stackoom
  简体   繁体   中英

encrypt vs sign, rare output with Crypt_RSA

 原文  2013-04-19 14:27:59       php/ xml/ encryption/ sign/ phpseclib

Question

I am trying to sign a string with: 

$rsa = new Crypt_RSA();
//$rsa->setPassword('*****');
$rsa->loadKey(file_get_contents('i.pem')); // private key
$plaintext = 'f2e140eb-2b09-44ab-8504-87b25d81914c';
$rsa->setSignatureMode(CRYPT_RSA_SIGNATURE_PKCS1);
$ciphertext = $rsa->sign($plaintext);
$reto = base64_encode($ciphertext);

when I verify it locally, with: 

$pubb_key = openssl_pkey_get_public(file_get_contents('instancia_imta_ope.crt'));      
$keyData = openssl_pkey_get_details($pubb_key);
$pkeyy = $keyData['key'];
$rsa->loadKey($pkeyy); // PUBLIC key
echo $rsa->verify($plaintext, $ciphertext) ? 'verified' : 'unverified';

it shows VERIFIED, when I use a tester page with my broker, THIS SAME CODE, doesnt work. It doesnt recover the original string. Trying to use something different, I tried the following weird code: 

$rsa = new Crypt_RSA();
$rsa->loadKey(file_get_contents('i.pem')); // PRIVATE key, IT SHOULD BE PUBLIC
$plaintext = 'f2e140eb-2b09-44ab-8504-87b25d81914c';
$rsa->setEncryptionMode(CRYPT_RSA_ENCRYPTION_PKCS1);
$ciphertext = $rsa->encrypt($plaintext);
$reto = base64_encode($ciphertext);

its weird or not logical, because I am using a private key to encrypt, it is suposed to be the public key, son the target uses its private key, to deencrypt the message. Strangely, this weid code makes the tester page send an OK, it recovers the string. I dont know why. All this is part of a bigger message, which it is finally processed with xml signature, when I process all (adding the xml signature), the other tester page of the broker sends invalid signatures, I can bet that it is because of the weird code. Never mind, question: WHY THE CORRECT CODE (rsa->sign....) DOESNT WORK? WHAT DO YOU THING OF ALL THIS? thanks mario

3 answers

solution1
 2  2013-04-19 15:13:44

So the code works on one machine but not the other? Seems like in that case your .crt files might be different. That said, you don't need to use openssl_* to extract the public key - you can do so with phpseclib just fine. eg. 

<?php
include('File/X509.php');

$x509 = new File_X509();
$cert = $x509->loadX509('...'); // see google.crt

echo $x509->getPublicKey()->getPublicKey();
?>

I'm not really sure what you're asking about with the encryption question.. although normally you'd encrypt with the public key you can do so with the private key as well. They both do the same operation - a modular exponentiation. I can't comment on the tester page since the source to it hasn't been posted.

solution2
 1  2013-04-19 14:30:41

When dealing with encryption and certification. You SIGN using a private key, which guarantees that it came from you (or AN Other holder of the key which should be kept safely in a secure keystore).

You ENCRYPT with a public key, so that only the intended recipient can decrypt (again or AN Other holder of the private key of the asymmetric pair).

This is how SSL works roughly under the hood (skipping the encrypted AES symmetric key part).

solution3
 0  2013-04-19 16:24:42

Example of whole doc (fields truncated for security), SEE UPPERSOCRE COMMENTS PLEASE: 

<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<SolicitudRegistro xmlns="http://www.cidge.gob.mx/SCG/Interoperabilidad"     
IdMensaje="f2e140eb-2b09-44ab-8504-87b25d81914c">
<FechaEnvio>2013-04-19T02:09:08</FechaEnvio>
<Registrante EndPoint="https://200.34.175.46:443/InteropOPE    
/MensajeInteroperabilidadService" Nombre="Institnologia del Agua"  
NombreCorto="IMTA" URI="op.mx">
<DatosDeContacto AreaOficina="Inmatica" 
CorreoElectronico="jbloc.imta.mx"     
Nombre="JoChacon" Puesto="Subdireclecomunicaciones">
<Telefonos>
<Telefono Extension=" " NumeroTelefonico="7773293644"/>
</Telefonos>
</DatosDeContacto>
<CertificadoInstancia>MIIFETCCA/mgAwIBAgIUMDAwMDAwM
</Registrante>
<Reto>         //THIS IS THE STRING SIGNED WITH PRIVATE KEY, is part of info
<CadenaCifrada>Ln0BAsnwrNg6IzjW7hk2c/Nxx/x  //I COPY THIS IN FIRST TESTER AND FAILS
</Reto>                              //UNLESS I USE ENCRYPT CODE WITH PRIV KEY (RARE)
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-
c14n-20010315"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI=""><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09 
/xmldsig#enveloped-signatu
<ds:KeyInfo><ds:X509Data>   
<ds:X509Certificate>MIIFETCCA/mgAwIBAgIUMDAwMDAwMDAwMDAwMDAwMDI1MzMwDQY

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question using phpseclib's Crypt_RSA to encrypt verification code for a bank Crypt_RSA phpseclib3 PHP 8 Issue how to get public key with Crypt_RSA PHP Fatal error: Class 'Crypt_RSA' not found phpseclib Crypt_RSA: Why is public key used for decryption? Unable to create instance of Crypt_RSA using phpseclib PhpStorm Fatal error: Class 'Crypt_RSA' not found (phpseclib) PHP. PEAR. Crypt_RSA error PHP Crypt_RSA encryption produces error in bin2int() How to decrypt data using phpseclib class Crypt_RSA that was encrypted by travist/jsencrypt
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM