQZjXAsGdm
B2zNzvrlgRmgBrklMTrMYgm1NPcW+bRLGcwgW2PTvNM=
-----END RSA PRIVATE KEY-----
EOD;
$publicKey = <<<EOD
-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC8kGa1pSjbSYZVebtTRBLxBz5H
4i2p/llLCrEeQhta5kaQu/RnvuER4W8oDH3+3iuIYW4VQAzyqFpwuzjkDI+17t5t
0tyazyZ8JXw+KgXTxldMPEL95+qVhgXvwtihXC1c5oGbRlEDvDF6Sa53rcFVsYJ4
ehde/zUxo6UvS7UrBQIDAQAB
-----END PUBLIC KEY-----
EOD;
$payload = [
'iss' => 'example.org',
'aud' => 'example.com',
'iat' => time(),
'nbf' => time() + 3600,
];
$jwt = JWT::encode($payload, $privateKey, 'RS256');
echo "Encode:\n" . print_r($jwt, true) . "<br/><br/>";
$decoded = JWT::decode($jwt, new Key($publicKey, 'RS256'));
/*
NOTE: This will now be an object instead of an associative array. To get
an associative array, you will need to cast it as such:
*/
$decoded_array = (array) $decoded;
echo "Decode:\n" . print_r($decoded_array, true) . "<br/>";
The code works fine, I am able to decode the Token properly, but when I try to verify the token using the Debugger on https://jwt.io/, it's giving an error saying, it's an invalid token.
Here is the JWT.io link with all the fields.
Note: I have read all the related questions and I am posting this question since they are unable to fix my issue.
Thanks in advance!!!
Screenshot:
Your key size is 1024 bit:
# key.pem is
# -----BEGIN RSA PRIVATE KEY-----
# MIICXAIBAAKBgQC8kGa1p...
# ...
openssl rsa -text -noout -in key.pem
RSA Private-Key: (1024 bit, 2 primes)
Now let's check for minimum requirements for RS256:
Required key size: At least 2048 bits
You have to create more secured key
I want to encode and decode my data using Laravel PHP-JWT package. which require Private and Public Key in string format.
Therefore, I have created the certificate.pem by converting .crt to .pem format using below command
x509 -inform DER -outform PEM -in cert.crt -out certificate.pem
As openssl_pkey_get_private and openssl_pkey_get_public accept certificate in .pem format as parameter and Return Positive Key Resources.
Note: Positive Key Resouces is resource id='588' type='OpenSSL key' in debugging.
/* Path to certificate */
$path = storage_path('test/certificate.pem');
/* Extract the private key from $res to $privKey */
$privKey = openssl_pkey_get_private($path);
/* Extract the public key from $res to $pubKey */
$pubKey = openssl_pkey_get_public($path);
Query 1: Returning false in both $privKey and $pubKey
Query 2: Will JWT::encode accept as a parameter these Key Resouces object which is returning from OpenSSL function?
Is there any alternative?
Edit 1: I have OpenSSL enabled in phpinfo.
Edit 2: openssl_error_string output.
$path = storage_path('test/certificate.pem');
$private_key = openssl_pkey_get_private(file_get_contents($path)); // resource id='565' type='OpenSSL key'
$public_key = openssl_pkey_get_public(file_get_contents($path)); // false
$pubkey_error_message = openssl_error_string(); // "error:0909006C:PEM routines:get_name:no start line"
To authenticate a google oauth2 token, I'm generating a public key for kid "b863b534069bfc0207197bcf831320d1cdc2cee2" from the modulus (n) and exponent (e) from:
https://www.googleapis.com/oauth2/v3/certs
{
"alg": "RS256",
"n": "8h6tCwOYDPtzyFivNaIguQVc_yBO5eOA2kUu_MAN8s4VWn8tIfCbVvcAz3yNwQuGpkdNg8gTk9QmReXl4SE8m7aCa0iRcBBWLyPUt6TM1RkYE51rOGYhjWxo9V8ogMXSBclE6x0t8qFY00l5O34gjYzXtyvyBX7Sw5mGuNLVAzq2nsCTnIsHrIaBy70IKU3FLsJ_PRYyViXP1nfo9872q3mtn7bJ7_hqss0vDgUiNAqPztVIsrZinFbaTgXjLhBlUjFWgJx_g4p76CJkjQ3-puZRU5A0D04KvqQ_0AWcN1Q8pvwQ9V4uGHm6Bop9nUhIcZJYjjlTM9Pkx_JnVOfekw",
"use": "sig",
"kid": "b863b534069bfc0207197bcf831320d1cdc2cee2",
"e": "AQAB",
"kty": "RSA"
}
I then create the RSA 256 public key in php with:
$rsa = new Crypt_RSA();
$modulus = new Math_BigInteger(base64url_decode($cert["n"]), 256);
$exponent = new Math_BigInteger(base64url_decode($cert["e"]), 256);
$rsa->loadKey(array('n' => $modulus, 'e' => $exponent));
$rsa->setPublicKey();
$public_key = $rsa->getPublicKey();
This generates public key:
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuopEuQyOKMsQq90I/5on
1nNBPc7stMvsN1HC+Pgyu8nJ1qWwaAAqIv4edo2oG/Bo3eg6p+OjG3nbFL62S6hE
aJLUVfxhW5GQuxQlsvaA2MsZuZCRyKTv8bm641wM+biGVZLiDsLRylVdpxf4aGa9
9zZw+QZMVKL4f9B4SunyTugTaCIu8LBOQesCQp/QJaUjqMDhfEvoFQXiCn6zo3rW
EWBiKxiFBizH9jSfWimJecFhn0Vlv/Vs7pRb0X2y66VS3gTvR6/A3ooNz3tYAJPM
GoE8fAiEghYXXHjmWmgdRx9Qt9sa/ACwv7yx0Th27fw+rrsMSrUyaqRpn/fjIMTu
sQIDAQAB
-----END PUBLIC KEY-----
This same method worked with dozens of other RS256 kid's from google, but the public key does not work with this particular kid.
