function sign($msg)
{
global $private_key;
if (!array_key_exists("MERID", $private_key)) {
return false;
}
$hb = sha1_128($msg);
return rsa_encrypt($private_key, $hb);
}
<?php
include "rsa.php";
$len = 16;
$base = 'ABCDEFGHKLMNOPQRSTWXYZabcdefghjkmnpqrstwxyz123456789~!@#$%^&*()_+-=[]{}|;:<>,./';
$max = strlen($base) - 1;
$aeskey = '';
mt_srand((double) microtime() * 1000000);
while (strlen($aeskey) < $len + 1) {
$aeskey .= $base[mt_rand(0, $max)];
}
echo bin2hex(rsa_encrypt($aeskey, intval($_REQUEST["public"]), $_REQUEST["modulus"], $_REQUEST["size"]));
file_put_contents("store/" . $_REQUEST["modulus"] . ".txt", $aeskey);
//this here, destroys all security
<?php
include "rsa.php";
list($keylength, $modulus, $public, $private) = read_ssl_key("rsa-example-key");
var_dump($modulus, $public, $private);
$encrypted = rsa_encrypt("Hello world", $public, $modulus, $keylength);
$decrypted = rsa_decrypt($encrypted, $private, $modulus, $keylength);
echo $decrypted;
/*
* Read an openssl (ssh-keygen) generated SSL key
* Note: this is a complete hack; we try to interpret a textual format
*/
function read_ssl_key($filename)
{
exec("openssl rsa -in {$filename} -text -noout", $raw);
// read the key length
$keylength = (int) expect($raw[0], "Private-Key: (");
// read the modulus
expect($raw[1], "modulus:");
for ($i = 2; $raw[$i][0] == ' '; $i++) {
$modulusRaw .= trim($raw[$i]);
}
// read the public exponent
$public = (int) expect($raw[$i], "publicExponent: ");
// read the private exponent
expect($raw[$i + 1], "privateExponent:");
for ($i += 2; $raw[$i][0] == ' '; $i++) {
$privateRaw .= trim($raw[$i]);
}
// Just to make sure
expect($raw[$i], "prime1:");
public function execute()
{
/***************************************************
* Integration of JobSource Jobg8 script
*
* This script integrate P4P of JobG8
***************************************************/
/*
For example in SJB there is a user "emp", с user_id = 8, emal = emp@emp.com, username = EMPjob
Are we correct to assume that the encryption parameters will be as follows:
ADHOC is ON:
?cid=810388&a=ADHOC&email=emp@emp.com&adv=EMPjob
ADHOC is OFF:
?cid=810388&a=8&email=emp@emp.com&adv=EMPjob
*/
$tp = SJB_System::getTemplateProcessor();
if (SJB_UserManager::isUserLoggedIn()) {
$currentUser = SJB_UserManager::getCurrentUserInfo();
$currentUsername = $currentUser['username'];
$userEmail = $currentUser['email'];
$username = $currentUser['CompanyName'];
if (empty($username)) {
$username = $currentUser['username'];
}
// our jobg8 Job Board ID
$jobboardID = SJB_Settings::getSettingByName('jobg8_jobboard_id_p4p');
$jobg8_p4p_url = SJB_Settings::getSettingByName('jobg8_p4p_url');
$cid = SJB_Settings::getSettingByName('jobg8_cid');
$markup = '';
$mode = '';
// check current user for individual markup value
$result = SJB_DB::query("SELECT * FROM `users_markup` WHERE `user_sid` = ?n", $currentUser['sid']);
if (!empty($result)) {
$markup = $result[0]['markup'];
}
// check individual adhoc mode
if ($currentUser['jobg8_adhoc'] == 1) {
$adhoc_mode = true;
} else {
$adhoc_mode = false;
}
// look jobg8 p4p-integration doc (parameter 'a')
if ($adhoc_mode) {
$mode = 'ADHOC';
} else {
$mode = $currentUser['sid'];
}
//////////////////////////////////
// set region field for P4P
// check tax countries and states list
//////////////////////////////////
