I am working on an application which generates RSA encrypted session keys and stores them in a database. Later theses keys are transfered to a C++ application via Javascript. Therefore I want to use the OpenSSL library. I generated a 2048 bit key pair with openssl, which is used in both methods.
My PHP functions works like this:
function encrypt_with_public_key($input, $key)
{
openssl_public_encrypt($input, $crypttext, $key, OPENSSL_PKCS1_OAEP_PADDING);
return $crypttext;
}
and
$fp = fopen("public.pem","r");
$public_pem = fread($fp,8192);
fclose($fp);
$public_key = openssl_get_publickey($public_pem);
$sessionKey = ...;
$encSessionKey = encrypt_with_public_key($sessionKey, $public_key);
I tested this part successfully. The part I have trouble with, is the C++ part. I use MS Visual Studio 2013. Edit: added hex encoding (using Crypto++)
#include <openssl/pem.h>
#include <openssl/rsa.h>
#include <openssl/err.h>
#include <openssl/crypto.h>
...
string decrypted, encoded;
decrypted.clear();
char privateKey[] =
"-----BEGIN RSA PRIVATE KEY-----\n"\
...
RSA *rsa = NULL;
BIO *keybio;
keybio = BIO_new_mem_buf(privateKey, strlen(privateKey));
rsa = PEM_read_bio_RSAPrivateKey(keybio, &rsa, NULL, NULL);
StringSource ss2(input, true,
new HexEncoder(
new StringSink(encoded)
)
);
RSA_private_decrypt(encoded.length(), (unsigned char *)encoded.data(), (unsigned char *)decrypted.data(), rsa, RSA_PKCS1_OAEP_PADDING);
FBLOG_INFO("", ERR_error_string(ERR_get_error(), NULL));
return decrypted;
Note that the private key is not read from a file.
OpenSSL returns the following error: 0406506C: lib(4): func(101): reason(108).
It means afaik that my input data is longer than the modulus length (please correct me if I'm wrong). Anyone who knows how to handle this? I thought such problems are solved through the padding parameters.
The input data is the direct output of the php encrypt function (no base64 oder anything).
Related
I've been trying to get this for hours now, and I can't find what's wrong. I'm using a php RESTful API that I made to encrypt data using asymmetric encryption.
First, I save my user's public key in the server by exporting it in android:
fun exportPublicKey() : String {
val publicKey = getPublicKey()
return android.util.Base64.encodeToString(
publicKey!!.encoded,
android.util.Base64.NO_WRAP
)
}
This allows me in the PHP server to do that:
$public_key_core = $_POST["public_key"];
$public_key = "-----BEGIN PUBLIC KEY-----\n" . $public_key_core . "\n-----END PUBLIC KEY-----";
I am unsure that's the right way but openssl seems to be "ok" with that key ?
I then tested my keystore in local using both keys, and it works just fine using this code:
Encrypt:
fun encryptAsymmetricData(data: String, usePrivateKey : Boolean = true): ByteArray {
val cipher : Cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding")
val encryptedBytes: ByteArray
if (usePrivateKey){
cipher.init(Cipher.ENCRYPT_MODE, getPrivateKey())
encryptedBytes = cipher.doFinal(data.toByteArray(Charsets.UTF_8))
} else {
cipher.init(Cipher.ENCRYPT_MODE, getPublicKey())
encryptedBytes= cipher.doFinal(data.toByteArray(Charsets.UTF_8))
}
return encryptedBytes
}
Decrypt:
fun decryptAsymmetricData(data: ByteArray): String{
val cipher : Cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding")
cipher.init(Cipher.DECRYPT_MODE, getPrivateKey())
return cipher.doFinal(data).toString(Charsets.UTF_8)
}
Using this works because I do ".toByteArray(Charsets.UTF_8)" on the encryptData result.
Now here's the problem, I use base64 encoding and do the following to encrypt in PHP:
openssl_public_encrypt($token->token, $encrypted_token, $user->public_key);
openssl_public_encrypt($user->id, $encrypted_id, $user->public_key);
[...]