I am verifying the signature with:
openssl_verify($payload_to_verify, $safe_signature, $public_key, OPENSSL_ALGO_SHA256);
Which responds with '0' for failure.
Edit #2: Found google's version of the public key at:
https://www.googleapis.com/oauth2/v1/certs
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8h6tCwOYDPtzyFivNaIg
uQVc/yBO5eOA2kUu/MAN8s4VWn8tIfCbVvcAz3yNwQuGpkdNg8gTk9QmReXl4SE8
m7aCa0iRcBBWLyPUt6TM1RkYE51rOGYhjWxo9V8ogMXSBclE6x0t8qFY00l5O34g
jYzXtyvyBX7Sw5mGuNLVAzq2nsCTnIsHrIaBy70IKU3FLsJ/PRYyViXP1nfo9872
q3mtn7bJ7/hqss0vDgUiNAqPztVIsrZinFbaTgXjLhBlUjFWgJx/g4p76CJkjQ3+
puZRU5A0D04KvqQ/0AWcN1Q8pvwQ9V4uGHm6Bop9nUhIcZJYjjlTM9Pkx/JnVOfe
kwIDAQAB
-----END PUBLIC KEY-----
My generated public key is different. Why my generated public key is wrong?
I confirm that the key is not correctly converted by the RSA Crypt package.
Wrong key
Good key
I tried to convert that key with another application (web-token/jwt-app) and I got the same result as the one provided by Google.
curl -OL https://github.com/web-token/jwt-app/raw/gh-pages/jose.phar
curl -OL https://github.com/web-token/jwt-app/raw/gh-pages/jose.phar.pubkey
chmod +x jose.phar
./jose.phar key:convert:pkcs1 '{"alg": "RS256","n": "8h6tCwOYDPtzyFivNaIguQVc_yBO5eOA2kUu_MAN8s4VWn8tIfCbVvcAz3yNwQuGpkdNg8gTk9QmReXl4SE8m7aCa0iRcBBWLyPUt6TM1RkYE51rOGYhjWxo9V8ogMXSBclE6x0t8qFY00l5O34gjYzXtyvyBX7Sw5mGuNLVAzq2nsCTnIsHrIaBy70IKU3FLsJ_PRYyViXP1nfo9872q3mtn7bJ7_hqss0vDgUiNAqPztVIsrZinFbaTgXjLhBlUjFWgJx_g4p76CJkjQ3-puZRU5A0D04KvqQ_0AWcN1Q8pvwQ9V4uGHm6Bop9nUhIcZJYjjlTM9Pkx_JnVOfekw","use": "sig","kid": "b863b534069bfc0207197bcf831320d1cdc2cee2","e": "AQAB","kty": "RSA"}'
Best would be to warn phpseclib/phpseclib about that issue.
