stackoom
  简体   繁体   中英

Can an RSA OpenSSL key generated with C/C++ be decrypted with PHP?

 原文  2015-08-01 09:53:31       php/ c++/ c/ openssl/ php-openssl

Question

In a number of situations security software involves the interaction between (desktop) applications and web interfaces. For (RSA) asymmetric encryption we use the C library of OpenSSL (version 1.0.2d at present) and we use the openssl PHP library .

All the standard stuff:

  • private encrypt (C++) data and public decrypt (PHP)
  • public encrypt (C++) data and private decrypt (PHP)

works. And also the other way around: PHP -> C++ and C++ -> PHP

In addition generating an encrypted private key with PHP and decrypting that key with C/C++ also works. But not the other way around: I want to decrypt with PHP a private key that is generated and encrypted with C++. Note: this is different from encrypting/decrypting data with the keys.

The problem seems to be the way C OpenSSL encrypts a private key. It is not enough to know the algorithm with which the key is encrypted (aes-256-cbc in our case). The password is also stretched. The way the key is encrypted by OpenSSL has changed over time. I will give an example how it looks now.

Part of the the header of the private key generated with OpenSSL C/C++ looks like: 

-----BEGIN ENCRYPTED PRIVATE KEY-----
MIISnzBJBgkqhkiG9w0BBQ0wPDAbBgkqhkiG9w0BBQwwDgQI/epYUO8+LygCAggA

Whereas part of the header of a pem-encoded private key generated with openssl PHP looks like: 

-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,372DA3A61BEB36AA

bc9NsTtdfcMW9t9isDPgl86aME223ockk9pIGDduEyrTS7zh1gwHWSWnD2efbxLd

I have tried to use some PHP extensions, like phpseclib , but I still cannot use a private key generated with C OpenSSL in PHP programs. The public keys are not encrypted and they can be exchanged between the two languages without any problem.

For generating RSA keys with C OpenSSL we use the EVP_PKEY structure.

Edited by author on August 12, 2015

In reply to neubert I have generated an encrypted private RSA key with the OpenSSL utility "openssl genpkey": 

OpenSSL> genpkey -algorithm RSA -out c:\temp\test512.pem -aes-256-cbc -pass pass:1234 -pkeyopt rsa_keygen_bits:512

So key length is 512 bits and password "1234".

To get the unencrypted form of the key I used "openssl pkey": 

OpenSSL> pkey -in c:\temp\test512.pem  -out c:\temp\test512naked.pem

Note on Windows the openssl executable is called "openssl.exe".

Here are the keys: 

-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIBrzBJBgkqhkiG9w0BBQ0wPDAbBgkqhkiG9w0BBQwwDgQITePvOJ8u8lECAggA
MB0GCWCGSAFlAwQBKgQQ9gg/UzRleUGcOGK9P18fiASCAWCIo5c7q/HT7IcdtpiJ
y1bTj+SsqAilQIPIf1wtN2VjuVDQMSN35neI2X9TL3H9dNd6BVwJnzkfKbEAKK1+
ipj2KjOIVipctul6QIh9TS+MkGO0ZI+TaMJX4TaoPanLkQ00bOhnFod9W5UHZvVU
EdVx1+9bvvEngFqqweKjAfSySQ6Y9JD3E/ZSg1Bja3c9uLTlYFuMSs6S9iVUimlw
BCJXlfeHL5o331qwpAPjzOFD4ztTsOpnpXIt3y9l53u6UThHMWiTon5NpJgeQGny
GXSWvfZ4mhOjpUixrgFC/VqLjAHNvG9mqC4xoufNK3/QPCMNBsGpJ2gUSoX4/SkA
edUaPFhKRja8f9cvBW6vs67/lvAYjQ2tZOR8l7Jgj5AL3mKi8wyD/QISrJqFDrq6
dYLqyofv+5OJRWtAE4KJEASTVIJktnvTaxTI7gB+cRp/BHdDLvrTmfZ7UbI9Zx+K
ZLia
-----END ENCRYPTED PRIVATE KEY-----

and 

-----BEGIN PRIVATE KEY-----
MIIBVAIBADANBgkqhkiG9w0BAQEFAASCAT4wggE6AgEAAkEAqxGy/AXwTEvx+moN
eRMNO/bWYBE+dX7kNROzswC2SzO6+NgYqKKIkYb8+Iho2ssuoYVWc62Gk37gxEhi
QrIDRQIDAQABAkEAlsA1I0S0evfeGNfGYbC5U+N1DRmFGhOlVWS0UgVJn8BYIpQI
fjseZ3xXhtfZypzTzc9VZKUJedi3cv7Ju9gqYQIhANzE+XbiytUzBFTzKuRanMEn
o6noJDGiaVktWvbbZEkpAiEAxl5VedZ1PCU5Qpd+1u7agIZfSBwWnkI0nnxO5Slo
AL0CIEWc0rCbGKwbVx1WQ8sXi2AYmLHFokwIU0GsXIeEbF3pAiALvbOjdX0U5UMh
XOQmBpcqOknTc84m6dZBdywYRj4gpQIgfg/KLv7cv/mGoe8tvh3geYTpnZ2HRwDN
O9Kal0WOaiw=
-----END PRIVATE KEY-----

1 answers

solution1
 1  2015-08-07 15:08:20

The -----BEGIN ENCRYPTED PRIVATE KEY----- key is PKCS8 encoded. The symmetric cipher being used (and the IV) is embedded in the key. phpseclib currently only supports pbeWithMD5AndDES-CBC. The pbe part means that it's using PBKDF1. Maybe that's what your key is using, too, hard to say.

Basically, if you can generate another identical key and post it - along with the password to unlock it - that'd be helpful. I can add support to that cipher / pbkdf to phpseclib.

If you want to try modifying phpseclib yourself feel free to do so. Check the following switch statement:

https://github.com/phpseclib/phpseclib/blob/1.0.0/phpseclib/Crypt/RSA.php#L1225

But like I said, tho - I can do it too - I just need you to provide the key (or an identically formatted one!)

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question The RSA public key generated by C# is an XML file. How can the public key be decrypted or converted in PHP? AES-128-CBC encryption with OpenSSL/C++ and PHP/Mcrypt: the 1st block is decrypted only Converting an OpenSSL generated RSA public key to OpenSSH format (PHP) C# RSA Encryption to PHP Decryption using PHP OpenSSL public key Decrypted text generated by rsa Can not import RSA keys generated with php openssl to windows CryptoAPI OpenSSL inconsistency in C++ and PHP openssl encryption in c++ and php PHP AES encryption that can be decrypted by openssl Sign a string with rsa private key in c# and verify it with openSSL
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM