I'm trying to secure communication between a JS front-end and a PHP backend by using symmetric and asymmetric encryption. I'm creating a symmetric key on the client and encrypting it with the server's public key with JSEncrypt and sending it to the server for future use. However, I'm getting stuck when I get the data on the server side. openssl_open requires an envelope to decrypt the symmetric key and I'm not even positive what data is supposed to be in the envelope. I was under the impression that the envelope is the symmetric key that was encrypted with the public key, but using that has not worked. I've also tried different combinations of decoding as I've read that JSEncrypt encodes the message in base 64 and the key in hex, but those attempts are fruitless as well.
JS encryption code:
let pub = "-----BEGIN PUBLIC KEY-----...-----END PUBLIC KEY-----";
//I have a function that just creates a random string of characters
let key = generateKey(32);
let aesData = CryptoJS.AES.encrypt( "test", key );
let symKey = aesData.key + ":::" + aesData.iv;
let msg = aesData.toString();
let rsa = new JSEncrypt();
rsa.setPublicKey( pub );
let cryptKey = rsa.encrypt( symKey );
//I'm passing the data through a hidden form field
$("#key").val(cryptKey + ":::" + msg);
PHP decryption code:
$key = openssl_get_privatekey( file_get_contents( $_SERVER["PRIV_KEY"]) );
$encryptedKey = explode( ":::", $msg )[0];
$realMsg = base64_decode(explode( ":::", $msg )[1]);
openssl_open($realMsg, $decrypted, $encryptedKey, $key);
return $decrypted;
The code above outputs nothing because the openssl_open call fails (returns false). When I base 64 decode the $encryptedKey variable, I get:
�vEi���pΕ��d_���#����욲JE��
but the symmetric key changes every time, so the output changes every time as well. Like I said, I've tried different encoding combinations, but they all return similar nonsense. As the JS code shows, I've encrypted the message "test".
I've never implemented encryption before, so I might be way off the mark here, but after staring at this code for days, any insight would be appreciated.
Edit: I'm having problems decrypting with my private key in PHP, not with the symmetric key
Figured it out!!! So, I found out that PHP has a function to decrypt without needing an envelope called openssl_private_decrypt that uses a private key to decrypt a message. By using that function and base 64 decoding the encrypted key, I am able to decrypt the symmetric key on the server side and will hopefully be able to decrypt the message symmetrically now. For those interested, my code on the server side is:
$key = openssl_get_privatekey( file_get_contents( $_SERVER['PRIV_KEY'] ) );
$encryptedKey = base64_decode(explode( ":::", $msg )[0]);
if( openssl_private_decrypt($encryptedKey, $decrypted, $key) )
{
return $decrypted;
}
return $encryptedKey;
And on the client side, my code is the same as it was above. Hope this helps someone!
Related
I am trying to send a data to an API. They wants it as encrypted before send it over.
The documentation says:
Generate a private key using AES algorithm(with SHA-1 HMac function by PKCS 5 V2.0 Scheme - I DON'T know what this means.
Encrypt the data with this key (data is json_string) (PADDING_PKCS1 = 11 and key length is 2048bit)
Encrypt the private_key using RSA algorithm with the public key(they gave us a pem file)
Then send this encrypted datas in a json format.
They also gives a dll file. So I decompiled it, and it uses a library called BouncyCastle.
Their function is basicly does this;
this.aesService.GenerateKey(password_variable, salt_file_contents_as_bytes); (they gives that both)
byte[] data1 = this.aesService.Encode(json_string);
byte[] data2 = this.rsaService.Encode(this.aesService.GetAesKey(), reads_public_keys_data_as_byte);
// and some http requests nothing special
What I tried is;
1- generated a key using openssl_pbkdf2 function with their password and salt
$key = openssl_pbkdf2($password, $salt, 32, 20000, 'sha1');
2- encrypted the data with this key with openssl_encrypt function
$encryptedJson = openssl_encrypt($json_string, "AES256", $key);
3- encrypted the key that I generate with their public key with openssl_public_encrypt function
openssl_public_encrypt($key, $encryptedAes, $public_key, OPENSSL_PKCS1_PADDING);
4- convert this results to hex with bin2hex function and send it to them
$jsonData = bin2hex($encryptedJson);
$keyData = bin2hex($encryptedAes);
But it returns error (says invalid object -I don't know what this means). I asked them about it but they didn't reply yet.
What I want to ask you is:
Am I doing it right? Am I using the right functions for this operations?
EDIT:
They still didn't reply back. But I just added the IV to the the start of the encrypted data returned by the openssl_encrypt function and convert it to hex. Voilà! It worked.
I am trying to do the equivalent of the php seal function.
What I have is a string to encrypt, a public key and a randomly generated secret key, and I have to encode the string using the 'rs4' algorithm.
So far I managed to encode the string with the crypto functions:
var password = crypto.randomBytes(128);
var cipher = crypto.createCipher('rc4', password);
var crypted = cipher.update(text,'utf8','base64');
crypted += cipher.final('base64');
But somehow, I need to include in the encryption the public x509 certificate.
Can someone point me in the right direction?
