I try to decrypt my enrypted file(zip archive which contains multiple files) with Gnupg in php, but it constantly returns false. no exception or error message.
here's encryption:
$gpg = gnupg_init();
gnupg_seterrormode($gpg, GNUPG_ERROR_EXCEPTION);
// public key
$publicKey = file_get_contents('pubkey.pub');
$key = gnupg_import($gpg, $publicKey);
gnupg_addencryptkey($gpg, $key['fingerprint']);
// zip file
$zip = file_get_contents('myzip.zip');
$encryptedFile = gnupg_encrypt($gpg, $zip);
//save encrypted file
file_put_contents('myzip.zip.gpg', $encryptedFile);
here's decryption:
$gpg = gnupg_init();
$privateKey = file_get_contents('private.asc');
$key = gnupg_import($gpg, $privateKey);
gnupg_adddecryptkey($gpg, $key['fingerprint'], '12345');
$file = file_get_contents('myzip.zip.gpg');
$content = gnupg_decrypt($gpg, $file); // <- always returns false
I tried to decrypt the file with online tool. at first I tried to decrypt only 1 text file and it worked(it displayed the content of file). I tried to decrypt the zip archive as well
but everytime I try to decrypt it with gnupg_decrypt in php it return false. what am I doing wrong?
The problem was in gnupg version. I instilled gpg2 and it worked.
Related
I'm trying to encrypt a message using phpseclib. Below is the method that encrypts it:
function RSAEncrypt($data, $publicKey)
{
$rsa = new \Crypt_RSA();
$rsa->loadKey($publicKey);
$rsa->setEncryptionMode(CRYPT_RSA_ENCRYPTION_PKCS1);
$encryptedData = $rsa->encrypt($data);
$encodedData = base64_encode($encryptedData);
return $encodedData;
}
the code that encrypt message
$client_key = 123456789;
$random_str = rand();
$aes_password = $client_key.'-'.$random_str;
$public_key = file_get_contents('keys/public.xml');
$ecrypted_password = RSAEncrypt($aes_password, $public_key);
but no matter the message the $aes_password that i passed , the $ecrypted_password output is always
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAE= ◀"
I tried to decrypt it using the private key to see if its valid anyways but i always gets Decryption Error so i figured maybe the error is with the encryption
How can I convert .pfx (PKCS12 or .p12) certificate to .crt and .pem using PHP OpenSSL functions, so I avoid commandline tools, which are not allowed on my public server.
<?php
$res = [];
$openSSL = openssl_pkcs12_read($pkcs12, $res, $cert_password);
if(!$openSSL) {
throw new ClientException("Error: ".openssl_error_string());
}
// this is the CER FILE
file_put_contents('CERT.cer', $res['pkey'].$res['cert'].implode('', $res['extracerts']));
// this is the PEM FILE
$cert = $res['cert'].implode('', $res['extracerts']);
file_put_contents('KEY.pem', $cert);
I'm trying to encrypt and decrypt files with php. The files should be asynchronously decrypted with pgp.
When I used the default gnupg-php-functions the encryption works well. I can decipher it on console. If I try to decipher it with php I always get an unspecific Exception: "decryption failed"
I've tried it also with different Keys. I also used an other library "singpolyma/openpgp-php".
Where could be the problem?
$sMessage = 'Huhu';
$recipient = 'test#email.com';
$sPassword = '1234';
// initialize PGP
putenv("GNUPGHOME=".__DIR__."/.pgp/");
$oPgp = new gnupg();
$oPgp->import($sPublicKey);
$oPgp->seterrormode(GNUPG_ERROR_EXCEPTION);
$oPgp->import($sPublicKey);
$oPgp->addencryptkey($recipient);
$ciphertext = $oPgp->encrypt($sMessage);
echo '<pre>'.$ciphertext.'</pre>';
file_put_contents('/tmp/ciphertext.gpg', $ciphertext);
// create new GnuPG object
$gpg = new gnupg();
$gpg->import($sPrivateKey);
// throw exception if error occurs
$gpg->seterrormode(gnupg::ERROR_EXCEPTION);
// ciphertext message
$gpg->adddecryptkey($recipient, $sPassword);
$plaintext = $gpg->decrypt($ciphertext);
echo '<pre>' . $plaintext . '</pre>';
I solved my Problem. It is caused by the changes in gnupg v2. Problem was the use of a key-password. It could be solved by configuring pgp for unattended password use. Have a look at "yougot#haxed.com"'s comment at phpt.net.
I have a problem, I want to encrypt word docs(which have only 10 Kb) using public key, and it must decrypt with private key.
