I try to send EBICS HPB request, but get always the same error:
EBICS_AUTHENTICATION_FAILED
I think the problem is on my code, below is what the code is doing to get the signature value :
Get signature Certificate from pem file
Remove CR, LF and Ctrl-Z
Convert PEM to DER.
Apply ISO10126
hash sha256
Encryption rsa PKCS #1 v1.5: rsa_encrypt($SignatureValue, $public_key)
Then I put the result as signature value, but I'm not sure to do the right procedure before sending my request.
Related
I have an ESP8266 with Nodemcu and an AM2320 sensor.
I am sending temperature and humidity in JSON format in plain text to my HTTP server for collecting datas with PHP and SQLITE3.
That's working right.
But I wish to encrypt my datas with AES-CBC
I encrypt measures on the ESP8266 with crypto.encrypt() function and 'AES-CBC' method like this example:
https://nodemcu-firmware.readthedocs.io/en/latest/en/modules/crypto/#cryptoencrypt
I do the same encryption on my PC with Python 3 .
The resulting string matches with the result on the ESP8266 and LUA 5.1
Next I do the same encryption on my PC but with PHP 7.1
Alas, the resulting string don't match with the previous results.
I am using the 'AES-128-CBC' method on openssl_encrypt() function.
I put the script in the three languages in a gist on Github.com :
https://gist.github.com/bazooka07/bed368d313e218fcba332cb2127c70b1
That's wrong in PHP ?
Can You help me ?
I've tried your code with aes-256-cbc instead of aes-128-cbc in PHP, and it gives the same output. Changing the PHP encrypt method to aes-256-cbc should fix the problem..
I add some fix to my gist for working when the length of the message to encrypt don't mach with a multiple of 16 chars.
I'm trying do decrypt the banks response of a HBP-Request but until now without success.
According the specification it exists a transaction key, which is asymmetric encrypted.
Further the OrderData, which is compressed, encrypted and base64-coded.
I could decrypt the orderdate with the following code, but afterwards i get an error during compressing.
openssl_open(base64_decode($orderdata), $open, base64_decode($trxkey), $pkeyid) or die(openssl_error_string());
Does anyone could give me a hint?
Thanks
In our application we are getting encrypted text from external server. This text have been encrypted using openssl in php.
When I am trying to decrypt the text in my Ruby code, I am getting following error message:
OpenSSL::Cipher::CipherError: wrong final block length
I read couple of solutions on Stackoverflow and was suggest to add following line to the code cipher.padding = 0. But after adding padding = 0, I am getting different error:
OpenSSL::Cipher::CipherError: data not multiple of block length
Below is my rough script I have written to decrypt the code.
require 'openssl'
require 'digest/sha1'
require 'base64'
encrypted = "VaZYJzn9QVEQIH4fmtA1Cg=="
key = "my_secret_key"
cipher = OpenSSL::Cipher::Cipher.new("aes-128-ecb")
cipher.decrypt
cipher.padding = 0
cipher.key = key
decrypted = cipher.update(encrypted)
decrypted << cipher.final
puts Base64.decode64(decrypted)
If I encrypt the text using Ruby then I can easily decrypt it. I am having problem to decrypt the code which are encrypted in php. Is there any way I can make encryption and decryption compatible between php and Ruby.
Simply change the way you call it.
From decrypted << cipher.final to decrypted = cipher.update(encrypted) + cipher.final
could get the string like
<GF\x8F\xDC\x91\xE1ew\xB1\x1C\xE8\xF8V\xA0\x99g\x01C\xCDF\xD6\v\x841l\x13\xA6\x9496{
Last, quote from Ruby Doc You should never use ECB mode unless you are absolutely sure that you absolutely need it
I am writing a PHP app (acting as a SAML IdP) which is trying to do a login via a SAML Response to a server (acting as the SAML SP. I am currently stuck with the server rejecting the request (I just get a 500 Bad Request).
I have written a test app (in Java/openSAML - which I'm pretty sure the server is using), and can see that the problem is that the SAML SignatureValidator validate generates
org.apache.xml.security.signature.XMLSignatureException: Invalid XMLDSIG format of DSA signature
Looking at the SAML SignatureValidator code I can see that it checks that the XMLDISG signature is exactly 40 bytes long (P1363 format?) - whereas the generated signature is 46-48 bytes long (DER ASN.1 format?).
The signature is being generated by PHP openssl_sign as below.
openssl_sign($canonicalized_signedinfo,
$signature,
$private_key,
OPENSSL_ALGO_DSS1))
An example signature (displayed as binary to hex for clarity) is as below. This is 46 bytes, but I notice it varies (depending on the random key?) from 46 to 48 bytes.
302c02146e74afeddb0fafa646757d73b43bca688a12ffc5021473dc0ca572352c922b80abd0662965e7b866416d
I can successfully verify this signature using PHP openssl_verify as below.
openssl_verify ($canonicalized_signedinfo,
$signature ,
$public_key,
OPENSSL_ALGO_DSS1))
But in my test app when I do a SignatureValidator validate (as below) I get the XMLSignatureException: Invalid XMLDSIG format of DSA signature exception.
BasicCredential credential = new BasicCredential();
credential.setPublicKey(publicKey);
credential.setUsageType(UsageType.SIGNING);
SignatureValidator sigValidator = new SignatureValidator(credential);
sigValidator.validate(signature);
Does anyone know how to do the PHP signature conversion from the 46-48 DER ASN.1 format generated by PHP openssl_sign to the 40 byte P1363 format expected by openSAML?
That resource from code project has explanations about how to convert ASN.1 format into P1363 with code examples. It may be useful to write a Java validation method.
And I propose you use this C++ code to generate a DSIG compliant signature from PHP: http://xmlsig.sourceforge.net/
By the way, it sounds more complex than simply generate the signature and validate it. You may be interested in XMLBlackbox
I am using PGP (GNU Privacy Guard) for encrypting the file.
while encrypting i removed the '.pgp' extension of encrypted file.
Now some how i want to know which file is already encrypted in the specific folder.
Note :- my goal is that ... do not encrypt any file twice ... so before encrypt any file .. i want to check is the file already encrypted.
in php can we find out which file is already encrypted ?
PGP file all starts with "-----BEGIN PGP MESSAGE-----".
So you can do something like this:
$content = file_get_contents($filename);
$encrypted = strpos($content, '-----BEGIN PGP MESSAGE-----') === 0;
I really don't know much about how it works, or how you could look at the contents of the file to tell if it is encrypted properly, but could you try decrypting them? If you know you're only working with plain text files, you could examine the first 500 bytes of the decrypted data and if there's strange characters (outside the standard a-z A-Z 0-9 + punctuation, etc), then that could be a clue that the file wasn't encrypted.
This really is a half-arsed answer, I know, but it was a bit long to fit into a comment.
You can't unless you understand the algorithm used in the encryption. Once you understand it, you can apply that to check whether a file is already encrypted.
Also check to make sure that there is already a function available in PGP for checking if something is already encrypted. This is usually present in encryption solutions.
Thanks
There are two possible formats for OpenPGP data, binary and ascii armored.
Ascii-armored files are easy to recognize by looking for "-----BEGIN PGP MESSAGE-----" which can also be done using the unix command file:
$ file encrypted
encrypted: PGP message
#ZZ_Coders answer is totally fine if you're only dealing with ascii armored encrypted files.
If it shows something else, it's not an OpenPGP message - or in binary format. This isn't as easy to recognize (at least I don't know which magic packets you could look for), but you can easily use the gpg command to test the file:
$ gpg --list-only --list-packets encrypted
:pubkey enc packet: version 3, algo 1, keyid DEAFBEEFDEADBEEF
data: [2048 bits]
:encrypted data packet:
length: 73
mdc_method: 2
If it isn't encrypted, response will look like this:
$ gpg --list-only --list-packets something_else
gpg: no valid OpenPGP data found.
In PHP, you could use this code to check if a file is OpenPGP-encrypted:
if (strpos(`gpg --list-only --list-packets my_file.txt 2>&1`,
'encrypted data packet'))
echo "encrypted file";