Reputation: 13113
openssl_private_decrypt does not return anything PHP
Updates:
openssl_error_string() gives:
error:0407106B:rsa routines:RSA_padding_check_PKCS1_type_2:block type is not 02
error:04065072:rsa routines:RSA_EAY_PRIVATE_DECRYPT:padding check failed
I generate a pair of public key and private key using OpenSSL on my server:
$config = array(
"private_key_bits" => 2048,
"private_key_type" => OPENSSL_KEYTYPE_RSA,
);
$res = openssl_pkey_new($config);
I sent the Base64-encode modulus and exponent to my Android client. My Android client reconstruct the public key from the modulus and exponent received. My Android client then encrypt a message using such key. Lastly, my Android client sends back to the server the encrypted message expecting the server to be able to decrypt it.
I have a simple PHP script on my server to test the decryption of the encrypted message from my Android client:
$sms_message = $argv[1];
$sender_no = $argv[2];
echo "Message received was: '$sms_message' \n";
echo "sender's no was: $sender_no \n";
$parts = array();
$parts = explode(" ", $sms_message);
if (count($parts)==2) {
echo "code: $parts[0] \n";
if (strcmp($parts[0], "smscode")==0) {
echo "measurement: $parts[1] \n";
// retrieve the private key
$keyArr = array();
$keyArr = getKeys();
//
if ($keyArr) {
$privateKey = $keyArr["private"];
echo "$privateKey \n";
// use the private key to decrypt the message
echo openssl_private_decrypt(base64_decode($parts[1]), $decrypted, $privateKey); // this is supposed to return either TRUE or FALSE right?
echo $decrypted;
$decryptedMessages = "decrypted.txt";
if (!$fh = fopen($decryptedMessages, 'a')) {
echo "cannot open file $decryptedMessages";
exit;
}
// Write $somecontent to our opened file.
if (fwrite($fh, $decrypted) === FALSE) {
echo "Cannot write to file ($decryptedMessages)";
exit;
}
//
fclose($fh);
}
} else {
echo "what received is not a measurement - $parts[1] \n";
}
} else {
echo "sms message malformed";
}
I ran the following:
php SmsReceiver.php 'smscode adDmHJDFmI8bC9KRcA7nPbTc2NU0sY7iM5jDHt3qJVq/AAyl9thUB3zVH5/9Jr+pTM4V+dift6UD8uB3nEU53thrY7nx55PsackCYzmBoKYTE4tazsyF7tRfAIawxvmR4lcSfKL2+A0N9ZetISoqqZAHI141n47Wtd52n0pE9tdLRGzXQlfeDOC3ntnbOKcIIhbyJWekLg+58uCLm2nfWPA4EveAd7t6RQPX4E20wXXQ1RgkVPCQsW+9WDdrbxav6y0VN7uKoBqA4/G8zn3Ol41OPtFFllBgl1BGUFWK3xcxxxZqodTCc3pTdAIHgJ4td+pktUjfbAwITt/RMC+IcA==' +6511111111
Message received was: 'smscode adDmHJDFmI8bC9KRcA7nPbTc2NU0sY7iM5jDHt3qJVq/AAyl9thUB3zVH5/9Jr+pTM4V+dift6UD8uB3nEU53thrY7nx55PsackCYzmBoKYTE4tazsyF7tRfAIawxvmR4lcSfKL2+A0N9ZetISoqqZAHI141n47Wtd52n0pE9tdLRGzXQlfeDOC3ntnbOKcIIhbyJWekLg+58uCLm2nfWPA4EveAd7t6RQPX4E20wXXQ1RgkVPCQsW+9WDdrbxav6y0VN7uKoBqA4/G8zn3Ol41OPtFFllBgl1BGUFWK3xcxxxZqodTCc3pTdAIHgJ4td+pktUjfbAwITt/RMC+IcA=='
sender's no was: +6511111111
code: smscode
measurement: adDmHJDFmI8bC9KRcA7nPbTc2NU0sY7iM5jDHt3qJVq/AAyl9thUB3zVH5/9Jr+pTM4V+dift6UD8uB3nEU53thrY7nx55PsackCYzmBoKYTE4tazsyF7tRfAIawxvmR4lcSfKL2+A0N9ZetISoqqZAHI141n47Wtd52n0pE9tdLRGzXQlfeDOC3ntnbOKcIIhbyJWekLg+58uCLm2nfWPA4EveAd7t6RQPX4E20wXXQ1RgkVPCQsW+9WDdrbxav6y0VN7uKoBqA4/G8zn3Ol41OPtFFllBgl1BGUFWK3xcxxxZqodTCc3pTdAIHgJ4td+pktUjfbAwITt/RMC+IcA==
private key found
public key found
-----BEGIN PRIVATE KEY-----
MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQC7dArHUiEXpEwi
...