'encrypted_user_id' => base64_encode($encrypted_id),
'encrypted_token' => base64_encode($encrypted_token)
But when I try to decrypt this in Android I'm getting an exception "javax.crypto.IllegalBlockSizeException" caused by this code:
val tokenBA = String(getDecoder().decode(this.encryptedToken), Charsets.UTF_8).toByteArray(Charsets.UTF_8)
val userIDBA = String(getDecoder().decode(this.encryptedUserId), Charsets.UTF_8).toByteArray(Charsets.UTF_8)
val token = App.encryptionController.decryptAsymmetricData(tokenBA)
val userID = App.encryptionController.decryptAsymmetricData(userIDBA)
(The logic being, I use base64 to send back my data in PHP, so I convert it to UTF8 in Android, then get the associated ByteArray to decrypt it ?)
I know that the encryption works in "local" but it doesn't when using both PHP and KeyStore, so I guess the problem is coming either from the PHP encryption, or from the way I try to decrypt it in android, but I can't seem to find what wrong, could you guys help me there please ?
Thank you by advance!
Ok, after searching and making sure the issue wasn't the public key stored in the PHP server, I found the answer. It was caused by the way to convert the "base64" string in an actual ByteArray in the App. This worked:
val token = App.encryptionController.decryptAsymmetricData(getDecoder().decode(encryptedToken))
val userID = App.encryptionController.decryptAsymmetricData(getDecoder().decode(encryptedUserId))
This is only working because I do the "base64_encode" in the server, for some (bad) reason I thought it was needed to go back to UTF8 to get the ByteArray in the app.
I have a next problem
On Node.js I have a next code
var iv = CryptoJS.enc.Hex.parse('00000000000000000000000000000000'); //it's for tests, later it will be dynamically generated
var key256Bits = 'A5178B6A965AACF3CD60B07A15061719';
var cipher = CryptoJS.AES.encrypt(
'Some text',
key256Bits,
{
iv: iv,
padding:CryptoJS.pad.ZeroPadding
}
).toString();
Then when I try to decode it with phpseclib
$key = 'A5178B6A965AACF3CD60B07A15061719';
$data = /*text encrypted by JS*/;
$cipher = new AES();
$cipher->setKeyLength(256);
$cipher->setKey($key);
$res = $cipher->decrypt($data);
And then $res becomes an empty string
What do I do wrong?
If you pass in a string to CryptoJS.<cipher>.encrypt as a key, CryptoJS treats it as a password and will derive the actual key from that using OpenSSL's EVP_BytesToKey with a random salt and one iteration of MD5.
phpseclib doesn't have an implementation of that, so you could just pass in the actual key:
var key256Bits = CryptoJS.enc.Utf8.parse('A5178B6A965AACF3CD60B07A15061719');
Since this key is only 32 hexits long, it only has 128 bit of entropy, but still uses AES-256. You need 64 hexits which you can decode before use to get 32 bytes for a secure key size.
Also, phpseclib implements PKCS#7 padding, so you need to use
padding: CryptoJS.pad.Pkcs7
in CryptoJS.
Example JavaScript code:
var iv = CryptoJS.enc.Hex.parse('00000000000000000000000000000000'); //it's for tests, later it will be dynamically generated
var key256Bits = CryptoJS.enc.Utf8.parse('A5178B6A965AACF3CD60B07A15061719');
var cipher = CryptoJS.AES.encrypt(
'Some text',
key256Bits,
{
iv: iv,
padding: CryptoJS.pad.Pkcs7
}
).toString();
console.log(cipher)
<script src="https://cdn.rawgit.com/CryptoStore/crypto-js/3.1.2/build/rollups/aes.js"></script>
In PHP, you need to make sure to decode the ciphertext before use:
$data = base64_decode("IWkBG3A46rNrxwWN2JD7xQ==");
$key = 'A5178B6A965AACF3CD60B07A15061719';
$cipher = new AES();
$cipher->setKeyLength(256);
$cipher->setKey($key);
$res = $cipher->decrypt($data);
var_dump($res);
Security consideration:
If you're using only symmetric encryption you need the exact same key at the server and the client. If you send the encryption key from the server to the client or the other way around you need to encrypt your symmetric encryption key. The easiest way to do this would be to use TLS. If you use TLS, then the data as well as key are encrypted, so you don't need to encrypt it yourself. This doesn't provide any security, just a little bit of obfuscation. You should read: https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2011/august/javascript-cryptography-considered-harmful/
I'm trying to compute the shared secret for ECDH (Elliptic Curve Diffie Hellman) using PHP.
