I am trying to do the equivalent of the php seal function.
What I have is a string to encrypt, a public key and a randomly generated secret key, and I have to encode the string using the 'rs4' algorithm.
So far I managed to encode the string with the crypto functions:
var password = crypto.randomBytes(128);
var cipher = crypto.createCipher('rc4', password);
var crypted = cipher.update(text,'utf8','base64');
crypted += cipher.final('base64');
But somehow, I need to include in the encryption the public x509 certificate.
Can someone point me in the right direction?
RC4 is not a public key encryption system. You're looking for (in order of preference):
node-sodium
RSAES-OAEP with MGF1+SHA256 and e = 65537
Also, for secret-key cryptography, don't use RC4.
In the end I didn't find any way of achieving the same encryption in node, so I just called a php cli script from node that sent the data to be encrypted, and read the stdout for the encrypted base64 result :(
Related
I am trying to send a data to an API. They wants it as encrypted before send it over.
The documentation says:
Generate a private key using AES algorithm(with SHA-1 HMac function by PKCS 5 V2.0 Scheme - I DON'T know what this means.
Encrypt the data with this key (data is json_string) (PADDING_PKCS1 = 11 and key length is 2048bit)
Encrypt the private_key using RSA algorithm with the public key(they gave us a pem file)
Then send this encrypted datas in a json format.
They also gives a dll file. So I decompiled it, and it uses a library called BouncyCastle.
Their function is basicly does this;
this.aesService.GenerateKey(password_variable, salt_file_contents_as_bytes); (they gives that both)
byte[] data1 = this.aesService.Encode(json_string);
byte[] data2 = this.rsaService.Encode(this.aesService.GetAesKey(), reads_public_keys_data_as_byte);
// and some http requests nothing special
What I tried is;
1- generated a key using openssl_pbkdf2 function with their password and salt
$key = openssl_pbkdf2($password, $salt, 32, 20000, 'sha1');
2- encrypted the data with this key with openssl_encrypt function
$encryptedJson = openssl_encrypt($json_string, "AES256", $key);
3- encrypted the key that I generate with their public key with openssl_public_encrypt function
openssl_public_encrypt($key, $encryptedAes, $public_key, OPENSSL_PKCS1_PADDING);
4- convert this results to hex with bin2hex function and send it to them
$jsonData = bin2hex($encryptedJson);
$keyData = bin2hex($encryptedAes);
But it returns error (says invalid object -I don't know what this means). I asked them about it but they didn't reply yet.
What I want to ask you is:
Am I doing it right? Am I using the right functions for this operations?
EDIT:
They still didn't reply back. But I just added the IV to the the start of the encrypted data returned by the openssl_encrypt function and convert it to hex. VoilĂ ! It worked.
I am trying to encrypt a password to sent to through an API for authentication. My situation is quite similar to another encrypt example
The python part is form see the get_pwd_rsa function
Python part:
import rsa
key = rsa.PublicKey(n, e)
encropy_pwd = rsa.encrypt(message, key)
binascii.b2a_hex(encropy_pwd)
And I have try using phpseclib to solve my problem, but the encrypt result is not correct:
use phpseclib\Crypt\RSA;
$rsa = new RSA();
$rsa->loadKey([
'n' => new \phpseclib\Math\BigInteger($n, 16),
'e' => new \phpseclib\Math\BigInteger($e, 16),
]);
$ciphertext = $rsa->encrypt($message);
return bin2hex($ciphertext);
The encrypt result is not correct and I'm not sure which part am I missing.
To add to what James said, my suspicion is that whatever Python library you're using is doing PKCS1 padding if it's doing any padding at all.
Contrast this with phpseclib which uses OAEP padding by default. PKCS1 padding can be enabled but it defaults to the more secure OAEP padding.
Further, both PKCS1 and OAEP encryption are randomized. I say that because I kinda wonder if you're saying the PHP code is wrong because it doesn't give the same result as the python code. It shouldn't. If you run a round of RSA encryption with phpseclib twice with the same plaintext and key each time you'll get a different ciphertext each time. PKCS1 and OAEP were designed this way to protect against known plaintext attacks.
I'm trying to create a JWT (JSON web token) in a node service which then needs to be checked in a PHP service.
I'm creating the token as per the spec as far as I can tell, and I'm encrypting the signature with the Node crypto library. I've read that the only algorithm that'll work reliably between these technologies is aes-128-cbc so that's the one I'm using.
I had some luck using mcrypt_decrypt, but it was still not 100% correct which is still a fail. Also because that library is deprecated I'd rather use openssl_decrypt, which I cannot get to work at all, it simply returns false.
