I created a Self-Signed cert by following this article I set the private key as exportable but there isn't an export link within the salesforce app (that I can see) so I'm guessing you have to export from the certificate itself. I'm using the PHP openssl x509 functions but i can't get it to work. I keep getting openssl_sign(): supplied key param cannot be coerced into a private key... when I run this code:
...
$private_key = openssl_get_privatekey(file_get_contents(env('SALESFORCE_CERT_FILE')));
$s = "";
openssl_sign($header . '.' . $payload, $s, $private_key, "SHA256");
...
I figured it out. In salesforce they do have an "export" button that says "Export to Keystore". I was unfamiliar with this so I didn't think to use it. I was looking for export private key or something like that. Turns out you can just following the answer to this stack exchange question to get your private key.
I'm trying to build a blockchain and for that, I need to generate a public and a private key and use the sign function and the verify function, from research I found that those functions were in the OpenSSL function, but I can't figure how this one works , I got the following code that I copied from the PHP doc :
// Create the keypair
$res=openssl_pkey_new();
// Get private key
openssl_pkey_export($res, $privkey);
// Get public key
$pubkey=openssl_pkey_get_details($res);
$pubkey=$pubkey["key"];
$data = 'plaintext data goes here';
openssl_sign("hello",$signature,$privKey);
$test=openssl_verify("hello",$signature,$pubKey,"sha256");
echo $test;
and this gives me: openssl_pkey_export(): cannot get key from parameter 1.
ps: i'm on windows
I have a client which talks to a server and communication is encrypted using RSA and AES combination. The RSA key pair which I had generated was without passphrase. So, to make it secure I recently added the passphrase. Every thing works fine server side, but the Private key generated by PHP doesn't contain encryption info, due to which I can't load it client side. Following is the php code:
$passphrase = 'Hello World';
$config = array ("digest_alg" => "sha256","private_key_bits" => 2048,"private_key_type" => OPENSSL_KEYTYPE_RSA );
// Create the private and public key
$res = openssl_pkey_new ( $config );
/* Extract the private key from $res to $privKey */
openssl_pkey_export ( $res, $priv_key, $passphrase );
/* Extract the public key from $res to $pubKey */
$pub_key = openssl_pkey_get_details ( $res );
$pub_key = $pub_key["key"];
$pkey_pair = array ('priv_key' => $priv_key,'pub_key' => $pub_key );
var_dump($pkey_pair);
You can try it on http://phpfiddle.org/ there is no enryption info, as if it is assuming that, since it works server side!
My client side code works only when no passphrase is used in RSA key generation.
try
{
Botan::AutoSeeded_RNG rng;
Botan::DataSource_Memory privKeyMem(privKey);
Botan::RSA_PrivateKey *rsaKey = dynamic_cast <Botan::RSA_PrivateKey*>
(Botan::PKCS8::load_key(privKeyMem, rng, passphrase.c_str()));
if(!rsaKey)
{
std::cout << "The loaded key is not a RSA key!\n";
return false;
}
....
.....
}
catch(...)
{
cout<<"Exception: could not load private key";
return false;
}
Exporting an RSA key with a passphrase does not cause the generated key pair to be any different; it just encrypts the private key using that passphrase. If your client-side code cannot decrypt an encrypted key, don't use a passphrase.
Additionally, the client code you're currently using appears to be trying to load a PKCS8 format private key. This is incorrect here; openssl_pkey_export() generates the public and private key in PEM format.
Private keys should not be exported except possibly for backup/replication purposes for the same service. You should only export public keys of both client and server. Those keys need to be trusted somehow though. You could do this by embedding them in a certificate signed by a (self signed) CA that is trusted by both client and server.
Note that for transport protocols AES CBC encryption is not enough. You will need to add integrity and authenticity protection. This is usually done by adding a (H)MAC.
It seems you are trying to perform symmetric encryption using a single RSA key pair.
Thank you for looking in. I have recently been updating an old symmetric-based encryption system I had set up on a server into an asymmetric-based RSA system for better security. I would consider myself a moderately proficient PHP programmer. With that being said I am completely stumped on this problem using phpseclib.