Assume I have someone's public key.
$clientPublickey = "BOLcHOg4ajSHR6BjbSBeX_6aXjMu1V5RrUYXqyV_FqtQSd8RzdU1gkMv1DlRPDIUtFK6Nd16Jql0eSzyZh4V2uc";
I generate my keys using OpenSSL.
exec('openssl ecparam -genkey -name prime256v1 -noout -out example-ecc.pem');
$private = openssl_pkey_get_private("file://example-ecc.pem");
Using the following code, I get false as value for $sharedSecret.
$sharedSecret = openssl_dh_compute_key(base64_decode($clientPublickey), $private);
openssl_error_string() doesn't return any error.
I've var_dumped openssl_pkey_get_details($private) and I verified it was created properly.
How do I use openssl_dh_compute_key()?
https://www.openssl.org/docs/manmaster/crypto/DH_compute_key.html describes that function as being for (non-EC) Diffie Hellman. You would need ECDH_compute_key (which I don't know if PHP exposes).
Though https://wiki.openssl.org/index.php/Elliptic_Curve_Diffie_Hellman recommends using the EVP_PKEY wrappers instead of the low level routines. But, again, I can't say what support PHP has.
Quite an old post, but still..
I think your public key is not formatted in Base64, but in URL-safe-Base64.
See: https://en.wikipedia.org/wiki/Base64#URL_applications
Furthermore, you can create the keys also from PHP now. Using openssl_pkey_new().
See: https://www.php.net/manual/en/function.openssl-pkey-new.php
openssl_dh_compute_key() supports ECDH only in PHP 8.1.0, with OpenSSL 3.0.0. Before PHP 8.1.0, openssl_dh_compute_key() always returned false.
Starting from PHP 7.3, there is openssl_pkey_derive() which derives a shared secret from a set of public key and private key. It works either with DH or EC keys. The example code given for this function is simpler than the example given for openssl_dh_compute_key(), which generate a public/private DH keypair using the command line.
$private = openssl_pkey_get_private("-----BEGIN PRIVATE KEY-----
MIICJgIBADCCARcGCSqGSIb3DQEDATCCAQgCggEBAJLxRCaZ933uW+AXmabHFDDy
upojBIRlbmQLJZfigDaSA1f9YOTsIv+WwVFTX/J1mtCyx9uBcz0Nt2kmVwxWuc2f
VtCEMPsmLsVXX7xRUFLpyX1Y1IYGBVXQOoOvLWYQjpZgnx47Pkh1Ok1+smffztfC
0DCNt4KorWrbsPcmqBejXHN79KvWFjZmXOksRiNu/Bn76RiqvofC4z8Ri3kHXQG2
197JGZzzFXHadGC3xbkg8UxsNbYhVMKbm0iANfafUH7/hoS9UjAVQYtvwe7YNiW/
HnyfVCrKwcc7sadd8Iphh+3lf5P1AhaQEAMytanrzq9RDXKBxuvpSJifRYasZYsC
AQIEggEEAoIBAGwAYC2E81Y1U2Aox0U7u1+vBcbht/OO87tutMvc4NTLf6NLPHsW
cPqBixs+3rSn4fADzAIvdLBmogjtiIZoB6qyHrllF/2xwTVGEeYaZIupQH3bMK2b
6eUvnpuu4Ytksiz6VpXBBRMrIsj3frM+zUtnq8vKUr+TbjV2qyKR8l3eNDwzqz30
dlbKh9kIhZafclHfRVfyp+fVSKPfgrRAcLUgAbsVjOjPeJ90xQ4DTMZ6vjiv6tHM
hkSjJIcGhRtSBzVF/cT38GyCeTmiIA/dRz2d70lWrqDQCdp9ArijgnpjNKAAulSY
CirnMsGZTDGmLOHg4xOZ5FEAzZI2sFNLlcw=
-----END PRIVATE KEY-----
");
$public = openssl_pkey_get_public("-----BEGIN PUBLIC KEY-----
