protected function initRsa($publicKeyFile)
{
if (!file_exists($publicKeyFile) || !is_readable($publicKeyFile)) {
throw new \Exception('Public key file does not exist or is not readable.');
}
$public_key = file_get_contents($publicKeyFile);
$this->rsa = new \Crypt_RSA();
$x509 = new \File_X509();
$x509->loadX509($public_key);
$this->rsa->loadKey($x509->getPublicKey());
$this->rsa->setEncryptionMode(CRYPT_RSA_ENCRYPTION_PKCS1);
$this->rsa->setHash('sha1');
}
function activateKeyGen($key, $hwid, $privKey, $offline = false)
{
$rsa = new Crypt_RSA();
$rsa->loadKey($privKey);
$rsa->setSignatureMode(CRYPT_RSA_SIGNATURE_PKCS1);
$rsa->setHash('sha512');
$activateKey = $rsa->sign(sha1(base64_decode($key) . hash('sha512', $hwid, true)));
if ($offline) {
$license = '------BEGIN ACTIVATION KEY------' . "\r\n";
$license .= chunk_split(base64_encode($activateKey));
$license .= '------END ACTIVATION KEY------';
} else {
$license = base64_encode($activateKey);
}
return $license;
}
private function rsa($public_or_private_key, $padding_mode)
{
if ($public_or_private_key instanceof JOSE_JWK) {
$rsa = $public_or_private_key->toKey();
} else {
if ($public_or_private_key instanceof Crypt_RSA) {
$rsa = $public_or_private_key;
} else {
$rsa = new Crypt_RSA();
$rsa->loadKey($public_or_private_key);
}
}
$rsa->setHash($this->digest());
$rsa->setMGFHash($this->digest());
$rsa->setSignatureMode($padding_mode);
return $rsa;
}
public static function CreateLicense($licensee, $type)
{
// Gleiche Generalisierung wie am Client:
$licenseeGen = self::GeneralizeDataString($licensee);
$dataStr = $licenseeGen . (int) $type;
// "ERIKAMUSTERMANN2"
$rsa = new Crypt_RSA();
// Neue RSA-Klasse erstellen
// Setzen der RSA-Optionen auf die, die auch am Client verwendet werden:
$rsa->setPrivateKeyFormat(CRYPT_RSA_PRIVATE_FORMAT_XML);
$rsa->setHash('SHA1');
$rsa->setSignatureMode(CRYPT_RSA_SIGNATURE_PKCS1);
// privaten Schlüssel laden
$rsa->loadKey(self::privateKey);
// Erstellen der Signatur
$signature = $rsa->sign($dataStr);
// Formatierte Lizenzdaten zurückgeben
return self::FormatLicense($licensee, $type, $signature);
}
/**
* Validates a signature
*
* Returns true if the signature is verified, false if it is not correct or NULL on error
*
* @param String $publicKeyAlgorithm
* @param String $publicKey
* @param String $signatureAlgorithm
* @param String $signature
* @param String $signatureSubject
* @access private
* @return Integer
*/
function _validateSignature($publicKeyAlgorithm, $publicKey, $signatureAlgorithm, $signature, $signatureSubject)
{
switch ($publicKeyAlgorithm) {
case 'rsaEncryption':
require_once 'Crypt/RSA.php';
$rsa = new Crypt_RSA();
$rsa->loadKey($publicKey);
switch ($signatureAlgorithm) {
case 'md2WithRSAEncryption':
case 'md5WithRSAEncryption':
case 'sha1WithRSAEncryption':
case 'sha224WithRSAEncryption':
case 'sha256WithRSAEncryption':
case 'sha384WithRSAEncryption':
case 'sha512WithRSAEncryption':
$rsa->setHash(preg_replace('#WithRSAEncryption$#', '', $signatureAlgorithm));
$rsa->setSignatureMode(CRYPT_RSA_SIGNATURE_PKCS1);
if (!@$rsa->verify($signatureSubject, $signature)) {
return false;
}
break;
default:
return NULL;
}
break;
default:
return NULL;
}
return true;
}
/**
* @param string $hashtype
* @param object $key
* @throws OpenIDConnectClientException
* @return bool
*/
private function verifyRSAJWTsignature($hashtype, $key, $payload, $signature)
{
if (!class_exists('Crypt_RSA')) {
throw new OpenIDConnectClientException('Crypt_RSA support unavailable.');
}
if (!(property_exists($key, 'n') and property_exists($key, 'e'))) {
throw new OpenIDConnectClientException('Malformed key object');
}
/* We already have base64url-encoded data, so re-encode it as
regular base64 and use the XML key format for simplicity.