It seems I am unable to create two instances of the class anywhere in my script. See my code below:
<?php include_once('Crypt/RSA.php');
function signRSA($string_to_sign){
$rsa = new Crypt_RSA();
$rsa->loadKey(file_get_contents('pvk.txt')); // private key
$rsa->setSignatureMode(CRYPT_RSA_SIGNATURE_PKCS1);
$signature = $rsa->sign($string_to_sign);
return base64_encode($signature);
}
function decryptRSA($string_to_decrypt){
$rsa = new Crypt_RSA();
$rsa->loadKey(file_get_contents('pvk.txt')); // private key
return $rsa->decrypt(base64_decode($string_to_decrypt));
}
//Which ever function is on top is the only one that appears to work. The first line below will work, however the second will fail returning me a null value.
$sig = signRSA($_POST['data']);
$plain = decryptRSA($_POST['otherdata']);
?>
I have also tried creating an individual 'global' variable. The same thing happened..
I look forward to getting this issue resolved.
UPDATE:
I was able to successfully combat my issue albeit having nothing to do with what I thought it was. It seems my client app (C#) and the PHP end as seen above were using two different padding algorithms. This was causing the client app to consider the data corrupt. In the PHP script's logic, this was causing only one of the functions above to work.
It works fine for me:
include_once('Crypt/RSA.php');
function signRSA($string_to_sign){
$rsa = new Crypt_RSA();
$rsa->loadKey('-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQCqGKukO1De7zhZj6+H0qtjTkVxwTCpvKe4eCZ0FPqri0cb2JZfXJ/DgYSF6vUp
wmJG8wVQZKjeGcjDOL5UlsuusFncCzWBQ7RKNUSesmQRMSGkVb1/3j+skZ6UtW+5u09lHNsj6tQ5
1s1SPrCBkedbNf0Tp0GbMJDyR4e9T04ZZwIDAQABAoGAFijko56+qGyN8M0RVyaRAXz++xTqHBLh
3tx4VgMtrQ+WEgCjhoTwo23KMBAuJGSYnRmoBZM3lMfTKevIkAidPExvYCdm5dYq3XToLkkLv5L2
pIIVOFMDG+KESnAFV7l2c+cnzRMW0+b6f8mR1CJzZuxVLL6Q02fvLi55/mbSYxECQQDeAw6fiIQX
GukBI4eMZZt4nscy2o12KyYner3VpoeE+Np2q+Z3pvAMd/aNzQ/W9WaI+NRfcxUJrmfPwIGm63il
AkEAxCL5HQb2bQr4ByorcMWm/hEP2MZzROV73yF41hPsRC9m66KrheO9HPTJuo3/9s5p+sqGxOlF
L0NDt4SkosjgGwJAFklyR1uZ/wPJjj611cdBcztlPdqoxssQGnh85BzCj/u3WqBpE2vjvyyvyI5k
X6zk7S0ljKtt2jny2+00VsBerQJBAJGC1Mg5Oydo5NwD6BiROrPxGo2bpTbu/fhrT8ebHkTz2epl
U9VQQSQzY1oZMVX8i1m5WUTLPz2yLJIBQVdXqhMCQBGoiuSoSjafUhV7i1cEGpb88h5NBYZzWXGZ
37sJ5QsW+sJyoNde3xH8vdXhzU7eT82D6X/scw9RZz+/6rCJ4p0=
-----END RSA PRIVATE KEY-----'); // private key
$rsa->setSignatureMode(CRYPT_RSA_SIGNATURE_PKCS1);
$signature = $rsa->sign($code);
return base64_encode($signature);
}
function decryptRSA($string_to_decrypt){
$rsa = new Crypt_RSA();
$rsa->loadKey('-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQCqGKukO1De7zhZj6+H0qtjTkVxwTCpvKe4eCZ0FPqri0cb2JZfXJ/DgYSF6vUp
wmJG8wVQZKjeGcjDOL5UlsuusFncCzWBQ7RKNUSesmQRMSGkVb1/3j+skZ6UtW+5u09lHNsj6tQ5