MIICJDCCARcGCSqGSIb3DQEDATCCAQgCggEBAJLxRCaZ933uW+AXmabHFDDyupoj
BIRlbmQLJZfigDaSA1f9YOTsIv+WwVFTX/J1mtCyx9uBcz0Nt2kmVwxWuc2fVtCE
MPsmLsVXX7xRUFLpyX1Y1IYGBVXQOoOvLWYQjpZgnx47Pkh1Ok1+smffztfC0DCN
t4KorWrbsPcmqBejXHN79KvWFjZmXOksRiNu/Bn76RiqvofC4z8Ri3kHXQG2197J
GZzzFXHadGC3xbkg8UxsNbYhVMKbm0iANfafUH7/hoS9UjAVQYtvwe7YNiW/Hnyf
VCrKwcc7sadd8Iphh+3lf5P1AhaQEAMytanrzq9RDXKBxuvpSJifRYasZYsCAQID
ggEFAAKCAQAiCSBpxvGgsTorxAWtcAlSmzAJnJxFgSPef0g7OjhESytnc8G2QYmx
ovMt5KVergcitztWh08hZQUdAYm4rI+zMlAFDdN8LWwBT/mGKSzRkWeprd8E7mvy
ucqC1YXCMqmIwPySvLQUB/Dl8kgau7BLAnIJm8VP+MVrn8g9gghD0qRCgPgtEaDV
vocfgnOU43rhKnIgO0cHOKtw2qybSFB8QuZrYugq4j8Bwkrzh6rdMMeyMl/ej5Aj
c0wamOzuBDtXt0T9+Fx3khHaowjCc7xJZRgZCxg43SbqMWJ9lUg94I7+LTX61Gyv
dtlkbGbtoDOnxeNnN93gwQZngGYZYciu
-----END PUBLIC KEY-----
");
echo bin2hex(openssl_pkey_derive($public, $private));
For other PHP 7 releases, there are pure PHP implementations like phpecc/phpecc, which can generate a shared encryption key using code similar to the following one. (It's one of the library examples.)
use Mdanter\Ecc\EccFactory;
use Mdanter\Ecc\Primitives\GeneratorPoint;
use Mdanter\Ecc\Serializer\PrivateKey\PemPrivateKeySerializer;
use Mdanter\Ecc\Serializer\PrivateKey\DerPrivateKeySerializer;
use Mdanter\Ecc\Serializer\PublicKey\DerPublicKeySerializer;
use Mdanter\Ecc\Serializer\PublicKey\PemPublicKeySerializer;
use Mdanter\Ecc\Util\NumberSize;
// ECDSA domain is defined by curve/generator/hash algorithm,
// which a verifier must be aware of.
$adapter = EccFactory::getAdapter();
$generator = EccFactory::getNistCurves()->generator384();
$useDerandomizedSignatures = true;
$derPub = new DerPublicKeySerializer();
$pemPub = new PemPublicKeySerializer($derPub);
$pemPriv = new PemPrivateKeySerializer(new DerPrivateKeySerializer($adapter, $derPub));
# These .pem and .key are for different keys
$alicePriv = $pemPriv->parse(file_get_contents(__DIR__ . '/../tests/data/openssl-secp256r1.pem'));
$bobPub = $pemPub->parse(file_get_contents(__DIR__ . '/../tests/data/openssl-secp256r1.1.pub.pem'));
$exchange = $alicePriv->createExchange($bobPub);
$shared = $exchange->calculateSharedKey();
echo "Shared secret: " . gmp_strval($shared, 10).PHP_EOL;
# The shared key is never used directly, but used with a key derivation function (KDF)
$kdf = function (GeneratorPoint $G, \GMP $sharedSecret) {
$adapter = $G->getAdapter();
$binary = $adapter->intToFixedSizeString(
$sharedSecret,
NumberSize::bnNumBytes($adapter, $G->getOrder())
);
$hash = hash('sha256', $binary, true);
return $hash;
};
$key = $kdf($generator, $shared);
I'm having an issue encrypting my string in C++ and then decrypting in PHP. On the C++ side, I think everything is going fine. Below is my code for the C++ side.