RC4 is not a public key encryption system. You're looking for (in order of preference):
node-sodium
RSAES-OAEP with MGF1+SHA256 and e = 65537
Also, for secret-key cryptography, don't use RC4.
In the end I didn't find any way of achieving the same encryption in node, so I just called a php cli script from node that sent the data to be encrypted, and read the stdout for the encrypted base64 result :(
I'm working on replacing a legacy system that (among other things) receives SHA1 hashes of arbitrary files and signs them using a private key with a simple PHP web service.
It should look something like that:
$providedInput = '13A0227580C5DE137C2EBB2907A3F2D7F00CA71D';
// pseudo "= sha1(somefile.txt); file not available server side!
$expectedOutput = 'DBC9CC4CB0BECEE313BB100DD1AD39AEC045714D72767211FD574E3E3546EB55E77D2EBFE33BA2974BB74CE051608BFF45A73A52612C5FC418DD3A76CAC0AE0C8FB3FC6CE4F7A516013A9743A36424DDACFE889B3D45E86E6853FD9A55B5B4F0F0D8A574A0B244C0946A99B81CCBD1A7AF7C11072745B11C06AD680BE8AC4CB4';
// pseudo: "= openssl_sign(file_get_contents(somefile.txt), signature, privateKeID);
For the sake of simplicity I'm using PHP's built in openssl extention. The problem I'm running into is that openssl_sign seems to SHA1 hash the input data again internally according to this German manual entry on openssl_sign. The English entry is missing that info for some reason.
This produces the expected output ...
$privateKeyID = openssl_get_privatekey(file_get_contents($privateKey));
openssl_sign(file_get_contents("x.txt"), $signature, $privateKeyID);
var_dump(bin2hex($signature));
... but since I don't have access to the actual input files on server side it's not very helpful.
Is there a way around the additional hashing without 3rd party libs? I already tried to simply encrypt the hash received, but from How to compute RSA-SHA1(sha1WithRSAEncryption) value I understand encrypting and signing produce different output.
Update to make things more clear:
I'm recieving an SHA1 hash as input and the service has to convert it to a valid signature (using a private key) that can simply be verified using openssl_verify. The clients are out of reach, so changing their implementation is not possible.
From How to compute RSA-SHA1(sha1WithRSAEncryption) value:
If you reproduce this EM and use RSA_private_encrypt, then you will get the correct PKCS#1 v1.5 signature encoding, the same you would get with RSA_sign or even better, using the generic EVP_PKEY_sign.
I figured I could simply implement the DER encoding myself according to this specification, but the result (EM) seems too long to be encrypted with my key
// 1. Apply the hash function to the message M to produce a hash value H
$H = hex2bin($input); // web service receives sha1 hash of an arbitrary file as input
$emLen = 128; // 1024 rsa key
// 2. Encode the algorithm ID for the hash function and the hash value into
// an ASN.1 value of type DigestInfo
$algorithmIdentifier = pack('H*', '3021300906052b0e03021a05000414');
$digest = $H;
$digestInfo = $algorithmIdentifier.$digest;
$tLen = strlen($digestInfo);
// 3. error checks omitted ...
// 4. Generate an octet string PS consisting of emLen - tLen - 3 octets
// with hexadecimal value 0xff. The length of PS will be at least 8
// octets.
$ps = str_repeat(chr(0xFF), $emLen - $tLen - 3);
//5. Concatenate PS, the DER encoding T, and other padding to form the
// encoded message EM as
$em = "\0\1$ps\0$digestInfo";
if(!openssl_private_encrypt($em, $signature, $privateKeyID)) {
echo openssl_error_string();
}
else {
echo bin2hex($signature);
}
Output:
Error:0406C06E:rsa routines:RSA_padding_add_PKCS1_type_1:data too large for key size
Any hints?
UPDATE
As you can see in code below openssl_verify return 1 for result of openssl_sign and even for openssl_private_encrypt result. I tested it on my machine. This solution will work only if sha1 digest in digital signature is used.
// Content of file
$data = 'content of file somewhere far away';
// SHA1 hash from file - input data
$digest = hash('sha1', $data);
// private and public keys used for signing
$private_key = openssl_pkey_get_private('file://mykey.pem');
$public_key = openssl_pkey_get_public('file://mykey.pub');
// Encoded ASN1 structure for encryption
$der = pack('H*', '3021300906052b0e03021a05000414') . pack('H*', $digest);
// Signature without openssl_sign()
openssl_private_encrypt($der, $signature, $private_key);
// Signature with openssl_sign (from original data)
openssl_sign($data, $opensslSignature, $private_key);
// Verifying - both should return 1
var_dump(openssl_verify($data, $signature, $public_key));
var_dump(openssl_verify($data, $opensslSignature, $public_key));
I just captured DER encoded structure by decrypting openssl_sign() result.
ORIGINAL ANSWER
openssl_sign() creates digest from data because this is how digital signature works. Digital signature is always encrypted digest from data.
You can use openssl_private_encrypt() and openssl_public_decrypt() on your sha1 digest with no fear. In general, it is the same thing but yes, there is a difference. If you encrypt something on your own, the encryption process does not care about data and just encrypts them. It is on you to know that what you will decrypt later is sha1 digest for some data. In fact, it is just data encryption with private key, not true digital signature.
openssl_sign() creates digest from data and encrypts information about kind of digest and digest itself (this is ASN.1 DER structure from your link). This is because openssl_verify() needs to know what kind of digest was used when signing.
According to the English page of openssl_sign:
bool openssl_sign ( string $data , string &$signature , mixed $priv_key_id [, mixed $signature_alg = OPENSSL_ALGO_SHA1 ] )
I think the obvious suggestion is to use OPENSSL_ALGO_SHA256. See openssl_get_md_methods for a list of the supported algorithms.
I am trying to use the PHP function openssl_private_encrypt() to encrypt an uploaded file prior to saving it (see code snippet below), however it's bool is returning false and the encrypted content return is returning nothing. No errors are being displayed or reported.
$data = file_get_contents($_FILES['files']['tmp_name'][0]);
openssl_private_encrypt($data,$encrypted,$key);
$hash = sha1($encrypted);
file_put_contents('/path/to/folder/'.$hash,$encrypted);
Does anyone have any ideas as to why this isn't working?
Thanks
I'm not sure about PHP but in C/C++(OpenSSL) asymmetric encryption(RSA mainly) works on data with length less than the key size. And normally it is used to encrypt hash values. If you want to encrypt large(more the ~256 bytes)amount of data you'd better use some symmetric(block) cipher like AES or TriDES. Symmetric ciphers are much faster by the way.
PS Sorry I don't have enough reputation to put this post into comments.
You should proper initialize private key (http://pl1.php.net/manual/en/function.openssl-pkey-get-private.php)
$key = openssl_pkey_get_private ('file://path/to/file.pem');
$data = file_get_contents($_FILES['files']['tmp_name'][0]);
openssl_private_encrypt($data,$encrypted,$key);
$hash = sha1($encrypted);
file_put_contents('/path/to/folder/'.$hash,$encrypted);
I'm searching for a way to make a 2 way encryption of a simple text (5 to 6 numbers and/or characters). The catch is that i want to make the encryption in php and then decrypt it via Javascript. For php i've tested using mcrypt_encode and have gotten it to work, hence when i try to decrypt it with javascript (i'm using the Crypto-js library - http://code.google.com/p/crypto-js/ ) i get no results. Here is the php code i'm using:
$key = "oijhd981727783hy18274";
$text = "1233";
$td = mcrypt_module_open(MCRYPT_RIJNDAEL_256, '', MCRYPT_MODE_CBC, '');
$iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($td), MCRYPT_RAND);
$crypttext = mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, $text, MCRYPT_MODE_CBC,$iv);
echo base64_encode($crypttext);
and then here is the Javascript code i'm using:
var encrypted = CryptoJS.enc.Base64.parse("LiJU5oYHXRSNsrjMtCr5o2ev7yDFGZId85gh9MEXPeg=");
var key = 'oijhd981727783hy18274';
var decrypted = CryptoJS.AES.decrypt(encrypted, key);
document.write( decrypted.toString(CryptoJS.enc.Utf8) );
As i'm just testing, i copy/paste the output from the php straight into the JS and see if it would return any results, however that doesnt happen. As i'm new to the encryption/decryption part i might be missing something. Any suggestions will be greatly appreciated.
On a side note, as i read a lot of suggestions here about using other types of communication to transfer the data, that would not be possible in this case, as i need to pass this string to a third party software, which will bring it over on a secure area, where i have access to edit only the javascript, this is why i'm trying to encrypt the text in php and place it inside the website's source, from where the third party software will read it as it is encrypted and will transfer it to the secure section, where i will need to decrypt it back via Javascript (i dont have access to php there).
So, after some more digging i came to the following online encryptor/decryptor which led me to the gibberish-aes at GitHub repository.
Inside one of the comments on the first link i found that this JS library has a php equivalent, which seems to be working reasonably well and is fairly easy to deploy:
https://github.com/ivantcholakov/gibberish-aes-php
So thanks to Lars for the answer he provided, i would encourage him to open the repository, i'm sure he'll make someone's life a little bit easier :)
From the CryptoJS documentation:
For the key, when you pass a string, it's treated as a passphrase and used to derive an actual key and IV. Or you can pass a WordArray that represents the actual key. If you pass the actual key, you must also pass the actual IV.
So in your line
var decrypted = CryptoJS.AES.decrypt(encrypted, key);
"oijhd981727783hy18274" is treated as a passphrase to create a key and not as the actual key.
Passing an IV works like this:
var key = CryptoJS.enc.Hex.parse('000102030405060708090a0b0c0d0e0f');
var iv = CryptoJS.enc.Hex.parse('101112131415161718191a1b1c1d1e1f');
var encrypted = CryptoJS.AES.encrypt("Message", key, { iv: iv });
Some time ago I had the same problem. I finally got to use SlowAES from http://code.google.com/p/slowaes/ with some fixes and ported it to PHP.
Note: The official sources are broken, just as the official PHP port.
Let me know if you're interested. Then I'd open a new repository at GitHub where you can grab everything you need...