F/EaVVWEZLevTJEdMpkfvQVr/08AlSLR3Nm33CrvQ1SfFygK0F6G6o1pQtnHlCKh
DK8/dT2CgsFuDbiAs4MRqQA36g==
-----END PRIVATE KEY-----
As you can see, openssl_private_decrypt() does not return anything, why?
Even if something is wrong with my encrypting/ decrypting process, at least give a false I'd expect.
Based64-encoded modulus of the public key:
u3QKx1IhF6RMIvncMADBhGqhdlSWnuuUz0dXr9NUzXJtgfPgvX/07w1IKTls6uj48eZ4J3s5me4xUzoRwIsxjk6Ondke2vGVJgzBZh3KQSml0dQoK/0a3Bc/bHwue3jroCCAaC/4lF6GQS5gB1gDQntkKBM+RaHaEqGldKHmF1T8Sg1zSLAU9IGBc+xDSCqgo2RepntB0npctBGmAYF8gdzN1PnAwgVfOLU/xi08ssQL1ppkrMncgPegaOOkyUZm4BXSyEY9ikYynLfoiQqEAFb9mU40yNM7LQusgqF0YhUgUIg+4fuQNscZJCJ6pS9UTQ64MHWCqrpXCeRAZ4rWeQ==
Based64-encoded exponent of the public key:
AQAB
Private key:
-----BEGIN PRIVATE KEY-----
MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQC7dArHUiEXpEwi
+dwwAMGEaqF2VJae65TPR1ev01TNcm2B8+C9f/TvDUgpOWzq6Pjx5ngnezmZ7jFT
OhHAizGOTo6d2R7a8ZUmDMFmHcpBKaXR1Cgr/RrcFz9sfC57eOugIIBoL/iUXoZB
LmAHWANCe2QoEz5FodoSoaV0oeYXVPxKDXNIsBT0gYFz7ENIKqCjZF6me0HSely0
EaYBgXyB3M3U+cDCBV84tT/GLTyyxAvWmmSsydyA96Bo46TJRmbgFdLIRj2KRjKc
t+iJCoQAVv2ZTjTI0zstC6yCoXRiFSBQiD7h+5A2xxkkInqlL1RNDrgwdYKqulcJ
5EBnitZ5AgMBAAECggEBAIoCAzWAF/EJ+yv8/MkypUbSIpG18TaLhwGcKsi+ND8V
sd3tKVca779X7fq71p6Ua0PdRDT9GglkPlhh9lPlptR4rbM0+OyE1CQxW+nMoO2c
tgJnyjOooq/LRdyfCLHK8t7vTtpmBwNlHD683+JIQA4gPjrq//vQD3eMHv5he79M
hbZVy93gI4x1FIQD8NPgJY3WX1tSojyOaSJCkR7cy3LjdsV17nNDTtJf5PhA584x
lJGjI6fX6VgiGhP8vmxkYYxFVzz2HrblMVodO95HKDwk/1RXvwqWFA72KQTBwLo7
iJpjP8k95FVys+KKHKbuAhbPhtzjmuRHCPSJ4zxFbEkCgYEA4vS2h5JqhlKzKi/v
i0lhei+HcTT53aUzCYA0qbBwJxvPZapi7lij7n2EeE5ZxGR4uPfUU71a1mrKrT6j
8XH0DxoxLT79jdiISG09rg0srnb/+EF7BKcSY4aQJwz/StAS7lxXySAatw2tVubv
MheSVyy1HaI0AE6fBBkt9VKNXv8CgYEA03Evu1Ycdlbi3mgS+hrxd0eabh5rETij
1jqEpiT/v7SPr1JNy3RwYXlEy7Y7e4lW3Wf7CsEV3Em/+vQNU3jA/7Sfqh5oyZoZ
o26tA8NyEpkiPhipAs8NfubUMLZGJKAhhrJo9vr4JzX866YVWlqEDqQ1lGuLJJOt
1DtZIxOAQocCgYEAido4EGrXt1T+LG7HYmQlCDFcZF/YMU/Ji0jLNBLOXILg25C9
3KYMlKy6zNRSZB7e0QL/fgmy5jAhgU9eBya/JnkzS5dKLWFLjiqEX3bzH9l6KtGj
JjVQzxEJ+B5F5qwyA4Qlci3E7FEra3CD83or0jV+oUxHp7QZlESzDKKi6gMCgYEA
irimvTy4vbcxbwNO+AH3S++RVQ/l5M2JSALqhmqd1DNtVXQlEAebt4etaA1uJxWr
BOW0YZDee8FzD/1QRORjkx/45M7ApwvQKFZzcpWm4KbRPXZGZE5dp1Vf/3mGuX7J
oCqrDOcJKgiUoDI9riLWoxh/ApowFtZA5I3vZEDmFD8CgYAnHOCZZI0IaieEcnRA
4vOu62y8VNut/18HIw9P/MD4ZbWXURnFzuzCUdHcw3vucFNjFSUjVMFZWo+Grxpq
F/EaVVWEZLevTJEdMpkfvQVr/08AlSLR3Nm33CrvQ1SfFygK0F6G6o1pQtnHlCKh
DK8/dT2CgsFuDbiAs4MRqQA36g==
-----END PRIVATE KEY-----
Android logcat:
I/SmsReceiver(15814): message received is keyx u3QKx1IhF6RMIvncMADBhGqhdlSWnuuUz0dXr9NUzXJtgfPgvX/07w1IKTls6uj48eZ4J3s5me4xUzoRwIsxjk6Ondke2vGVJgzBZh3KQSml0dQoK/0a3Bc/bHwue3jroCCAaC/4lF6GQS5gB1gDQntkKBM+RaHaEqGldKHmF1T8Sg1zSLAU9IGBc+xDSCqgo2RepntB0npctBGmAYF8gdzN1PnAwgVfOLU/xi08ssQL1ppkrMncgPegaOOkyUZm4BXSyEY9ikYynLfoiQqEAFb9mU40yNM7LQusgqF0YhUgUIg+4fuQNscZJCJ6pS9UTQ64MHWCqrpXCeRAZ4rWeQ== AQAB
I/SmsReceiver(15814): message received is a key exchange message