*/
$public_key_xml = "<RSAKeyValue>\r\n" . " <Modulus>" . b64url2b64($key->n) . "</Modulus>\r\n" . " <Exponent>" . b64url2b64($key->e) . "</Exponent>\r\n" . "</RSAKeyValue>";
$rsa = new Crypt_RSA();
$rsa->setHash($hashtype);
$rsa->loadKey($public_key_xml, CRYPT_RSA_PUBLIC_FORMAT_XML);
$rsa->signatureMode = CRYPT_RSA_SIGNATURE_PKCS1;
return $rsa->verify($payload, $signature);
}
public function rsa($hashAlg, $key)
{
$rsa = new Crypt_RSA();
$rsa->loadKey($key);
$rsa->setHash($hashAlg);
$rsa->setSignatureMode(CRYPT_RSA_SIGNATURE_PKCS1);
return $rsa;
}
/**
* @param $rsaKey
* @return \Crypt_RSA
*/
private function getSignor($rsaKey, $password = null)
{
$crypt = new \Crypt_RSA();
$crypt->loadKey($rsaKey);
$crypt->setPassword($password);
$crypt->setHash('sha256');
$crypt->setSignatureMode(CRYPT_RSA_SIGNATURE_PKCS1);
return $crypt;
}
public function verify_signature($message, $signature, $key, $hash_algorithm = 'sha256')
{
$this->ensure_crypto_loaded();
$rsa = new Crypt_RSA();
$rsa->setHash(strtolower($hash_algorithm));
// This is not the default, but is what we use
$rsa->setSignatureMode(CRYPT_RSA_SIGNATURE_PKCS1);
$rsa->loadKey($key);
// Don't hash it - Crypt_RSA::verify() already does that
// $hash = new Crypt_Hash($hash_algorithm);
// $hashed = $hash->hash($message);
$verified = $rsa->verify($message, base64_decode($signature));
if ($this->debug) {
$this->log('Signature verification result: ' . serialize($verified));
}
return $verified;
}
protected function verify_phpseclib($data, $sigBin, $publickey, $algo = 'sha256WithRSAEncryption')
{
$isHash = preg_match("/^([a-z]+[0-9]).+/", $algo, $hashinfo);
$hash = $isHash ? $hashinfo[1] : 'sha256';
$rsa = new Crypt_RSA();
$rsa->setHash($hash);
$rsa->setSignatureMode(CRYPT_RSA_SIGNATURE_PKCS1);
$rsa->setEncryptionMode(CRYPT_RSA_ENCRYPTION_PKCS1);
$rsa->loadKey($publickey);
return $rsa->verify($data, $sigBin) === TRUE ? TRUE : FALSE;
}
<?php
set_time_limit(0);
if (file_exists('private.key')) {
echo base64_encode(file_get_contents('private.key'));
} else {
include 'Crypt/RSA.php';
$rsa = new Crypt_RSA();
$rsa->setHash('sha1');
$rsa->setMGFHash('sha1');
$rsa->setEncryptionMode(CRYPT_RSA_ENCRYPTION_OAEP);
$rsa->setPrivateKeyFormat(CRYPT_RSA_PRIVATE_FORMAT_PKCS1);
$rsa->setPublicKeyFormat(CRYPT_RSA_PUBLIC_FORMAT_PKCS1);
$res = $rsa->createKey(1024);
$privateKey = $res['privatekey'];
$publicKey = $res['publickey'];
file_put_contents('public.key', $publicKey);
file_put_contents('private.key', $privateKey);
echo base64_encode($privateKey);
}
/**
* Fill out $this->privateKey or $this->publicKey with a Crypt_RSA object
* representing the give key (as mod/exponent pair).