unsigned char inbuffer[1024];
unsigned char outbuffer[1024];
unsigned char oneKey[] = "abc";
AES_KEY key;
AES_set_encrypt_key(oneKey, 128, &key);
string straa("hello world\n");
memcpy((char*)inbuffer, straa.c_str(), 13);
AES_encrypt(inbuffer, encryptedbuffer, &key);
LPCSTR pszSource = (LPCSTR)encryptedbuffer;
DWORD nDestinationSize;
if (CryptBinaryToString(reinterpret_cast<const BYTE*> (pszSource), strlen(pszSource), CRYPT_STRING_BASE64, nullptr, &nDestinationSize))
{
LPTSTR pszDestination = static_cast<LPTSTR> (HeapAlloc(GetProcessHeap(), HEAP_NO_SERIALIZE, nDestinationSize * sizeof(TCHAR)));
if (pszDestination)
{
if (CryptBinaryToString(reinterpret_cast<const BYTE*> (pszSource), strlen(pszSource), CRYPT_STRING_BASE64, pszDestination, &nDestinationSize))
{
printf("OUT: %s", pszDestination); // Base64 encoded output of encrypted string
}
}
}
This is my PHP code:
$iv = openssl_random_pseudo_bytes(openssl_cipher_iv_length('AES-256-CBC'));
$out = openssl_decrypt(base64_decode("G6g0f/K7EzAw8fxn9BTFzw=="), 'AES-256-CBC', "abc", OPENSSL_RAW_DATA, $iv);
echo $out;
There is no output from the PHP code.
The C++ code would output the following:
OUT: G6g0f/K7EzAw8fxn9BTFzw==
CBC mode, the mode used in the PHP code, does require an iv and it must be the same as the one used for encryption, also the modes must be the same for both encryption and decryption. For CBC mode you need to supply a block sized iv (16-bytes for AES). The encryption key also should to be the correct size.
The iv is not explicitly set in the C++ code and the mode and padding use the default, it is always better to expel;icitly specify all parameters. The iv should be random for each encryption.
You might consider RNCryptor, it is multi language and platform and handles all the details.
T am trying to use HMAC to hash a data string but for some reason my PHP and Python scripts results are not consistent... I can't figure out why.
The one that is technically working is the Python script and although I get results from PHP script, the hex returned is incorrect.
UPDATE -- one thing i'v noticed is if i am using a single line for the data then the results are identical. The mismatch seems to occur when there is multi-line data.
Python demo script here
https://repl.it/BBDH/2
Result:
f54617eadc7c037b4ed484103bb21426994110a9
import hashlib
import hmac
import base64
key = b"M0u$t4fa#1Kh-Key"
csr = """-----BEGIN NEW CERTIFICATE REQUEST-----
MIICtzCCAZ8CAQAwcjELMAkGA1UEBhMCQVUxETAPBgNVBAgMCFZpY3RvcmlhMRIw
