I'm trying do decrypt the banks response of a HBP-Request but until now without success.
According the specification it exists a transaction key, which is asymmetric encrypted.
Further the OrderData, which is compressed, encrypted and base64-coded.
I could decrypt the orderdate with the following code, but afterwards i get an error during compressing.
openssl_open(base64_decode($orderdata), $open, base64_decode($trxkey), $pkeyid) or die(openssl_error_string());
Does anyone could give me a hint?
Thanks
Related
I´m having a hard time understanding what is my problem here, so i was hopping someone could help me. So, i have a xml file which was build respecting W3C recomendationsand because of this, there are specific tags which were encrypted with my public key, and now i need to decrypt them using my private key, so for example this chunck of code:
<AuthenticatedPrivate Id="ID_AuthenticatedPrivate">
<enc:EncryptedKey xmlns:enc="http://www.w3.org/2001/04/xmlenc#">
<enc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" />
<enc:CipherData>
<enc:CipherValue>lwYdkG5Q5wfW/S7UzZDtnJMcAng3w3ketzkh68y1BeX+okNEj48b5rSWUC/4mNhT
N2QsHxOCkvKDavIGGSAP23tdp0VtdeHTNAszcgK4Xzc8VHGUEiswONCOxTzNWuwj
....
zfHceeHN50b8vzM/Rt/jTUq54eC3nE+lP3eTXbLj/YvpPo8H45Sti9YP9WZixGHz
Uvf6Go31+3JwsXXIUl3O+w==</enc:CipherValue>
</enc:CipherData>
</enc:EncryptedKey>
<enc:EncryptedKey xmlns:enc="http://www.w3.org/2001/04/xmlenc#">
<enc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" />
<enc:CipherData>
<enc:CipherValue>TvC1LCspgTsXqM1b8ClPCtAkAdXXzxe+Av7LMxYtUaqUbd8HeBuaS1cx3WwoVRDr
TWcrBEnv24GbIB5ygcMFW3DlGsXfmWJGnRNx/6xT/U15RQPgoD9AP4WFEHxthzP0
....
1ajG5lDjEu4TqjdL7DPGNu9HfI9boerJ5FUFQ/fMdD4xbDHdc4DgIQdTUgLFGHJz
RwOyfOAcSNoO/fpAkMXoEw==</enc:CipherValue>
</enc:CipherData>
</enc:EncryptedKey>
</AuthenticatedPrivate>
I need to decrypt that, so what i have done was:
Parsed the xml, and got the tag i need (CipherValue).And actually putted that inside a file, cypher.xml
cat cypher.xml| base64 -D > rawFile
openssl rsautl -decrypt -in rawFile -out plaintext -inkey private.pem
and the result was:
4476804716:error:0407109F:rsa routines:RSA_padding_check_PKCS1_type_2:pkcs decoding error:rsa_pk1.c:273:
4476804716:error:04065072:rsa routines:RSA_EAY_PRIVATE_DECRYPT:padding check failed:rsa_eay.c:602:
What am i missing here? i´m losing too much time on this, i saw something about using the padding, but i did that directly on my php app using:
openssl_private_decrypt($tag, $decrypted, $privkey, OPENSSL_PKCS1_PADDING);
but with NO! luck at all.
Thanks for your time, regards
EDIT
The code sequence i´m using is this:
$xmlFile = file_get_contents(path_to_my_xml_file);
$privkey = openssl_pkey_get_private(path_to_my_private_key);
$arrCplContent = XmlToArray::convert($xmlFile);
$tag = $arrCplContent['AuthenticatedPrivate']['enc:EncryptedKey'][0]['enc:CipherData']['enc:CipherValue'];
$b64Dec = base64_decode($tag);
$result = openssl_private_decrypt($b64Dec, $decrypted, $privkey, OPENSSL_PKCS1_OAEP_PADDING);
when i log this, the result is:
error:04099079:rsa routines:RSA_padding_check_PKCS1_OAEP_mgf1:oaep decoding error
Is this the proper way of doing things, considering this ?.
First of all, it seems you are using PKCS#1 v1.5 padding instead of OAEP padding when performing the decryption. You can see OPENSSL_PKCS1_OAEP_PADDING listed for openssl_private_decrypt.
Note the line in the XML document containing the OAEP padding indication:
<enc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" />
There are two CipherValue elements in there. Usually that means that the ciphertext was created using two different key pairs and thus two separate private keys. You may just need to decrypt the other EncryptedKey.
To solve this in general: XML encryption or XML enc is a full standard, and you need to either implement the standard or - what's commonly recommended - use a library to decrypt it.
Disclaimer: I'm not affiliated with the shown library, and I don't have any opinion on it's security.
I have an ESP8266 with Nodemcu and an AM2320 sensor.
I am sending temperature and humidity in JSON format in plain text to my HTTP server for collecting datas with PHP and SQLITE3.
That's working right.
