Reputation: 21
PHP RSA encryption openssl issue
I have been racking my brain. I am using the latest version of php 7. I can get rsa working with short text, however long text seems to not work. I read to use openssl_seal/open.. when I demoed the code on a test page it works great.. when I put it into practice with mysql its not working the way its supposed to..
Encryption code:
$messageiv = openssl_random_pseudo_bytes(32);
openssl_seal($_POST[$_SESSION['message']], $encryptedmessage, $ekeys, array($_SESSION['recipient_publickey']), "AES256", $messageiv);
openssl_seal($_POST[$_SESSION['subject']], $encryptedsubject, $ekeys, array($_SESSION['recipient_publickey']), "AES256", $messageiv);
The above is then base91_encoded and stored into blobs/varchar.
To decrypt it
openssl_open(base91_decode($row['messagesubject']), $decryptedsubject, $ekeys[0], $_SESSION['privatersakey'], "AES256", base91_decode($row['messageiv']));
openssl_open(base91_decode($row['messagebody']), $decryptedbody, $ekeys[0], $_SESSION['privatersakey'], "AES256", base91_decode($row['messageiv']));
The above variables $decryptedsubject and $decryptedmessage are blank.
I had this issue before using openssl_public/private key encrypt/decrypt and added the padding, this worked, however with long text it won't encrypt/decrypt....
Any assistance would be great...
Upvotes: 2
Views: 512
Answers (1)
Reputation: 34113
I can get rsa working with short text, however long text seems to not work.
This is expected. RSA only operates on short inputs. If you want to encrypt a long message with RSA, you need to do one of two things:
- Break your message into several distinct chunks and encrypt them separately. This is slow, inefficient, and insecure. (Attackers can drop or reorder chunks.)
- Use a secure construction combining RSA and AES, like so.
Thus, you end up with something like this:
- Encryption
- Generate a random 32-byte key,
k. - Encrypt
kwith your RSA public key to getC. - Calculate the HMAC-SHA256(
C,k) to get the message keym. - Encrypt your message (
P) withm, using AES-256-GCM to getD. - Return
CandD.
- Generate a random 32-byte key,
- Decryption
- Generate a random dummy key, which we'll call
k'. - Decrypt
Cusing your RSA private key, to obtaink(one-time AES key). - If step 2 failed, use a constant-time algorithm to swap
kout fork'. - Calculate the HMAC-SHA256(
C,k) to get the message keym. - Decrypt
Dusingm. - Return the decrypted plaintext (or fail because of the authentication tag).
- Generate a random dummy key, which we'll call
I read to use openssl_seal/open.. when I demoed the code on a test page it works great.. when I put it into practice with mysql its not working the way its supposed to..
First, consider using libsodium instead.
Whether or not you continue to use OpenSSL, you probably want to base64-encode your output (and make sure you're storing data in a text field rather than a short varchar).
Upvotes: 2
Related Questions
- PHP openssl_public_encrypt "key parameter is not a valid key"
- openssl_decrypt not working as expected
- openssl_encrypt returns false
- openssl- failed to decrypt data generated by PHP
- RSA in php is confusing
- PHP openssl encrypt decrypt errors? Not valid public/private keys?
- Decryption with openssl not working
- PHP Encrypt/Decrypt using OpenSSL not working for me
- can't decrypt encrypted RSA data by OpenSSL
- Decryption problem using RSA