I already created key pair using phpseclib library.
http://phpseclib.sourceforge.net/crypt/examples.html
and I can encrypt and decrypt string using that library. but I don't know how to encrypt file using key pair.
is there any method for this.(or using file_get_contents)
thanks for all
<?php
//create word docx using phpdocx
require("phpDocx.php");
$phpdocx = new phpdocx("word_temp\loan_app_temp.docx");
//assign
$upfno='999';
$loanid_db='1234';
$phpdocx->assign("#upfno#","$upfno");
$phpdocx->assign("#loanid#","$loanid_db");
$phpdocx->assign("#fullname#","$name");
$phpdocx->assign("#initials#","$initials");
$phpdocx->save("word_gen\loan_docs\la_".$upfno."_".$loanid_db.".docx"); // sucessfully created.
// create key pair using phpseclib
set_include_path(get_include_path() . PATH_SEPARATOR . 'phpseclib');
include('phpseclib/Crypt/RSA.php');
$rsa = new Crypt_RSA();
//$rsa->setPassword('layanthi#123');
extract($rsa->createKey());
//echo "$privatekey<br />$publickey";
echo $privatekeydata=$privatekey;
echo '<br />';
echo $pubkey=$publickey; //key pair genarated - ok
//encryption using pubkey - commented snippet from phpseclib
$file="word_gen\loan_docs\la_".$upfno."_".$loanid_db.".docx";
$message=file_get_contents($file);
function rsa_encrypt($key, $message) {
$rsa = new Crypt_RSA();
$rsa->loadKey($key);
$encrypted = base64_encode($rsa->encrypt($message));
return $encrypted;
}
echo $encrypt_file=rsa_encrypt($pubkey, $message);
//from here i want to save encryptted file to encrypt folder like
//$savepath="encrypt\la_".$upfno."_".$loanid_db.".docx"; but i dont know how to do that
//Deryption using phpseclib function is here - but how to use it for above encryption
function rsa_decrypt($key, $package) {
$rsa = new Crypt_RSA();
$rsa->loadKey($key);
$decrypted = $rsa->decrypt(base64_decode($package));
return $decrypted;
}
echo $encrypt_file=rsa_encrypt($pubkey, $message);
$savepath="word_gen\encrypt\la_".$upfno."_".$loanid_db.".docx";
file_put_contents($savepath, $encrypt_file);
//Deryption using phpseclib function is here - but how to use it for above encryption
function rsa_decrypt($key, $package) {
$rsa = new Crypt_RSA();
$rsa->loadKey($key);
$decrypted = $rsa->decrypt(base64_decode($package));
return $decrypted;
}
//get encrypt file
$encfile="word_gen\encrypt\la_".$upfno."_".$loanid_db.".docx";
$epackage=file_get_contents($encfile);
echo $decryptfile= rsa_decrypt($privatekeydata, $epackage);
$savepath_de="word_gen\decrypt\la_".$upfno."_".$loanid_db.".docx";
file_put_contents($savepath_de, $encrypt_file);
?>
Im trying to load a private key generated by the openssl cli tool with PHP.
I used the following command and PHP code:
openssl genrsa -des3 4096 -out private.key
if (!($key = openssl_pkey_get_private("file://private.key", "password")));
{
return false;
}
I'm sure the password is correct and the file is also PEM formatted, but it keeps returning false. What am I doing wrong?
Thanks in advance,
Jori.
Please note that file://path/to/file.pem in documentation means file protocol + file path. In UNIX like OS, that is something like file:///rsa_private_key.pem. There is THREE slashes in the path string, not TWO. And file:// cannot be omitted.