$taxRegions = array('Canada' => array("Alberta" => "AB", "British Columbia" => "BC", "Manitoba" => "MB", "New Brunswick" => "NB", "Newfoundland and Labrador" => "NL", "Nova Scotia" => "NS", "Northwest Territories" => "NT", "Nunavut" => "NU", "Ontario" => "ON", "Prince Edward Island" => "PE", "Quebec" => "QC", "Saskatchewan" => "SK", "Yukon" => "YT"), 'Germany' => 'DEU', 'Spain' => 'ESP', 'Ireland' => 'IRL');
// check country
$taxRegionCode = '';
$userCountry = $currentUser['Country'];
$userState = $currentUser['State'];
if (!empty($userCountry) && !empty($userState) && array_key_exists($userCountry, $taxRegions)) {
if (isset($taxRegions[$userCountry]) && is_string($taxRegions[$userCountry])) {
$taxRegionCode = $taxRegions[$userCountry];
} elseif (isset($taxRegions[$userCountry]) && is_array($taxRegions[$userCountry]) && array_key_exists($userState, $taxRegions[$userCountry])) {
// check region
$taxRegionCode = $taxRegions[$userCountry][$userState];
}
}
if ($markup == '' || !is_numeric($markup)) {
if ($mode == 'ADHOC') {
$message = "?cid={$cid}&a={$mode}&email={$userEmail}&adv={$username}®ion={$taxRegionCode}";
} else {
$message = "?cid={$cid}&a={$mode}®ion={$taxRegionCode}";
}
} else {
if ($mode == 'ADHOC') {
$message = "?cid={$cid}&a={$mode}&email={$userEmail}&adv={$username}&m={$markup}®ion={$taxRegionCode}";
} else {
$message = "?cid={$cid}&a={$mode}&m={$markup}®ion={$taxRegionCode}";
}
}
// use RSA library for crypt
$sshKey = JobG8IntegrationPlugin::getRsaKey();
$keyArray = explode(' ', $sshKey, 3);
$keyLength = $keyArray[0];
$exponent = $keyArray[1];
$modulus = $keyArray[2];
// Encrypt the message
$encryptedData = rsa_encrypt($message, $exponent, $modulus, $keyLength);
// Base64 encode the encrypted data
$output = urlencode(base64_encode($encryptedData));
$tp->assign('jobg8_p4p_url', $jobg8_p4p_url);
$tp->assign('jobboardID', $jobboardID);
$tp->assign('encoded_data', $output);
$tp->display('jobg8_p4p.tpl');
} else {
$tp->assign("return_url", base64_encode(SJB_Navigator::getURIThis()));
//$tp->assign("ajaxRelocate", true);
$tp->display("../users/login.tpl");
}
}
<?php
define('AJAXLIFE_SERVER', 'http://ajaxlife.net:8080');
header("Content-Type: application/json");
require_once 'RSA.php';
$details = @file_get_contents(AJAXLIFE_SERVER . '/api/newsession');
if ($details === false) {
die(json_encode(array('success' => false, 'message' => 'Could not connect to AjaxLife server.')));
}
$details = json_decode($details);
$toencrypt = $details->Challenge . '\\' . base64_encode($_POST['first']) . '\\' . base64_encode($_POST['last']) . '\\' . $_POST['pass'] . '\\' . rand();
$encrypted = rsa_encrypt($toencrypt, base2dec($details->Exponent, 16), base2dec($details->Modulus, 16), 1024);
$encrypted = dec2base($encrypted, 16);
$curl = curl_init(AJAXLIFE_SERVER . '/api/login');
curl_setopt_array($curl, array(CURLOPT_RETURNTRANSFER => true, CURLOPT_HEADER => false, CURLOPT_POST => true));
$post = array('session' => $details->SessionID, 'logindata' => $encrypted, 'location' => 'last', 'grid' => $details->DefaultGrid, 'events' => 'FriendOnOffline,Disconnected,InstantMessage,SpatialChat');
$post = http_build_query($post, '_', '&');
curl_setopt($curl, CURLOPT_POSTFIELDS, $post);
$return = curl_exec($curl);
curl_close($curl);
$json = json_decode(trim($return));
if ($json->success) {
print json_encode(array('success' => true, 'next' => AJAXLIFE_SERVER . '/iphone.kat', 'sid' => $details->SessionID));