The secret and init vector are both stored in a database in fields of type varchar(16), so they are the same in both bits of code. I'm using a 16byte blocksize so matching that with 16byte secret and iv.
I've tried different combinations of binary, hex and base64 formats but cannot get the openssl_decrypt function to return anything but false.
This question comes down to how can I encrypt a string in node and decrypt it in PHP? Or what is wrong with my current usage of these methods?
Node v7.4.0
var crypto = require('crypto');
var secret = crypto.randomBytes(16);
var iv = crypto.randomBytes(16);
var header = { type:'JWT', alg: 'aes-128-cbc' };
var payload = { iss: 'auth-token', exp: Date.now() + 86400, token: <some uuid> };
var data = new Buffer(JSON.stringify(header)).toString('base64') + '.' + new Buffer(JSON.stringify(payload)).toString('base64');
var cipher = crypto.createCipheriv('aes-128-cbc', secret, iv);
var encrypted = cipher.update(data, 'utf8', 'base64') + cipher.final('base64');
var JWT = data + '.'+ encrypted;
PHP v7.0.13 (also tried v7.1.1)
list($header64, $payload64, $sigEnc) = explode('.', $_POST['jwt']);
$header = base64_decode ($header64);
$payload = base64_decode ($payload64);
$signature = openssl_decrypt($sigEnc, 'aes-128-cbc', $secret, null, $iv); // secret and iv are both straight out of the database
Update
I've changed my objective here now and used a hash, which is possibly the correct way. So in the Node service I create a SHA256 hash of the base64 header and payload using a random key stored in the database. Then in the PHP service I do the same and compare the hashes. This is a better approach, which I should have taken before.
But there is still the question of how can you reliably encrypt a string in Node and decrypt it in PHP?
There are libraries but they seem a little overkill for what should be fairly straightforward.
It should be fairly straightforward but apparently it isn't.
With cryptography you either understand it well enough to implement the algorithms yourself from scratch, or you don't try because it's too risky to get it wrong. It's bad enough when you make a mistake like you did when nothing works, but it is way worse when it seems to work but is weak and vulnerable to some attack that you didn't think about.
If you're serious about security then use the right tool for the job. In Node you have:
https://www.npmjs.com/package/jwt
https://www.npmjs.com/package/jsonwebtoken
https://www.npmjs.com/package/jwt-simple
https://www.npmjs.com/package/express-jwt
and many more.
For PHP you have:
https://github.com/firebase/php-jwt
https://github.com/namshi/jose
https://github.com/lcobucci/jwt
https://github.com/emarref/jwt
https://github.com/Spomky-Labs/jose
https://github.com/nov/jose-php
See https://jwt.io/ for more info, more tools and more tutorials.
If you want to learn how to do it correctly yourself without using a library, then read the source code of those libraries - they are all open source, free software.
I'm working on replacing a legacy system that (among other things) receives SHA1 hashes of arbitrary files and signs them using a private key with a simple PHP web service.
It should look something like that:
$providedInput = '13A0227580C5DE137C2EBB2907A3F2D7F00CA71D';
// pseudo "= sha1(somefile.txt); file not available server side!
$expectedOutput = 'DBC9CC4CB0BECEE313BB100DD1AD39AEC045714D72767211FD574E3E3546EB55E77D2EBFE33BA2974BB74CE051608BFF45A73A52612C5FC418DD3A76CAC0AE0C8FB3FC6CE4F7A516013A9743A36424DDACFE889B3D45E86E6853FD9A55B5B4F0F0D8A574A0B244C0946A99B81CCBD1A7AF7C11072745B11C06AD680BE8AC4CB4';
// pseudo: "= openssl_sign(file_get_contents(somefile.txt), signature, privateKeID);
For the sake of simplicity I'm using PHP's built in openssl extention. The problem I'm running into is that openssl_sign seems to SHA1 hash the input data again internally according to this German manual entry on openssl_sign. The English entry is missing that info for some reason.
This produces the expected output ...
$privateKeyID = openssl_get_privatekey(file_get_contents($privateKey));
openssl_sign(file_get_contents("x.txt"), $signature, $privateKeyID);
var_dump(bin2hex($signature));
... but since I don't have access to the actual input files on server side it's not very helpful.
Is there a way around the additional hashing without 3rd party libs? I already tried to simply encrypt the hash received, but from How to compute RSA-SHA1(sha1WithRSAEncryption) value I understand encrypting and signing produce different output.
Update to make things more clear:
I'm recieving an SHA1 hash as input and the service has to convert it to a valid signature (using a private key) that can simply be verified using openssl_verify. The clients are out of reach, so changing their implementation is not possible.
From How to compute RSA-SHA1(sha1WithRSAEncryption) value:
If you reproduce this EM and use RSA_private_encrypt, then you will get the correct PKCS#1 v1.5 signature encoding, the same you would get with RSA_sign or even better, using the generic EVP_PKEY_sign.
I figured I could simply implement the DER encoding myself according to this specification, but the result (EM) seems too long to be encrypted with my key
// 1. Apply the hash function to the message M to produce a hash value H
$H = hex2bin($input); // web service receives sha1 hash of an arbitrary file as input
$emLen = 128; // 1024 rsa key
// 2. Encode the algorithm ID for the hash function and the hash value into
// an ASN.1 value of type DigestInfo
$algorithmIdentifier = pack('H*', '3021300906052b0e03021a05000414');
$digest = $H;
$digestInfo = $algorithmIdentifier.$digest;
$tLen = strlen($digestInfo);
// 3. error checks omitted ...
// 4. Generate an octet string PS consisting of emLen - tLen - 3 octets
// with hexadecimal value 0xff. The length of PS will be at least 8
// octets.
$ps = str_repeat(chr(0xFF), $emLen - $tLen - 3);
//5. Concatenate PS, the DER encoding T, and other padding to form the
// encoded message EM as
$em = "\0\1$ps\0$digestInfo";
if(!openssl_private_encrypt($em, $signature, $privateKeyID)) {
echo openssl_error_string();
}
else {
echo bin2hex($signature);
}
Output:
Error:0406C06E:rsa routines:RSA_padding_add_PKCS1_type_1:data too large for key size
Any hints?
UPDATE
As you can see in code below openssl_verify return 1 for result of openssl_sign and even for openssl_private_encrypt result. I tested it on my machine. This solution will work only if sha1 digest in digital signature is used.
// Content of file
$data = 'content of file somewhere far away';
// SHA1 hash from file - input data
$digest = hash('sha1', $data);
// private and public keys used for signing
$private_key = openssl_pkey_get_private('file://mykey.pem');
$public_key = openssl_pkey_get_public('file://mykey.pub');
// Encoded ASN1 structure for encryption
$der = pack('H*', '3021300906052b0e03021a05000414') . pack('H*', $digest);
// Signature without openssl_sign()
openssl_private_encrypt($der, $signature, $private_key);
// Signature with openssl_sign (from original data)
openssl_sign($data, $opensslSignature, $private_key);
// Verifying - both should return 1
var_dump(openssl_verify($data, $signature, $public_key));
var_dump(openssl_verify($data, $opensslSignature, $public_key));
I just captured DER encoded structure by decrypting openssl_sign() result.
ORIGINAL ANSWER
openssl_sign() creates digest from data because this is how digital signature works. Digital signature is always encrypted digest from data.
You can use openssl_private_encrypt() and openssl_public_decrypt() on your sha1 digest with no fear. In general, it is the same thing but yes, there is a difference. If you encrypt something on your own, the encryption process does not care about data and just encrypts them. It is on you to know that what you will decrypt later is sha1 digest for some data. In fact, it is just data encryption with private key, not true digital signature.
openssl_sign() creates digest from data and encrypts information about kind of digest and digest itself (this is ASN.1 DER structure from your link). This is because openssl_verify() needs to know what kind of digest was used when signing.
According to the English page of openssl_sign:
bool openssl_sign ( string $data , string &$signature , mixed $priv_key_id [, mixed $signature_alg = OPENSSL_ALGO_SHA1 ] )
I think the obvious suggestion is to use OPENSSL_ALGO_SHA256. See openssl_get_md_methods for a list of the supported algorithms.
I have an applet that uses a "foo.key" file and a string password to generate a privateKey object, using BouncyCastle apis. Then a signature is created using this privateKey object and a string such as "MYNAMEHERE". All I know is that the algorythm used to generate this signature is RSA.
What I want to do is to decrypt (or verify) this signature in PHP. I have both files publicKey (file.cer) and privateKey (file.key) that where used to generate the privateKey object in Java.
Im trying using the openssl_verify functions in PHP, passing the values:
openssl_verify("MYNAMEHERE", $signature, "file.cer"), where $signature contains the String representation of the signature object generated in Java: new String (signature).
I dont know if this process is correct to verify the signature, or what kind of encoding/decoding process i have to do before using this function.
I hope somebody points me the right direction!
Thanks in advance!
You haven't given enough information, such as the actual signature or how it is encoded. Normally RSA means RSA in PKCS#1 1.5 mode using SHA-1 (Google it) which is more or less the default signature generation/verification algorithm in use today. In that case, the verify should proceed as you've described. The password is not needed anymore, it might just be used to decrypt the private key. You can still use the private key to see if an sign in PHP/openssl does create the same data. If not, a different hash or PKCS#1 v2.1 signature may have been used.