It is a lot easier to just put the key in a var:
$public = "-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDfmlc2EgrdhvakQApmLCDOgP0n
NERInBheMh7J/r5aU8PUAIpGXET/8+kOGI1dSYjoux80AuHvkWp1EeHfMwC/SZ9t
6rF4sYqV5Lj9t32ELbh2VNbE/7QEVZnXRi5GdhozBZtS1gJHM2/Q+iToyh5dfTaA
U8bTnLEPMNC1h3qcUQIDAQAB
-----END PUBLIC KEY-----";
$private = "-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQDfmlc2EgrdhvakQApmLCDOgP0nNERInBheMh7J/r5aU8PUAIpG
XET/8+kOGI1dSYjoux80AuHvkWp1EeHfMwC/SZ9t6rF4sYqV5Lj9t32ELbh2VNbE
/7QEVZnXRi5GdhozBZtS1gJHM2/Q+iToyh5dfTaAU8bTnLEPMNC1h3qcUQIDAQAB
AoGAcbh6UFqewgnpGKIlZ89bpAsANVckv1T8I7QT6qGvyBrABut7Z8t3oEE5r1yX
UPGcOtkoRniM1h276ex9VtoGr09sUn7duoLiEsp8aip7p7SB3X6XXWJ9K733co6C
dpXotfO0zMnv8l3O9h4pHrrBkmWDBEKbUeuE9Zz7uy6mFAECQQDygylLjzX+2rvm
FYd5ejSaLEeK17AiuT29LNPRHWLu6a0zl923299FCyHLasFgbeuLRCW0LMCs2SKE
Y+cIWMSRAkEA7AnzWjby8j8efjvUwIWh/L5YJyWlSgYKlR0zdgKxxUy9+i1MGRkn
m81NLYza4JLvb8/qjUtvw92Zcppxb7E7wQJAIuQWC+X12c30nLzaOfMIIGpgfKxd
jhFivZX2f66frkn2fmbKIorCy7c3TIH2gn4uFmJenlaV/ghbe/q3oa7L0QJAFP19
ipRAXpKGX6tqbAR2N0emBzUt0btfzYrfPKtYq7b7XfgRQFogT5aeOmLARCBM8qCG
tzHyKnTWZH6ff9M/AQJBAIToUPachXPhDyOpDBcBliRNsowZcw4Yln8CnLqgS9H5
Ya8iBJilFm2UlcXfpUOk9bhBTbgFp+Bv6BZ2Alag7pY=
-----END RSA PRIVATE KEY-----";
if (!$privateKey = openssl_pkey_get_private($private)) die('Loading Private Key failed');
if (!$publicKey = openssl_pkey_get_public($public)) die('Loading Public Key failed');
I'll also include a small encode / decode example:
$encrypted = '';
$decrypted = '';
$plaintext = 'This is just some text to encrypt';
echo '<p>$plaintext = ' . $plaintext . '<p>';
if (!openssl_public_encrypt($plaintext, $encrypted, $publicKey)) die('Failed to encrypt data');
echo '<p>$encrypted = ' . $encrypted . '<p>';
if (!openssl_private_decrypt($encrypted, $decrypted, $privateKey)) die('Failed to decrypt data');
echo '<p>$decrypted = ' . $decrypted . '<p>';
Or just in case you could generate a key with php:
$NEW_KEY = openssl_pkey_new(array(
'private_key_bits' => 1024,
'private_key_type' => OPENSSL_KEYTYPE_RSA,
));
openssl_pkey_export_to_file($NEW_KEY, 'private.key');
$NEW_KEY_DETAILS = openssl_pkey_get_details($NEW_KEY);
file_put_contents('public.key', $NEW_KEY_DETAILS['key']);
openssl_free_key($NEW_KEY);
Please refer to next URL.
https://www.php.net/manual/en/function.openssl-pkey-get-private.php
To narrow down your issue, please use same directory for your php file and key file and try this working code.
Working code
$keyfile="file://".__DIR__.DIRECTORY_SEPARATOR."key.pem"; //absolute path
$key = openssl_pkey_get_private($keyfile);
if ($key === false) {
var_dump(openssl_error_string());
}else{
var_dump($key);
}
The following might be an issue.
Path
Following path styles should work.
$keyfile="file:///home/john/php/key.pem"; // unix absoulute path
$keyfile="file://C:\\users\\john\\php\\key.pem"; // windows absoulute path
$keyfile="file://".__DIR__.DIRECTORY_SEPARATOR."key.pem"; //absoulute path for unix, windows
$keyfile="file://key.pem"; // relative path, unix, windows, (php,key files in same directory)
$key = openssl_pkey_get_private($keyfile);
If path does not exist, error will be like
"error:02001002:system library:fopen:No such file or directory"
Web environment
Check your web root and web user access permission to the folder and key file.
To reduce issues, test it on php build-in web server env rather than WAMP env.
>php -S localhost:80
Corrupted key file
saved as certain type which include whitespaces.
This can occur error like next.
"error:0906D06C:PEM routines:PEM_read_bio:no start line"
in my case, key file was saved as UTF-8 with BOM(whitespaces)
DEBUG key file 1 - READ FROM VARIABLE
This code should work. I got key file from
http://micmap.org/php-by-example/en/function/openssl_pkey_get_private
Please replace $str to yours.
