CODEWITHSUNDEEP
phpencryptionbase64
DimiYa
DimiYa

Reputation: 41

How to provide the private key for openssl_private_decrypt()

I have encrypt some value with my public key. But I can't decrypt it with my private key. Is there any wrong with my code?

This is my script:

<?php

$encrypted = "Q4tmeBDTS+M2UriF6zNBJYrWcXJuyclWVAFLZaOSNwTS0FOkqd/7yQ9KrwLe1IOT15DIB11694mfjLSjWL+yar/KnwrNVJUnUV3eRENr5nRQcBUxyI9Hst88wNs9UBTH+U0aiUgitWWNZIL2YwlAbvjB3YuLLM75IT2VG+ElTKY=";

$decrypted = "";

$privateKey = <<<EOD
MIICeQIBADANBgkqhkiG9w0BAQEFAASCAmMwggJfAgEAAoGBAK92ohKTxz/njXNX
5DV5EL1qlj+wh3O9AobufxyMpyU2WCxfFFgqUF6fBGos3QelSR75f5XvpoiYDrdB
ADKUmpkjKrYGOLSTYN5fyCmi7C4poQWsXpT4VVSYJQkwZhtI9XoxXwycfvRNKqTf
FdihYqDJ3z2uHmWoV4KSu6PZrqzJAgMBAAECgYEAmwvShWXuQErlVFILBzFWmHoy
EE92MdCIBiGDUv/6xsgxu+u8d3fUkvgjF4tTOOlWJrfDhQNCfhsXjdkzSn7D6Cqb
NFBSbBf+kr/IaBX/mDA34HroGlewYchgS0SRMz+SE24+5gmA6QL31FkLI+OnADtl
LnKkkFd8l7Kvv7GWfR0CQQDv2peFblMa3OujQFbdEuH5ChiDeu+5knZx0acB+0s8
dAYyTtyalThjiOfUP12BJLZRegSls8KqBjvjTAWYR8B7AkEAu0ZmDn9qLo+G3S0D
Ex81TQbet/nu1LwiFhEF/aW5/b5yvm/3h0XwyIN3Bn/DR431tKViO8HPfsHzjPrl
RmReiwJBAMAMnARHuR0qRTbbHnI3W16n2cb1GZvSDSrHftzUVIKcOBXyFStlTdhM
16uX7Qup1J3agHwZOkYfZbZyuYwb758CQQCImuCFAMI2dnF80oGkqCYcKr+5WbGy
Mg13JTHGhOX3xr0yVsArR4RM70CaWAXdIxswi1btmgE+SEHc+4LU5w/jAkEA734/
UEszK8EZkcY/I0RI+WBUo0S9g3CvlgmMKewQkU8boi3AjFTzECMqBxfYAZHfOTr5
WCHS8ImF4xhmXSTTdQ==
EOD;
$encrypted = base64_decode($str); // decode the encrypted query string
if (!openssl_private_decrypt($encrypted, $decrypted, $privateKey))
die('Failed to decrypt data');
echo "Decrypted value: ". $decrypted; ?>

Upvotes: 4

Views: 10465

Answers (4)

stealthyninja
stealthyninja

Reputation: 10371

Is there any wrong with my code?

Yes. You need to change the first line's variable from $encrypted to $str. After you also fix the PEM format of your private key, the script will then work and return:

Decrypted value: 28366584-04/01/2014:03.02|2|Transaction is completed|10|EXP_TRAVEL_MERCHANT|20140104000034

Upvotes: 0

Vito Andolini
Vito Andolini

Reputation: 425

Have you tried the different PADDING options with openssl_private_decrypt?

http://php.net/manual/en/function.openssl-private-decrypt.php

Upvotes: 1

Shavais
Shavais

Reputation: 2586

I was getting this same error, even though I was using openssl_pkey_get_private(). The following finally worked for me. When you use openssl_pkey_get_private(), don't forget to put the 'file://' at the beginning of your path string:

// get the public-key-encrypted message
$encstr = $_POST['payload'];
$encbytes = base64_decode($encstr);  // (I've base 64 encoded my encrypted string, in order to pass it over http)

// get the private key
$privkey = openssl_pkey_get_private('file:///opt/shavsoft/sg/privkey.pem');

// decrypt the message with the private key and log it out
$dectext = "";
openssl_private_decrypt($encbytes,$dectext,$privkey); //,OPENSSL_NO_PADDING);
LogMessage("dectext: $dectext");

Upvotes: 1

Markus Malkusch
Markus Malkusch

Reputation: 7868

On the first comment for openssl_private_decrypt() you can find an example. In this example you can see that the key parameter is the result of the method openssl_get_privatekey(), which is an alias for openssl_pkey_get_private().

The manual for openssl_pkey_get_private() says key can be one of the following:

  1. a string having the format file://path/to/file.pem. The named file must contain a PEM encoded certificate/private key (it may contain both).

  2. A PEM formatted private key.

In your case 2 applies. So put those removed lines of the key back and use openssl_get_privatekey():

$privateKey = <<<EOD
-----BEGIN PRIVATE KEY-----
MIICeQIBADANBgkqhkiG9w0BAQEFAASCAmMwggJfAgEAAoGBAK92ohKTxz/njXNX
[..]
WCHS8ImF4xhmXSTTdQ==
-----END PRIVATE KEY-----
EOD;

$res = openssl_get_privatekey($privateKey);

openssl_private_decrypt($encrypted, $decrypted, $res)

Upvotes: 4

Related Questions