I have a private key and encrypted string. Actually string has been encrypted using .NET modules. Now I need to decrypted the string . I tried in php but it throws me following error
openssl_private_decrypt(): key parameter is not a valid private key
I tried in perl but there it takes its own private key, But it need to use my own private key, which has been generated in our server.
Please suggest me on this issue to overcome. PHP ,Ruby , Perl Solution would be more helpful.
$crypttext="gKL/n5hkBg4jyjrLRqjQbf9gAS3xnbp1xmCmamPO33fW21JAJtlVQHYR6O1dOw3tfobMe/0uXm/kgivae9zHNey4Wt3UGzPwosUrx7V8zhC97AXya2tuENO1Fmc4Z8l9+UalwtUZxMGtl3Ua9DYuvxLP/TuavgRNpmG6eemGPag=";
$fp=fopen("private.pem","r");
$priv_key=fread($fp,8192);
fclose($fp);
openssl_private_decrypt(base64_decode($crypttext ),$newsource,false ) ;
echo "String decrypt : $newsource"**;
Private Key
<BitStrength>1024</BitStrength><RSAKeyValue><Modulus>t2G2WWIal1EinPn54ZPc3S1UgGTDxr6RFc+XEMR723VSg9toU8lSfTD7C26bUcbDxBwP1/1MbdQcx/dKX+7UlB5z79vrwfT89rUZGWeH7VZvuAawtHURgucyGMhqAZ9NxDEAl5Uo3nsNL9j1JlSBfeZf8pU5sf70KezqJTRsfrE=</Modulus><Exponent>AQAB</Exponent><P>82dZbOjQCJ7NV6EuVJXqPlh4FB65LBL1w9696sKFZuIr8refGwTZOY05se6oHbT9mn8OFXVA6A/wmz7oWNPk9w==</P><Q>wN8uixNk73DIF2SHb0aunnW5XxAIq3KxeQKoUTBAzL7BqXmKjk6XDnfxDbybmcT51wGhiO20lGg51zuxnsPXlw==</Q><DP>Kv4+VXZqCJvEOY5G2LoCPjDyRNuIabiPoKFfenARkDKzAJReji81D21am4tENrsZcIiwvCmR5WurXECoWchT0Q==</DP><DQ>qGRzW4O0VYVvfVUNFi9tF/aKwR/boe0CXDfgwvnRKbHGnfP67+JX6o73zFmGtQuQYpMO+OEpD4WsMmnw2z/7ww==</DQ><InverseQ>czq4+xiiVxb63ZtKwkxyJoDLFH0f18YlfFQTrEoAx7UE9HdjOjsJFpZ54g0yK3/S/yVgIXPwMcw6LU1QvqazPg==</InverseQ><D>Ktp/tWWSlzfToeFcvpVCMMGOFK73fTM9Tl6Di9yOoRtKnBuixqmuSCkxEVvYmgSb7PEt1qiPur6ttyEX1VFHhaugTr3aVhUpF+k7ULaHrCb8UymXXW3pp/yl/QOMPWuNKVv/GU3aQ3VTc3WUaYuOnaIkJk7uoYDQn0QqWtxtT60=</D></RSAKeyValue>
phpseclib, a pure PHP RSA implementation, supports XML private keys in this format. Usage example:
<?php
include('Crypt/RSA.php');
$rsa = new Crypt_RSA();
$rsa->loadKey('...'); // private key
echo $rsa->decrypt($ciphertext);
?>
you need to convert the key and actually use it:
$crypttext="gKL/n5hkBg4jyjrLRqjQbf9gAS3xnbp1xmCmamPO33fW21JAJtlVQHYR6O1dOw3tfobMe/0uXm/kgivae9zHNey4Wt3UGzPwosUrx7V8zhC97AXya2tuENO1Fmc4Z8l9+UalwtUZxMGtl3Ua9DYuvxLP/TuavgRNpmG6eemGPag=";
$priv_key = openssl_pkey_get_private("file://path/to/private.pem");
openssl_private_decrypt(base64_decode($crypttext ), $newsource, $priv_key ) ;
echo "String decrypt : $newsource"**;
A solution is to generate a key in the format PHP expects (.pem file, I think the format is called DER ASN.1 but I'm not sure), using openssl (under linux usually), and then convert it, still using OpenSSL, to a format that .NET can read. See this SO answer for more details.