*
* @param string $mod base64-encoded
* @param string $exp base64-encoded exponent
* @param string $type one of 'public' or 'private'
*/
public function loadKey($mod, $exp, $type = 'public')
{
common_log(LOG_DEBUG, "Adding " . $type . " key: (" . $mod . ', ' . $exp . ")");
$rsa = new Crypt_RSA();
$rsa->signatureMode = CRYPT_RSA_SIGNATURE_PKCS1;
$rsa->setHash('sha256');
$rsa->modulus = new Math_BigInteger(Magicsig::base64_url_decode($mod), 256);
$rsa->k = strlen($rsa->modulus->toBytes());
$rsa->exponent = new Math_BigInteger(Magicsig::base64_url_decode($exp), 256);
if ($type == 'private') {
$this->privateKey = $rsa;
} else {
$this->publicKey = $rsa;
}
}
<?php
include 'Crypt/RSA.php';
$rsa = new Crypt_RSA();
$msg = "";
$color = "";
$cisti_tekst = file_get_contents('./cisti_tekst.txt', FILE_USE_INCLUDE_PATH);
if (isset($_POST['potpisi'])) {
file_put_contents('potpis.txt', '');
$cisti_tekst = file_get_contents('./cisti_tekst.txt', FILE_USE_INCLUDE_PATH);
$rsa->setHash("sha256");
$rsa->setSignatureMode(CRYPT_RSA_SIGNATURE_PKCS1);
$privatekey = file_get_contents('./privatni_kljuc.txt', FILE_USE_INCLUDE_PATH);
$rsa->loadKey($privatekey);
//$signature = base64_encode($rsa->sign(base64_decode($cisti_tekst)));
//$signature = base64_encode($rsa->sign(base64_decode($cisti_tekst)));
$signature = $rsa->sign($cisti_tekst);
$signature = base64_encode($signature);
$ret = file_put_contents('potpis.txt', $signature, FILE_APPEND | LOCK_EX);
if ($ret === false) {
die('Neuspješna pohrana u datoteku');
} else {
echo "U datoteku je pohranjeno: " . $ret . " bajtova";
}
}
if (isset($_POST['provjeri'])) {
$rsa->setHash("sha256");
$rsa->setSignatureMode(CRYPT_RSA_SIGNATURE_PKCS1);
$publickey = file_get_contents('./javni_kljuc.txt', FILE_USE_INCLUDE_PATH);
$rsa->loadKey($publickey);
$signature = file_get_contents('./potpis.txt', FILE_USE_INCLUDE_PATH);
/**
* Validates a signature
*
* Returns true if the signature is verified, false if it is not correct or null on error
*
* @param String $publicKeyAlgorithm
* @param String $publicKey
* @param String $signatureAlgorithm
* @param String $signature
* @param String $signatureSubject
* @access private
* @return Integer
*/
function _validateSignature($publicKeyAlgorithm, $publicKey, $signatureAlgorithm, $signature, $signatureSubject)
{
switch ($publicKeyAlgorithm) {
case 'rsaEncryption':
if (!class_exists('Crypt_RSA')) {
include_once EASYWIDIR . '/third_party/phpseclib/Crypt/RSA.php';
}
$rsa = new Crypt_RSA();
$rsa->loadKey($publicKey);
switch ($signatureAlgorithm) {
case 'md2WithRSAEncryption':
case 'md5WithRSAEncryption':
case 'sha1WithRSAEncryption':
case 'sha224WithRSAEncryption':
case 'sha256WithRSAEncryption':
case 'sha384WithRSAEncryption':
case 'sha512WithRSAEncryption':
$rsa->setHash(preg_replace('#WithRSAEncryption$#', '', $signatureAlgorithm));
$rsa->setSignatureMode(CRYPT_RSA_SIGNATURE_PKCS1);
if (!@$rsa->verify($signatureSubject, $signature)) {
return false;
}
break;
default:
return null;
}
break;
default:
return null;
}
return true;
}
/**
* Fill out $this->privateKey or $this->publicKey with a Crypt_RSA object
* representing the give key (as mod/exponent pair).