I/SmsReceiver(15814): the recipient's public key modulus is 23663785522794809498963221782819553495813344590754203802091214078741934630870755737273483338578650343553350487999568641527155675069988138202941338180146715141856273325699348180697949807604837968252319802254132361756796150729526732643616381939360742823851037800072915016799286519177887771453765989612342846498554824903381084855033387403868553674907286294016751397407403976788809972626838594376008433688839811350345997686592001128890405964489889151586297624459113817319199310865303723716614014342885058854916172119790960266134365108047747227357851477353947042531226823494283658181608350838513970607286067323054395676281 and exponent is 65537
I/SmsReceiver(15814): successfully remembered the contact +6500000000 and its public key module u3QKx1IhF6RMIvncMADBhGqhdlSWnuuUz0dXr9NUzXJtgfPgvX/07w1IKTls6uj48eZ4J3s5me4xUzoRwIsxjk6Ondke2vGVJgzBZh3KQSml0dQoK/0a3Bc/bHwue3jroCCAaC/4lF6GQS5gB1gDQntkKBM+RaHaEqGldKHmF1T8Sg1zSLAU9IGBc+xDSCqgo2RepntB0npctBGmAYF8gdzN1PnAwgVfOLU/xi08ssQL1ppkrMncgPegaOOkyUZm4BXSyEY9ikYynLfoiQqEAFb9mU40yNM7LQusgqF0YhUgUIg+4fuQNscZJCJ6pS9UTQ64MHWCqrpXCeRAZ4rWeQ== and exponent AQAB
Upvotes: 0
Views: 3439
Answers (1)
Reputation: 750
OpenSSL asymmetric cryptography is not suitable for encrypting large files unless you use S/MIME. In fact, this is what I tried:
Decoded the base64-encoded 'measurement:' field. The decoded message was 256 bytes in length.
Tried to decrypt this 256 bytes with the private key that you pasted using the following openssl command:
openssl rsautl -decrypt -in x.in -out plaintext -inkey private.key
But, I got an error instead:
RSA operation error
139982152128160:error:0407106B:rsa routines:RSA_padding_check_PKCS1_type_2:block type is not 02:rsa_pk1.c:190:
139982152128160:error:04065072:rsa routines:RSA_EAY_PRIVATE_DECRYPT:padding check failed:rsa_eay.c:616:
In fact, I tried this using PHP itself. But, instead of doing an echo of $decrypted, I used openssl_error_string and it gave me the exact above error.
Also, I wasn't able to encrypt a 256 byte data with public key as well. I got error from openssl indicating 139870762710688:error:0406D06E:rsa routines:RSA_padding_add_PKCS1_type_2:data too large for key size:rsa_pk1.c:151:.
All of this seems to indicate that OpenSSL's asymmetric cryptography is not meant for encrypting large data (in this case, 256 bytes is large enough). I am not sure how the Android client was able to encrypt it. Did it use OpenSSL as well?
However, there are relevant posts on how to deal with this. Take a look at:
Encrypt with S/MIME: http://ashmek.weebly.com/1/post/2011/02/encrypt-large-files-with-a-public-key-via-openssl.html
Upvotes: 0
Related Questions
- openssl_decrypt not working as expected
- openssl_pkey_get_private returning false
- Openssl decryption ( DES ) returns false in PHP
- Openssl_private_encrypt returns FALSE
- openssl_decrypt () function not working, returning null
- openssl_pkey_get_private returns string ''
- openssl_private_encrypt() returns false with output of 0
- Decryption with openssl not working
- Android KeyPairGenerator + php openssl_public_encrypt
- PHP Encrypt/Decrypt using OpenSSL not working for me