EAYDVQQHDAlNZWxib3VybmUxDzANBgNVBAoMBk1LVEVTVDELMAkGA1UECwwCSVQx
HjAcBgNVBAMMFWRuc3Rlc3QzLnNzbHRlY2hzLmNvbTCCASIwDQYJKoZIhvcNAQEB
BQADggEPADCCAQoCggEBAM1Ik2SS1F4NgizKXCqpiliR/c285HtcLKFD6OcJO6d6
v8n+1B7R1ovUqRyoM4qsLAVVHshvsuqxbD7sLmcEfh/akee+CGLqgSNSw913IBWL
WRtBRhVTd6gvTQY4KqpEgRShnua179Cbb/cQLsFhHhog/IfD0JWwdRWLqn3rzQcI
xzAsOkTJSarAt/QPS5fq1Hk978iQ0QAxtEssaX+0Xcq7ZyJGkHRyW3cBoynSQAYz
RNGBFTFB+z/qiAkKWwRs61cnKub9Grz6Adw931zuYICW0EaWdBGdc15cUkvI6RF4
xqhzmHBTZLQZDcP9vYrE/biVvX2GVNKpO1hd0i7iOTcCAwEAAaAAMA0GCSqGSIb3
DQEBCwUAA4IBAQBPmct14B0f7HkMar8Ogf1wgo7jXyFytW7tfj3exTsyBC/5ShGv
1Xx//H8I5ecb5N6EflyXmaFiWM4ybQduhVyKzNxlU8i5ug/msdpxQhj3rZ7WO6Xb
O8b5oj5e/8V1RmmsjC9dDFA/A8/JgAbrOn2CtCJrgRtl1LFBtaFRonfaRbuzcVSE
e1qdKoPY2UNK7cd3Hv/pkkorUJd89YREFZatyvU/b89fjNaPzjvtljxGadeIX5WO
7sQwMyHCSknWZPY4BYaiMf6jZ8TjXOCyIHQ3bdiDSiJlUEXvgz2yhF6Uue6aTvhR
Q85mPbtxXP+JXiZgSuT0Q6n7qN1b1mbZJgwk
-----END NEW CERTIFICATE REQUEST-----""".encode('utf-8')
hashed = hmac.new(key, csr, digestmod=hashlib.sha1).hexdigest()
print("HMAC (hex) =", hashed)
PHP demo script here
https://repl.it/BBDF/2
Result:
e978d0d10b814e486592ed608b5f16d095a9affa
$key = 'M0u$t4fa#1Kh-Key';
$data = '-----BEGIN NEW CERTIFICATE REQUEST-----
MIICtzCCAZ8CAQAwcjELMAkGA1UEBhMCQVUxETAPBgNVBAgMCFZpY3RvcmlhMRIw
EAYDVQQHDAlNZWxib3VybmUxDzANBgNVBAoMBk1LVEVTVDELMAkGA1UECwwCSVQx
HjAcBgNVBAMMFWRuc3Rlc3QzLnNzbHRlY2hzLmNvbTCCASIwDQYJKoZIhvcNAQEB
BQADggEPADCCAQoCggEBAM1Ik2SS1F4NgizKXCqpiliR/c285HtcLKFD6OcJO6d6
v8n+1B7R1ovUqRyoM4qsLAVVHshvsuqxbD7sLmcEfh/akee+CGLqgSNSw913IBWL
WRtBRhVTd6gvTQY4KqpEgRShnua179Cbb/cQLsFhHhog/IfD0JWwdRWLqn3rzQcI
xzAsOkTJSarAt/QPS5fq1Hk978iQ0QAxtEssaX+0Xcq7ZyJGkHRyW3cBoynSQAYz
RNGBFTFB+z/qiAkKWwRs61cnKub9Grz6Adw931zuYICW0EaWdBGdc15cUkvI6RF4
xqhzmHBTZLQZDcP9vYrE/biVvX2GVNKpO1hd0i7iOTcCAwEAAaAAMA0GCSqGSIb3
DQEBCwUAA4IBAQBPmct14B0f7HkMar8Ogf1wgo7jXyFytW7tfj3exTsyBC/5ShGv
1Xx//H8I5ecb5N6EflyXmaFiWM4ybQduhVyKzNxlU8i5ug/msdpxQhj3rZ7WO6Xb
O8b5oj5e/8V1RmmsjC9dDFA/A8/JgAbrOn2CtCJrgRtl1LFBtaFRonfaRbuzcVSE
e1qdKoPY2UNK7cd3Hv/pkkorUJd89YREFZatyvU/b89fjNaPzjvtljxGadeIX5WO
7sQwMyHCSknWZPY4BYaiMf6jZ8TjXOCyIHQ3bdiDSiJlUEXvgz2yhF6Uue6aTvhR
Q85mPbtxXP+JXiZgSuT0Q6n7qN1b1mbZJgwk
-----END NEW CERTIFICATE REQUEST-----';
$hmac = hash_hmac('sha1', $data, $key);
echo "HMAC (hex) = ".$hmac;
Shevron was right: line ending are differents.
Just add: $data = str_replace("\r\n", "\n", $data); before computing the hash.
Here is the corrected rept.it file.
https://repl.it/BBDF/4