Under Linux:
openssl genrsa -out private.pem 1024
openssl rsa -in private.pem -out public.pem -pubout
openssl req -nodes -x509 -days 3650 -subj '/CN=www.example.com/emailAddress=info#example.com' -new -key private.pem -out certificate.crt
openssl pkcs12 -export -out certificate.pfx -inkey private.pem -in certificate.crt
Under .NET:
// Get the public key
X509Certificate2 pubCertificate = new X509Certificate2("certificate.crt", "passphrase", X509Certificates.X509KeyStorageFlags.Exportable);
RSACryptoServiceProvider public = (RSACryptoServiceProvider)(pubCertificate.PublicKey.Key);
System.Console.WriteLine(public.ToXmlString(false));
// Get the private key
X509Certificate2 privCertificate = new X509Certificate2("certificate.pfx", "passphrase", X509Certificates.X509KeyStorageFlags.Exportable);
RSACryptoServiceProvider private = (RSACryptoServiceProvider)(privCertificate .PrivateKey);
System.Console.WriteLine(private.ToXmlString(true));
Related
So I have a certificate in pem format (mycert.pem), from which I only need to extract the public key.
openssl x509 -in mycert.pem -pubkey -noout gives me a public key. However, it seems to be the base64 encoded string of the entire subject public key info.
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (256 bit)
pub:
04:6e:af:3c:7d:4c:a3:1a:81:f0:ae:14:45:16:67:
38:5b:09:4d:9e:55:f8:e2:f2:ba:e4:55:28:f6:31:
d8:25:c3:2d:f9:a2:d5:62:ba:eb:17:5f:1d:ad:99:
50:e4:a6:bd:eb:9b:44:18:0f:72:ae:bd:fb:87:1f:
82:dd:98:be:25
ASN1 OID: prime256v1
NIST CURVE: P-256
However, I'm only interested in the "raw" public key part pub:
04:6e:af:3c:7d:4c:a3:1a:81:f0:ae:14:45:16:67:
38:5b:09:4d:9e:55:f8:e2:f2:ba:e4:55:28:f6:31:
d8:25:c3:2d:f9:a2:d5:62:ba:eb:17:5f:1d:ad:99:
50:e4:a6:bd:eb:9b:44:18:0f:72:ae:bd:fb:87:1f:
82:dd:98:be:25
How can I extract (dynamically!) the relevant information? It is important to have an approach that works for any certificate, not just the example presented.
My implementation is in php, so ideally I'll find a solution using phpseclib or openssl functions. But understanding how it works with openssl via the command line, for example, also helps. Thank you.
I have this application to encrypt a MP3 audio clip using a public key (public.pem) and then decrypt using a private key (private.key). I tried the following method but the encrypted file returns as a 0 byte file. No errors returned.
exec("openssl genrsa -out private.key 2048");
exec("openssl rsa -in private.key -out public.pem -outform PEM -pubout");
$public_key = file_get_contents('./public.pem');
$private_key = file_get_contents('./private.key');
$source = "./sample.mp3";
$dest = "./sample.mp3.enc";
$data = file_get_contents($source);
openssl_public_encrypt($data, $output, $public_key, OPENSSL_NO_PADDING);
file_put_contents($dest, $output);
How can I do this? There are PHP examples to encrypt text but not files using this private/public key way.
As commented by #Peter the datasize using RSA encryption is limited (depends on RSA keysize) to plaintext lengths of about 60 to 400 bytes only.
To solve the problem of encrypting a file (here a MP3-file of about 5 mb) you need to switch to a hybrid encryption as recommended by #Topaco.
Indeed, there are fewer examples for this in public so I wrote a very simple program that does what it promises to do.
The program generates a random encryption key (length 32 bytes for AES-256), a random initialization vector ("iv", 16 bytes long for AES CBC mode) and then encrypts the key with the public key with RSA padding PKCS1_OAEP_PADDING. It writes the encrypted key, the iv and the ciphertext to a file.
For decryption the (encrypted) key is read (256 bytes long) from the file, followed by the iv and the encrypted data. Then the encrypted key is decrypted with the private key and used for the final decryption with AES. In the end the decrypted data is written to a file and voilà - the file is playable.
NOTICE: The main problem in my code could be the loading of the complete files (e.g. original mp3-file on encryption and encrypted file on decryption side)
into memory before they get encrypted or decrypted - e.g. having an uncut mp3-file of hundreds of mb size may cause an ""out of memory error" - beware of this.