1s1SPrCBkedbNf0Tp0GbMJDyR4e9T04ZZwIDAQABAoGAFijko56+qGyN8M0RVyaRAXz++xTqHBLh
3tx4VgMtrQ+WEgCjhoTwo23KMBAuJGSYnRmoBZM3lMfTKevIkAidPExvYCdm5dYq3XToLkkLv5L2
pIIVOFMDG+KESnAFV7l2c+cnzRMW0+b6f8mR1CJzZuxVLL6Q02fvLi55/mbSYxECQQDeAw6fiIQX
GukBI4eMZZt4nscy2o12KyYner3VpoeE+Np2q+Z3pvAMd/aNzQ/W9WaI+NRfcxUJrmfPwIGm63il
AkEAxCL5HQb2bQr4ByorcMWm/hEP2MZzROV73yF41hPsRC9m66KrheO9HPTJuo3/9s5p+sqGxOlF
L0NDt4SkosjgGwJAFklyR1uZ/wPJjj611cdBcztlPdqoxssQGnh85BzCj/u3WqBpE2vjvyyvyI5k
X6zk7S0ljKtt2jny2+00VsBerQJBAJGC1Mg5Oydo5NwD6BiROrPxGo2bpTbu/fhrT8ebHkTz2epl
U9VQQSQzY1oZMVX8i1m5WUTLPz2yLJIBQVdXqhMCQBGoiuSoSjafUhV7i1cEGpb88h5NBYZzWXGZ
37sJ5QsW+sJyoNde3xH8vdXhzU7eT82D6X/scw9RZz+/6rCJ4p0=
-----END RSA PRIVATE KEY-----'); // private key
return $rsa->decrypt(base64_decode($string_to_decrypt));
}
//Which ever function is on top is the only one that appears to work. The first line below will work, however the second will fail returning me a null value.
$sig = signRSA('zzzzzzzzz');
$plain = decryptRSA('G0KqVsNP6qsjVkKbnfCkSsiUdDnxBzIjA1tNHCeeKgkzqdkJF/zFuzVdtc8PrEfeR+SfrvdLiR5DqlAA
LReLD5lPrj19+3Ci+igCQebItT8xmOHmKNHM+nQK2l6uL9AW03Vy/15sCTHqZ/dfmQMarzIb05DQUX57
ftrBGu0XLwM=');
echo base64_encode($sig) . "\r\n";
echo $plain;
Maybe your key isn't in a supported format? Maybe the ciphertext you're trying to decrypt doesn't go with the private key? Does the code snippet I've posted work for you? If so you're gonna need to post more info. Like fill in the keys and plaintext's and what not.
Okay, well, this is my first time working with encryption on a project. I am using my hosting provider for SSL, but I also want to encrypt portions of the database that are sensitive. For this, I was told to use OpenSSL. I am testing it on my localhost (WAMP), and have installed OpenSSL and turned on the PHP and Apache SSL mods. Okay, so i've been following tutorials and, using several suggested methods, have been able to generate the public key and store it as a file. For some reason, I can't seem to generate the private key. I will post two versions of code that i've tried:
// generate private key
$privateKey = openssl_pkey_new(array(
'private_key_bits' => 1024,
'private_key_type' => OPENSSL_KEYTYPE_RSA,
));
// write private key to file
openssl_pkey_export_to_file($privateKey, 'private.key');
// generate public key from private key
$publicKey = openssl_pkey_get_details($privateKey);
// write public key to file
file_put_contents('public.key', $publicKey['key']);
// clear key
echo $privateKey;
?>
This generates a public.key file, but provides me the warnings "openssl_pkey_export_to_file(): cannot get key from parameter 1:" and " openssl_pkey_get_details() expects parameter 1 to be resource, boolean."