*
* @param string $mod base64-encoded
* @param string $exp base64-encoded exponent
* @param string $type one of 'public' or 'private'
*/
public function loadKey($mod, $exp, $type = 'public')
{
$rsa = new Crypt_RSA();
$rsa->setSignatureMode(CRYPT_RSA_SIGNATURE_PKCS1);
$rsa->setHash($this->getHash());
$rsa->modulus = new Math_BigInteger(Magicsig::base64_url_decode($mod), 256);
$rsa->k = strlen($rsa->modulus->toBytes());
$rsa->exponent = new Math_BigInteger(Magicsig::base64_url_decode($exp), 256);
if ($type == 'private') {
$this->privateKey = $rsa;
} else {
$this->publicKey = $rsa;
}
}
/**
* Sign a message using a private RSA key
*
* @param string $payload The message to be signed
* @param string $private_key An RSA private key
* @return string A base64-encoded and url-encoded hash of the $payload_string
*/
private function signMessage($payload, $private_key)
{
$signature_urlencoded = '';
$rsa_signature = new \Crypt_RSA();
$rsa_signature->loadKey($private_key);
$rsa_signature->setSignatureMode(CRYPT_RSA_SIGNATURE_PKCS1);
$rsa_signature->setHash('md5');
$payload_base64 = urldecode(substr($payload, 0, -6));
$signature_binary = $rsa_signature->sign($payload_base64);
$signature_base64 = base64_encode($signature_binary);
$signature_urlencoded = urlencode($signature_base64) . "decode";
return $signature_urlencoded;
}
/**
* Quasi-private - marked public to work-around PHP 5.3 compat.
*
* @param string $key
* @param string $type
* 'public' or 'private'
* @return \Crypt_RSA
*/
public static function getRsa($key, $type)
{
$rsa = new \Crypt_RSA();
$rsa->loadKey($key);
if ($type == 'public') {
$rsa->setPublicKey();
}
$rsa->setEncryptionMode(Constants::RSA_ENC_MODE);
$rsa->setSignatureMode(Constants::RSA_SIG_MODE);
$rsa->setHash(Constants::RSA_HASH);
return $rsa;
}
/**
*
*
*/
protected static function _signatureIsValid($pub, $sig, $str, $hash = 'sha1')
{
// Convert key back into PEM format
$key = sprintf("-----BEGIN PUBLIC KEY-----\n%s\n-----END PUBLIC KEY-----", wordwrap($pub, 64, "\n", true));
// prefer Crypt_RSA
// http://phpseclib.sourceforge.net
// [DG]: X3 how Crypt_RSA works, skip
if (class_exists('Crypt_RSA')) {
$rsa = new Crypt_RSA();
$rsa->setHash($hash);
$rsa->setSignatureMode(CRYPT_RSA_SIGNATURE_PKCS1);
$rsa->loadKey($pub);
return $rsa->verify($str, base64_decode($sig));
} else {
// $pubkeyid = openssl_get_publickey($key);
$signature_alg = constant('OPENSSL_ALGO_' . strtoupper($hash));
return openssl_verify($str, base64_decode($sig), $key, $signature_alg);
}
}
static function crypt_rsa_key($mod, $exp, $hash = 'SHA256')
{
$rsa = new Crypt_RSA();
$rsa->setSignatureMode(CRYPT_RSA_SIGNATURE_PKCS1);
$rsa->setHash(strtolower($hash));
$rsa->modulus = new Math_BigInteger($mod, 256);
$rsa->k = strlen($rsa->modulus->toBytes());
$rsa->exponent = new Math_BigInteger($exp, 256);
$rsa->setPublicKey();
return $rsa;
}
/**
* Validates a signature
*
* Returns true if the signature is verified, false if it is not correct or NULL on error
*
* @param String $publicKeyAlgorithm
* @param String $publicKey
* @param String $signatureAlgorithm
* @param String $signature
* @param String $signatureSubject
* @access private
* @return Integer
*/
function _validateSignature($publicKeyAlgorithm, $publicKey, $signatureAlgorithm, $signature, $signatureSubject)
{
switch ($publicKeyAlgorithm) {
case 'rsaEncryption':
if (!class_exists('Crypt_RSA')) {
require_once 'Crypt/RSA.php';
}
$rsa = new Crypt_RSA();
$rsa->loadKey($publicKey);
switch ($signatureAlgorithm) {
case 'md2WithRSAEncryption':
case 'md5WithRSAEncryption':
case 'sha1WithRSAEncryption':
case 'sha224WithRSAEncryption':
case 'sha256WithRSAEncryption':
case 'sha384WithRSAEncryption':
case 'sha512WithRSAEncryption':
$rsa->setHash(preg_replace('#WithRSAEncryption$#', '', $signatureAlgorithm));
$rsa->setSignatureMode(CRYPT_RSA_SIGNATURE_PKCS1);
if (!@$rsa->verify($signatureSubject, $signature)) {
return false;
}
break;
default:
throw new UnsupportedAlgorithmException('Signature algorithm unsupported');
}
break;
default:
throw new UnsupportedAlgorithmException('Public key algorithm unsupported');
}
return true;
}