Security warning: this file comes with absolute NO exception handling and is for educational purpose only!.
The code will load the private and public keys from actual directory as well as the mp3-file processing takes place in this memory.
The output is short:
PHP OpenSSL RSA & AES CBC 256 hybrid encryption
encryption finished
decryption finished
here is the - beware of the limitations and security warning:
<?php
// hybrid encryption
// https://stackoverflow.com/questions/64693606/php-encrypt-a-file-using-public-key-and-decrypt-using-private-key
echo 'PHP OpenSSL RSA & AES CBC 256 hybrid encryption' . PHP_EOL;
// get filenames
$plainfile = "./whateverittakes.mp3";
$cipherfile = "./whateverittakes.mp3.enc";
$decryptedfile = "./whateverittakesdec.mp3";
// attention: it is a RSA PRIVATE KEY !
// key generation:
// openssl genrsa -out private.key 2048
// openssl rsa -in private.key -out public.pem -outform PEM -pubout
// load private & public key
$public_key = openssl_pkey_get_public(file_get_contents('./public.pem'));
$private_key = openssl_pkey_get_private(file_get_contents('./private.key'));
// generate random aes encryption key
$key = openssl_random_pseudo_bytes(32); // 32 bytes = 256 bit aes key
// now encrypt the aes encryption key with the public key
openssl_public_encrypt($key, $encryptedKey, $public_key, OPENSSL_PKCS1_OAEP_PADDING);
// save 256 bytes long encrypted key
file_put_contents($cipherfile, $encryptedKey);
// aes cbc encryption
// generate random iv
$iv = openssl_random_pseudo_bytes(16);
// save 16 bytes long iv
file_put_contents($cipherfile, $iv, FILE_APPEND);
$data = file_get_contents($plainfile);
$cipher = openssl_encrypt($data, 'AES-256-CBC', $key, OPENSSL_RAW_DATA, $iv);
// save cipher
file_put_contents($cipherfile, $cipher, FILE_APPEND);
echo 'encryption finished' . PHP_EOL;
// decryption
// read the data
$handle = fopen($cipherfile, "rb");
// read 256 bytes long encryptedKey
$decryptionkeyLoad = fread($handle, 256);
// decrypt the encrypted key with private key
openssl_private_decrypt($decryptionkeyLoad, $decryptionkey, $private_key, OPENSSL_PKCS1_OAEP_PADDING);
// read 16 bytes long iv
$ivLoad = fread($handle, 16);
// read ciphertext
$dataLoad = fread($handle, filesize($cipherfile));
fclose($handle);
$decrypt = openssl_decrypt($dataLoad, 'AES-256-CBC', $decryptionkey, OPENSSL_RAW_DATA, $ivLoad);
file_put_contents($decryptedfile, $decrypt);
echo 'decryption finished' . PHP_EOL;
?>
I think good way is convert you'r file to byte after that encrypt byte and where you need it decrypt it.
Try :
How to convert base64 string into an audio mp3 file?
and after that use OpenSSL function of php for encrypt and decrypt string(byte) file with private and public key !
I think this is good resource:
https://www.geeksforgeeks.org/how-to-encrypt-and-decrypt-a-php-string/
I'm using OpenSSL to encode a string using the following command:
openssl enc -des3 -md md5 -pass pass:mypass -out outfile <<< mytext
It results with salted encoded strings, i can decode it with following command:
openssl enc -d -des3 -md md5 -pass pass:mypass -in outfile
But PHP fails to decode it:
<?php
$secret='mypass';
$key = md5($secret, true);
$key .= substr($key, 0, 8);
echo openssl_decrypt(file_get_contents('outfile'), 'des', $key, OPENSSL_ZERO_PADDING | OPENSSL_RAW_DATA);
Can anyone can provide me a sample code to decode encrypted file given as above using PHP?
Many thanks
Because I'm trying to convert a piece of PHP code to Python I'm trying to find out what the PHP function openssl_private_encrypt() does exactly.
I'd like to be able to reproduce what openssl_private_encrypt() generates with OpenSSL directly, but for some reason I'm not getting the same results. What is openssl_private_encrypt() doing with OpenSSL exactly?