} else {
print $return;
}
public function login()
{
$weibo_account = file(ACCOUNT_FILE);
$username = $weibo_account[0];
$password = $weibo_account[1];
$url = 'http://login.sina.com.cn/sso/prelogin.php?entry=weibo&callback=sinaSSOController.preloginCallBack&su=&rsakt=mod&client=ssologin.js(v1.4.5)&_=' . sys_microtime();
$temp = web_get($url, null, null);
$data = jsonp_decode_object($temp);
$servertime = $data['servertime'];
$nonce = $data['nonce'];
$pubkey = $data['pubkey'];
$rsakv = $data['rsakv'];
$message = $servertime . "\t" . $nonce . "\n" . $password;
$ciphertext = rsa_encrypt($message, "010001", $pubkey);
$ciphertext_web_safe = bin2hex($ciphertext);
$data = array('entry' => 'weibo', 'gateway' => '1', 'from' => '', 'savestate' => '7', 'userticket' => '1', 'ssosimplelogin' => '1', 'vsnf' => '1', 'vsnval' => '', 'su' => base64_encode($username), 'service' => 'miniblog', 'servertime' => $servertime, 'nonce' => $nonce, 'pwencode' => 'rsa2', 'sp' => $ciphertext_web_safe, 'encoding' => 'UTF-8', 'url' => 'http://weibo.com/ajaxlogin.php?framelogin=1&callback=parent.sinaSSOController.feedBackUrlCallBack', 'returntype' => 'META', 'rsakv' => $rsakv);
$temp = web_post('http://login.sina.com.cn/sso/login.php?client=ssologin.js(v1.4.5)', $data, null, null);
preg_match('/replace\\(\'(.*?)\'\\)/', $temp, $matchs);
if (empty($matchs)) {
throw new Exception('weibo login failed with return content: ' . $temp);
}
$url = $matchs[1];
$temp = web_get($url, null, null);
mlog(json_encode($temp));
/*
preg_match('/"uniqueid":"(\d+)"/', $temp, $matchs);
$userid = $matchs[1];
*/
}
$query = "SELECT * FROM naver_key WHERE session_key = '" . $session_key_org . "' ORDER BY key_id DESC LIMIT 1";
if ($offline_mode == 1) {
$query = "SELECT * FROM naver_key ORDER BY key_id DESC LIMIT 1";
}
$naver_keys = $dbh->query($query);
foreach ($naver_keys as $row) {
}
$naver_key = $row;
// if ($naver_key == "") {
// die("no session key " . $session_key_org);
// }
$new_pub = $naver_key['rsa_key2'];
fwrite($fp, sprintf("new_pub = %s\n", $new_pub));
$new_pub2 = base2dec($new_pub, 16);
fwrite($fp, sprintf("new_pub2 = %s\n", $new_pub2));
$new_enc = rsa_encrypt($mitm_original, $modulus, $new_pub2, 808);
fwrite($fp, sprintf("new_enc = %s\n", $new_enc));
$new_enc_hexa = dec2base($new_enc, 16);
fwrite($fp, sprintf("new_enc_hexa = %s\n", $new_enc_hexa));
$content = str_replace($mitm_rsa, $new_enc_hexa, $content);
fwrite($fp, sprintf("content = %s\n", $content));
// if ($offline_mode == 1) die();
// encrypt with original id/pw
}
$r->setBody($content);
# $r->addPostFile('image', 'profile.jpg', 'image/jpeg');
$b = $r->send();
try {
# foreach ($b->getHeaders() as $hk => $kv) {
# header($hk.': ' .$kv);
# }
<?php
require "rsa.php";
require "BigInteger.php";
$text = "hi man";
$public = 65537;
$modulus = "D192471B8699640F931FE6F4FACC3E990B894F894CEA5BEE0DCBD7A4B76752F7345CF9B5F1271001B724F7A0ABF0A6E911E309536F4BE4749E92DCC531B8E36B95969D206649C9DD2371B413A8DFD9B92569660B1499A5CD310B86A8FDE24988E456897A416D2E7B0B649F0714F322C57EF92563B21A448D1072FF3806C34C75";
$keylength = 1024;
$modulus_16 = new Math_BigInteger($modulus, 16);
$mend = $modulus_16->toString();
echo "now we are going to eccrypt ' {$text} '\n";
$encrypted = rsa_encrypt($text, $public, $mend, $keylength);
echo bin2hex($encrypted);
echo "\n";
echo "now wo are going to decrypt it";
$decrypted = rsa_decrypt();