I also tried an alternative method:
$config = array(
"config" => "E:/wamp/bin/apache/apache2.2.22/conf/openssl.cnf",
"digest_alg" => "sha512",
"private_key_bits" => 1024,
"private_key_type" => OPENSSL_KEYTYPE_RSA,
);
// Create the private and public key
$res = openssl_pkey_new($config);
// Extract the private key from $res to $privKey
openssl_pkey_export($res, $privKey, NULL);
echo "Private Key: ".$privKey;
// Extract the public key from $res to $pubKey
$pubKey = openssl_pkey_get_details($res);
$pubKey = $pubKey["key"];
echo "Public Key: ".$pubKey;
$data = 'plaintext data goes here';
echo "Data: ".$data;
// Encrypt the data to $encrypted using the public key
openssl_public_encrypt($data, $encrypted, $pubKey);
echo "Encrypted: ".$encrypted;
// Decrypt the data using the private key and store the results in $decrypted
openssl_private_decrypt($encrypted, $decrypted, $privKey);
echo "Decrypted: ".$decrypted;
This was supposed to echo everything, unfortunately my result was a blank private key, a fine public key, plaintext, and encrypted text, and an error when trying to decrypt: "openssl_private_decrypt(): key parameter is not a valid private key"
Clearly, i'm having a problem with private key creation. I've searched the internet thoroughly and haven't been able to fix it, even though I've implemented simple code that seems to work for everyone else.
Thanks in advance,
Elie Zeitouni
I know that it has been a while and you may have already solved it but I think that my answer can be helpful for other people who faced the same problem (Like I did).
So if you take a look at the openssl_pkey_export() documentation you can find that it takes four different parameters. If we take a look at your second implementation we can see that you have only provided three.
openssl_pkey_export($res, $privKey, NULL);
This would be just as fine if only your server have the right environment variables for OPENSSL_CONF. Linking to the openssl.cnf file, which as quoted in the README-SSL.txt file that is downloaded with XAMPP is required to make use of CSR and key generation functions from PHP.
To use the CSR and key generation functions from PHP, you will need to install an openssl.cnf file. We have included a sample file that can be used for this purpose in this folder alongside this readme file.
For this reason just as you did for the openssl_pkey_new($config); you must create a associative array containing the config => '/path/to/openssl.cnf'. Just like this:
openssl_pkey_export($res, $privKey, NULL, $config);
I would like to also add that the path of openssl.cnf in my case is inside:
C:\xampp\php\extras\openssl\openssl.cnf
Inside here you will also be able to find a README-SSL.txt file which give a good explaination of how to configure OPENSSL.
Hope it helps. :)
I think you might have an easier time with phpseclib, a pure PHP RSA implementation. The following example will create a 1024-bit RSA private / public key:
<?php
include('Crypt/RSA.php');
$rsa = new Crypt_RSA();
extract($rsa->createKey());
echo $privatekey . '<br/>' . $publickey;
?>
Banged around my head with getting this to work on windows10 with xampp php 5.5. Finally figured tabone's answer above was in the right direction EXCEPT path format needed to be forward slashed!
C:/xampp/php/extras/openssl/openssl.cnf
Hope this helps someone.
I Had the same problem.
And it is Windows problem's !!!
It won't happen on unix base systems.
And, If like me you use Windows only for Development, you use PuTTYGen to generate a key, and use it, static, in dev enviroment !
OR
OpenSSL not working on Windows, errors 0x02001003 0x2006D080 0x0E064002
use : openssl_pkey_export_to_file($result, 'privkey.pem', null, $config);
This worked for wampp/php 7.0.4
$privateKey = openssl_pkey_new(array(
'config' => 'C:/wamp/bin/php/php7.0.4/extras/ssl/openssl.cnf',
'private_key_bits' => 1024,
'private_key_type' => OPENSSL_KEYTYPE_RSA,
));
// write private key to file
openssl_pkey_export_to_file($privateKey, 'private.key');
// generate public key from private key
$publicKey = openssl_pkey_get_details($privateKey);
// write public key to file
file_put_contents('public.key', $publicKey['key']);
// clear key
echo $privateKey;