OpenSSL's RSA_private_encrypt() is being used by PHP's openssl_private_encrypt() according to the PHP source code. The same OpenSSL method is being used by openssl rsautl -sign according to a different source. The same (default) padding -pkcs is also being used. Yet I can't seem to reproduce the same encryption result.
The following PHP code:
$key = "-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEA1tV0KlPGaeOnhlcYy3D5dr4Yd++Jz0puBBs8GIa4ammLqaoY
7Xo4J/jp9El3eK2GjwR82uXMNrICZKT0gU4k7LfXD5GUz5TqOfMIWSIM1mKPb67L
Xg5qfJ/8/cLY1RguzImd+ONQJ+MOtjtxE5BXq2luNL9k2Qw1aEhQR22xyzPPBwD9
0nCLhiq56lVXrG10+W9wMdNwtxTLc4hf3OF8IwEActV+Yw9xU8FuJnuAgovaFRQ2
/UC5OhPZckxhGoYJ7J5GSFBTNTuOuwyR/mGWXxgMNS/aQVOwK/+m7JWlwgOT5BdU
qL4ctk7rzRCWLdPhu0UmOxfHJMzjnqoXIWtL7wIDAQABAoIBAQDR2ryYxDDjKuBw
GBA+WmM1HMgmEDVb6ebB2CDCDIeEWwl0eJXVFDhaw4k1ebZciZURi16zLRpoq0Yv
LfsxfDYRjhtkN99XTq3mYYLcHqjPmoNmoyZBAHAAwP+OmpDYx8CfSCaqAtI/xEqQ
tEvmwm8BIAHpQLSwWH6rGUhiHcM5K953f5x10xuWSOH6xlAzdkLbjgN70aOQEbxw
703mKznw25UPspt89RFQPQDtgUnu76TzUp7jytxiyomj3h0CixTIAZd0OtF4g5kn
clNLCYSTVt2PBvlH/tDgVQ31JwLlzfrkHblTHFB4YNz49rempMGou/X+mHB4y5S1
CiN1LR4hAoGBAOxMywVgVmtPyLCFEetf9N1mWjiPpHsgmm+DxZPleQ8+G3G7Uc94
MO2ZUyEXayjK5L4ZwP/RoZGwo0j9VU1tzpRnjtpZYuRQNpqc3+VSzj3yasgaUh9H
syPyMCHn3H/9Qc4wD4hvRNtTTtESAaA0NM6zBGPOOCbYPelsbrwhcsoZAoGBAOi+
hXPKDhdw+whZZssOlSaZW42qfyGZwHkugRmSGplMHA3yrNGnRyn/CtQNA/r5fe/1
T/3XQy35+OyY7IxduPUUXMk4RAi1w61hr4PFs3MuewVEXUTus6q5gs/gZs1wK1DZ
BIFCHNfUYx6Bnq2O2Ytwvr7AiUlDOZRPddM1dRdHAoGAWiLk4pUgAek6LZNlBXrh
5b5QNfkdDdae8mC6cjL7XcQcJeMFTvWS/F8bJalQOAxE+vrJ8wtc7T0K3CG+cz2q
qlNiW4nzPhIW8h1bDpfqkhixgMkBgGsSO2j70UMnii7p9iPBGRMQmfUKQJf0xM6F
Qj9pMkUMiEy+ORcimmLL7akCgYB2EkkjT4rMi41eU/RY6OHzffM7MBZkllpVX6kw
rrT9teW5kbXoegMZJAB7SMsPJEimVf2pme3Dwj9sz7uZDebJtfXIQtoIzSUirR7c
K4x4z0iriF4EnU/aOVhKWt3sNI5U6nNlm4OEXoOWM02rYH+uRJkPrh83Ynowagst
Bb6L+wKBgQCAQpA7RytBXig/wF95qYtLnDjRAV+CoNldfAMVjB1+xvXgGWsq8jDW
bD9q+bFcGg7KQf7Lp/0VUkgB1p+bWVp+kq2XNfXgmrgzfzFsra95xPb7YJEFFoy1
o/fsQwasOd+ijJsMOWzrAG3eTIz3H3AsBJTed/tiUe5dNvVzmuj5ZA==
-----END RSA PRIVATE KEY-----";
openssl_private_encrypt("narf", $signature, $key);
echo bin2hex($signature);
Gives me:
b8a0b9ed54c4e6e7fb4da1b4180dcf8d56baf7cf4309b99c26f44079f5da
0b1566f8a6bb83d83b7a87078eb34e05b68e91e7a8279241bee16a1d003e
c3a99ebcbc1096b01f9bbe11ab1cce1ffc26ac38d8739efbf077c55ee80b
9afefb737ab816ef5b56e9120861a0fd53f36fb23bda6c545581ea220857
f055408ff7b8a2b4450a77928a9600bb6d053a22fb32d20834240953db3f
e0a31d453a9a2d956d0e7e56ca7849fde44e88c07363779e37ab53ecc7da
e5a91cef2a79232a782b56365937f6d48a351cf33036d8a15a859a47d781
09ac57e6261f8c73f44eb45e776d88182713b92aed359ec2953c01fdcf51
e59fbc4b1835cf4809d59ff95d869be9
While command line:
openssl rsautl -sign -inkey test_rsa -out data_out <<< "narf"