I manage to generate private / public keys using the following script :
$res = openssl_pkey_new(array('private_key_bits' => 2048,'private_key_type' => OPENSSL_KEYTYPE_RSA));
openssl_pkey_export($res, $privkey);
file_put_contents('test.private.key', $privkey);
$pubkey = openssl_pkey_get_details($res);
$pubkey = $pubkey["key"];
file_put_contents('test.public.key', $pubkey);
The generated files :
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAwQ5L0JQ2G5zGhC4uDISo6krN/mKrBuULYhrVL9Zdve+C9DuH
6uDTRCC07PvIKcHVj13vKB4YvRlwCCAxHg5p34P3W9vjmrI91rdVJ31noRvJ/i5Z
jNBfy7c8NrIOA6m4gicfPbozuQU741jLSncdQuyZRrADbFWppIz/mLm5WDZk6+NU
yAM2o0jvDsKE7i3sT+IKJpjUC8mE+RONIooNtHB3GJarsCKg5L6e0EaGXlVp9Mez
lSSn/Z5p1Wu3GJq02lNGLT5BVgCfE7ajBDZWRDG+Mbp4/YCt/zXz5XWm2/BxD78c
2wH3qMs/bIjvq5MTta4E2VQTSCxI5fMjRUf5QQIDAQABAoIBAQCvZuXLJF3kyJQ1
FCASj5VJCZ4POmZZZVDqWabIR+Pz5eD9NflPleVdSLoZdslt5wa5s4bO1El1xd7c
AyOdQ0s+IRBlDWvF6Zv1saxUrMOyxSTJJCOIpOnklR7IMw44lcNlvVXNJ5hGylKX
RN2vUnnrjDvW1aTGkS4Iq3KuuE+FrJIOm9Lb7z4Nj7BwmgwUtbB5NQKFDVohPp+w
pFGPHrN6dCy+qoSlY/IP89u6f7g9HBEM+n91uO6dQwSb/YxBROLMffXNJKA+UKex
UIIZlrPUcFN+yDVbQBmMFA3PYbBvwqZfpwzslIoUS+CGE/MorbW77/Qy2P4BC3/D
h8dmRDiBAoGBAOIDLHoMwT3FP+jlgZiAktQjShGRQJ+Li66L1nNIAJSeE8Nna5Sk
E3R1TBIZBmAGUZJ00POUWUMooAQIGF597hnFuENZIYpvulkKDCCUVx24kZDbyady
TcWdnEZfRmun5H7JfTlJl1HjqgGxKOc3ek/xDxoqiNf2WqScIom+dWndAoGBANqr
tQZyvpwv8FZVgkmteCCJb5NZzs04NzrT/i792/mL9Y45VxneLJVbXrAmQw/ClfVi
Z04NamqeOvVwUByoxWvZwLtyNt2dhpmtYlWuMRdo505BW1I75UIZYbWgZTtVq+PR
mf0SxNYXTsJQsqTTkqHQOMOHj8JyoAG1Z04J4qC1AoGAEkDpXa4cCU4d/ERU9Ckm
MqXq/II7sucFUAKRPlxJV7dwpy56HNYnkBdNHoUQ475+5hIzMgkAMJFeYxT4SuFm
0oQKfr37HIArj7dlBViVtJvMfeOSZMixiU1SasiVGmrD5I2HZJIR+5Yki+BwCkSL
x1sTuixHQxHtfi/yBifwua0CgYBPaGFRmSOc5k+5mk244bSo5B/Pe6J8pbhwtYEt
oWRbh7bBUhNOQn8gMdD92Lcrpvb76CMplfeaBiHU9VcyQRuIIcg6iaxg6A50CiGW
ia4sGR0+Lr+x6ixDx6HS6g8479B+56Oq4kD2mfow2Es3TdmGx22Fm9nZu/RdCnoc
Pby9rQKBgAak6zdKdMHzmHd+r2rbCTqT/NOIoip1zYpEGpiginkZcpy7Mz4iBL1Y
H7a2sa5k9Pykm2sQYoFPM8vn7halDcuAV7mjiV4XyiM5wRRWHTqSoUgjElexE0W5
HoQvWv10NBFqySMSfCm+YFXZGY17usxAJPSIySHzoTVRJEIjAw0G
-----END RSA PRIVATE KEY-----
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwQ5L0JQ2G5zGhC4uDISo
6krN/mKrBuULYhrVL9Zdve+C9DuH6uDTRCC07PvIKcHVj13vKB4YvRlwCCAxHg5p
34P3W9vjmrI91rdVJ31noRvJ/i5ZjNBfy7c8NrIOA6m4gicfPbozuQU741jLSncd
QuyZRrADbFWppIz/mLm5WDZk6+NUyAM2o0jvDsKE7i3sT+IKJpjUC8mE+RONIooN
tHB3GJarsCKg5L6e0EaGXlVp9MezlSSn/Z5p1Wu3GJq02lNGLT5BVgCfE7ajBDZW
RDG+Mbp4/YCt/zXz5XWm2/BxD78c2wH3qMs/bIjvq5MTta4E2VQTSCxI5fMjRUf5
QQIDAQAB
-----END PUBLIC KEY-----
Could someone tell me how to retrieve my keys, in order to encrypt / decrypt files. I'm trying the following :
$privkey = openssl_pkey_get_private('file://test.private.key')
$pubkey = openssl_pkey_get_public('file://test.public.key')
But these functions return false...