But I wish to encrypt my datas with AES-CBC
I encrypt measures on the ESP8266 with crypto.encrypt() function and 'AES-CBC' method like this example:
https://nodemcu-firmware.readthedocs.io/en/latest/en/modules/crypto/#cryptoencrypt
I do the same encryption on my PC with Python 3 .
The resulting string matches with the result on the ESP8266 and LUA 5.1
Next I do the same encryption on my PC but with PHP 7.1
Alas, the resulting string don't match with the previous results.
I am using the 'AES-128-CBC' method on openssl_encrypt() function.
I put the script in the three languages in a gist on Github.com :
https://gist.github.com/bazooka07/bed368d313e218fcba332cb2127c70b1
That's wrong in PHP ?
Can You help me ?
I've tried your code with aes-256-cbc instead of aes-128-cbc in PHP, and it gives the same output. Changing the PHP encrypt method to aes-256-cbc should fix the problem..
I add some fix to my gist for working when the length of the message to encrypt don't mach with a multiple of 16 chars.
I try to send EBICS HPB request, but get always the same error:
EBICS_AUTHENTICATION_FAILED
I think the problem is on my code, below is what the code is doing to get the signature value :
Get signature Certificate from pem file
Remove CR, LF and Ctrl-Z
Convert PEM to DER.
Apply ISO10126
hash sha256
Encryption rsa PKCS #1 v1.5: rsa_encrypt($SignatureValue, $public_key)
Then I put the result as signature value, but I'm not sure to do the right procedure before sending my request.
In one of our web application ( in PHP, MySQL ) we are saving user's mobile number as encrypted value and decrypt it when we send SMS to them. The application was pretty working well. But
now GoDaddy removed the option base64_encode and decode. So that we cant send SMS to users. So we revert back the mobile numbers to its normal state running it locally.
My question is which is the easiest and safe way to encrypt and decrypt a string using a key.
Something like
Normal string : 9876543210 -> After encrypt with a key -> AASASOOPFPOEROP45664654456
Encrypted string : AASASOOPFPOEROP45664654456 -> on decrypt -> 9876543210
My current code
function encodeString($str){
for($i=0; $i<5;$i++)
{
$str=strrev(base64_encode($str)); //apply base64 first and then reverse the string
}
return $str;
}
function decodeString($str){
for($i=0; $i<5;$i++)
{
$str=base64_decode(strrev($str)); //apply base64 first and then reverse the string}
}
return $str;
}
Please help me . Thanks in advance
Well if you were using base64 encode/decode you weren't encrypting the data, just obfuscating.
I don't know what php extensions godaddy has enabled, so I would suggest going with something like phpSecLib
http://phpseclib.sourceforge.net/
It is a standalone implementation you can include into your scripts, and will provide actual encryption of your data. AES or Rijndael should work find for your application
Basically it will encrypt the string with a key, even if your database is compromised, the data can't be decrypted without the key it was encrypted with (which you would hard coded into your script). This is unlike simply encoding it, in which case if someone got ahold of the database, they could decode it by running the first string through a variety of different encoding methods until they find one that works. And then run the rest through the same decoding method
here i am giving you one simple example with our own secret key you can use as below
// Secret key to encrypt/decrypt with
$key='mysecretkey'; // 8-32 characters without spaces
// String to encrypt
$string1='your sample key, that is the question';
// EnCrypt string
$string2=convert($string1,$key);
// DeCrypt back
$string3=convert($string2,$key);
// Test output
echo '<span style="font-family:Courier">';
echo 'Key: '.$key.'<br>'."\n";
echo $string1.'<br>'."\n";
echo $string2.'<br>'."\n";
echo $string3.'<br>'."\n";
echo '</span>'."\n";
OUTPUT
Key: mysecretkey
your sample key, that is the question
tvfw#ady{i|-rv|/2q|jq9dj3qkw%e~`jyp|k
your sample key, that is the question
Let me know i can help you more.
I have following steps to perform for decryption
base64 decode the response
Decrypt the first 128 bytes with the RSA1024 public key. Key is in base64 encoded X509 format with PKCS1 padding.
My code looks like this:
$decodedString = $this->base64UrlDecode($string); //does proper url decoding
$publicKey = file_get_contents("public.key",true);
$pub_key = openssl_get_publickey($publicKey);
openssl_public_decrypt($decodedString,$decrypted,$pub_key,OPENSSL_PKCS1_PADDING);
var_dump($decrypted);
I am not able to get anything in $decrypted variable. If I try to base64 decode public key before using it, I am getting error of not a valid public key. What I am missing or doing wrong to achieve mentioned 2 steps?
See this comment for openssl_pkey_get_public:
http://www.php.net/manual/en/function.openssl-pkey-get-public.php#101513
PKCS1 padding poses a problem to that function, it seems.
It was actually a problem with how I was getting response. By doing urldecode before base64 decoding I am able to get proper results.
$decodedString = $this->base64UrlDecode(urldecode($string));