$str = <<<EOF
-----BEGIN RSA PRIVATE KEY-----
MIIEogIBAAKCAQEA0llCeBjy18RylTdBih9GMUSZIC3GzeN0vQ9W8E3nwy2jdeUn
H3GBXWpMo3F43V68zM2Qz5epRNmlLSkY/PJUfJIC8Yc1VEokT52q87hH/XJ5eS8h
eZnjuSlPAGi8oZ3ImVbruzV7XmlD+QsCSxJW7tBv0dqJ71e1gAAisCXK2m7iyf/u
l6rT0Zz0ptYH4IZfwc/hQ9JcMg69uM+3bb4oBFsixMmEQwxKZsXk3YmO/YRjRbay
+6+79bSV/frW+lWhknyGSIJp2CJArYcOdbK1bXx1dRWpbNSExo7dWwuPC0Y7a5AE
eoZofieQPPBhXlp1hPgLYGat71pDqBjKLvF5GwIDAQABAoIBACPItYsSy3UzYT7L
OKYTrfBBuD8GKpTqBfkHvAWDa1MD15P92Mr7l0NaCxGfAy29qSa6LdFy/oPM9tGY
9TxKyV6rxD5sfwEI3+Z/bw6pIe4W5F1eTDaQnHHqehsatkRUQET9yXp+na8w/zRF
0C0PQKS95tfvcpm59RGCdGQ8+aZw+cIy/xez75W8IS/hagMxe7xYPjpkOkSCCEJU
zmbVq6AyWodASV0p4H9p8I+c0vO2hJ/ELJ167w6T+2/GlZg979rlyHoTW8jK2BbG
IRGaPo+c2GANXa686tdpbkPd6oJliXwBSNolxmXShvlveBbPFAJJACzCmbXNj9kH
6/K+SWkCgYEA7FNudcTkRPV8TzKhJ1AzDjw3VcnraYhY8IlNxbk7RVHLdkoUtwk/
mImeBlEfCoz9V+S/gRgeQ+1Vb/BCbS24+bN/+IGoNRFMRcOieFt6lQUpj7a9NeSo
IEclGgUiU7QR3xH73SB4GC3rgSPeHJhJZC5EJq5TzYjXTPGPpBD3zicCgYEA49wz
zfMDYIH8h4L65r/eJYIbLwpvgktgaYvhijO3qfZSWW+Y19jCBn55f65YOhPGQBHA
my0f+tVxFNZ/OupbrAIIzogxlCIYHNBawDhoHN/sB3/lSBAjifySNLyRlA62oA0w
wXvXVLVWMa3aXim3c9AlnLF1fHwcvwpOKSfdye0CgYBb1mBKq+T5V1yjek1d9bCh
i40FbZ5qOG43q2Ppvn3mBk9G/KroJlPsdy5NziB9/SRGj8JL7I92Xjihc4Cc5PPJ
NZQ5gklXtg0p30i39PTCDGuGScFlvCIJyRwF7JDWblezlE2INSH2Y4HtgX7DJfr/
T2t0jLJMYS0p3YWwgFeMaQKBgHUIe/8y6zAdc5QynSX5tGL1gXrW1FFK39k2RICU
cag1YTSYkhuDNJzbRxJifORPlcsAkzngooVWLb+zMCQVjUI6xUU3RKe+Hz5lccc6
8ZarGHL9qMkrqOVNudamZ+tw5zIrtDgcoIvcm8nmbrtgl94/MaJar2ph4O3qoByZ
Ylw9AoGAIdS79s0VKkj4VVXqK47ZcI7jGL4V4C8ujU8YcMNV88xwCoDg9ZIFprWA
P5p/cnvj6aHnqL58XiH0+bE0Lt3J+U6N6JelQQevgBHooMFh4FpDXcVda7xB3rK3
woqbi8fNhr827H2maxIZPtVG95/mvR4k5z1Jrdnr34ZUmtC6U5Q=
-----END RSA PRIVATE KEY-----
EOF;
$key = openssl_pkey_get_private($str);
if ($key === false) {
var_dump(openssl_error_string());
}else{
var_dump($key);
}
OUTPUT
resource(4) of type (OpenSSL key)
DEBUG key file 2 - READ FROM FILE
copy your key strings($str) to key file like "key.pem".
$str = <<<EOF
-----BEGIN RSA PRIVATE KEY-----
...YOUR KEY STINGS HERE...
-----END RSA PRIVATE KEY-----
EOF;
$str2 = file_get_contents("key.pem");
$len1 = strlen ($str);
$len2 = strlen ($str2);
if($len1 !== $len2) echo "File has been corrupted.";
$key = openssl_pkey_get_private($str2);
if ($key === false) {
var_dump(openssl_error_string());
}else{
var_dump($key);
}