xxd -p data_out
Where test_rsa is the same key as in the PHP code. I get:
bc9d5dc772385965a7889a3e387b6398f3e58811aa0aee4b45a1576c08c2
7cde7e8d3e4b27d7fc350018b6c36f055c047ef9cd9aa8831a315fe5a350
ec271aaafa59f9dd9dda5b1ddf826e0f134785d9753eaabc866b0c716ce2
b7ac71a4ee79a3827cfc73c2169bff8ee7173172d8af8c9630e91d63c430
d308e15a1fb85a7b6fe257836e018102b8e55825c6a1a2413232b9a025a3
ca38e451d49cb04ad8a9be8452f213220d62711417c1e33adcededf9c172
2e87007e3fe25fba093774adfef3d3e72f4b3fa578a5a99721a002e69158
7e48e56ff5477162630739f74a385bb9e65da44821a278f6792e52c0edc8
356393e85b4692f33cd845d3a02760d4
Why aren't the results the same?
The PKCS1 padding uses some random bytes, so the encrypted output is different every time.
Both the PHP and the openssl outputs return the input string 'narf' when run through xxd -r -p|openssl rsautl -verify -inkey test_rsa.
When you use <<< "narf", the input string includes a newline character, which is absent in your PHP code.
If you instead do
echo -n narf | openssl rsautl -sign -inkey test_rsa | xxd -p
the output matches that of your PHP code.
I generate public and private keys for RSA by
openssl genrsa -des3 -out private.pem 2048
openssl rsa -in private.pem -out public.pem -outform PEM -pubout
and use following php code to encrypt and decrypt data.
<?php
$plaintext = 'Hello';
$publicKey = openssl_pkey_get_public('file://public.pem');
$encrypted = '';
if (!openssl_public_encrypt($plaintext, $encrypted, $publicKey))
die('Failed to encrypt data');
var_dump($encrypted);
if (!$privateKey = openssl_pkey_get_private('file://private.pem', '123456789'))
die('Private Key failed');
$decrypted = '';
if (openssl_open($encrypted, $decrypted, $envelope, $privateKey) === FALSE)
die('Failed to decrypt data');
?>
it will encrypt data ,but to decrypt data it doesn't work and show Failed to decrypt data
it will show some thing like following resultstring(256) "y)ù¿5_÷q$çD±!‘[’ÓcÜC$Gèïü*ÞEÇGm>ËÂïQÄ„ð½i=é¨Zs€© |T²»Z”k( ráëµ1,r]o –Òll'T¾i¹Bò}Æ1sËèÝwœÒ„Ä–È‹\1{S'ÆY³Ïà^hŽ™©XO%f7‘Bþ®Ra.ªÜäÆô¼'©³#Ý.H9…ŒÏ\6°ÆýþÆJµ^ðŠØÆr£Ô&ü—Ý*ýÄq ƒÝcÓÚAçOmœi\Ê¿›ãB~ZP1ŒÑÔâ¨S…6—êQ–²x¥^0´Íº(d?G•ÚIWå¡Ä" Failed to decrypt data
If you're using openssl_public_encrypt() to encrypt your data, you need to use openssl_private_decrypt() to decrypt the data.
openssl_open() is for use with openssl_seal().
I'd recommend using the _open() and _seal() variants instead of the _public_encrypt() and _private_decrypt() variants -- the public key mechanisms are intended solely for session key transport and digital signatures. Public-key algorithms are intended for use on random data (or nearly-random data of message digests). Using non-random data with public key algorithms is definitely a mis-use of the algorithms.