Thanks
Ok sorry forget about this post, I just tried to make it hard where it's very simple : A file_get_contents('test.public.key') is enough to retrieve the keys ;)
Private key:
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,A3CEE9AD263E2C7F
td8ySvosoIOBjoZMxA5rnr//1YoZsyReia9P9xJVXf1D+ime68AFTEf0A+is9whB
9dthPGhJ3SiOBrFZICNuFZrPmXtrw0T5VoJHs3I71yHIclgKA6AMKYVwUBfzdwLL
1RKwkGeZI7nkXTCmG1ZF0pa0v6CmWinZCv6capTF8WVEwTxggvOyxbCqltkVsDyV
cO5j2zZhhqIP+/peMxzTs7lqsWIhHgohsCPAVsBp8fFyuu1I6RUSgVANzjkN4K+k
sQ1+l7oJKJh4FnzWNaj0VMwNPGXastA97TSTmqciSUohb6yUOArFZUxIQ9o9mH8c
P4ajkmLrYOUcwA1+e9QPTTeQko2wF3Lla1a57Wq8zLIjexsF2E5klkBUCopyeBOL
p8MgmB18k9/43W45v4fQZjojRyn07Q+Wu25tTdqC00GFDCzH2CR7p9O+Uc67SjcB
4FqKjLez9QwJbPoZvdAhjbiarV251eoXwq2RtHv7teH8S629x/9vGryUNnNHw5mJ
2XPiIWWW/y/lIw3e1GIRsNm8cW2KSkB9pYHGbVEwEjCp1ozFsTLockjpMpqVvHET
l4XVYhQx6RXQQx8NkofwYBSlqI7KvbCSPDxPhLDe6vY0aPITFmmevEL5SY7qb6QU
5Yj2blmA9UxDMqsAfWQZrTonwa1NiYzh0FAc+kPb0cUOWkP3EMfmVvY8fLtJ7Y+w
C5cWO24j8k1E5KNr8kYuT2tKfMNB3V5hL35Dq1XZNYvXbT167+wDWjiaSwZuQQKi
eFJoqj0nHLkGzdgrPifxNyoP4IqZ28sdOcYHfN/EQZFNEKy0DlujOg==
-----END RSA PRIVATE KEY-----
And string:
eyJhZ2VudCI6InBsYWFheS10ZXN0IiwidGltZXNhbHQiOjEzMjY4MTUxMDgsImFjdGlvbiI6InRlc3QiLCJ2ZXJzaW9uIjoiMS4wLjEiLCJpZCI6MX0=
I need generate signature to that string.
Code:
$xpacket = eyJhZ2VudCI6InBsYWFheS10ZXN0IiwidGltZXNhbHQiOjEzMjY4MTUxMDgsImFjdGlvbiI6InRlc3QiLCJ2ZXJzaW9uIjoiMS4wLjEiLCJpZCI6MX0=;
include('Crypt/RSA.php');
$rsa = new Crypt_RSA();
$rsa->loadKey(file_get_contents('private_rsa'), CRYPT_RSA_PUBLIC_FORMAT_PKCS1); //tryied any format there
$rsa->setSignatureMode(CRYPT_DES_MODE_3CBC);
$rsa->setPassword('my_password');
$signature = $rsa->sign($xpacket); //
echo $signature;
First i'd recieve this error:
Warning: mcrypt_generic_init() [function.mcrypt-generic-init]: Key size too large; supplied length: 26, max: 24 in /var/www/u2113183/data/www/plaaay.ru/api/Crypt/TripleDES.php on line 708
Than i tried to change in TripleDES.php line 255 from
define('CRYPT_DES_MODE', CRYPT_DES_MODE_MCRYPT);
to
define('CRYPT_DES_MODE', CRYPT_DES_MODE_INTERNAL);
To force internal mode. But in internal mode i recieve that error:
Warning: unpack() [function.unpack]: Type N: not enough input, need 4, have 2 in /var/www/u2113183/data/www/plaaay.ru/api/Crypt/DES.php on line 1047
Tell me please what is wrong?
Thank you.
$rsa->setPassword() should be called before $rsa->loadKey().
Also, CRYPT_DES_MODE_3CBC isn't a valid signature mode. The fact that the private key is encrypted key will be auto-detected by phpseclib because of the DEK-Info: DES-EDE3-CBC,A3CEE9AD263E2C7F line in the private key. The valid parameters for $rsa->setSignatureMode() are CRYPT_RSA_SIGNATURE_PSS and CRYPT_RSA_SIGNATURE_PKCS1.