public static function pubCrypt($symKey)
{
#encrypts a symmetric key and returns it base64
openssl_public_encrypt($symKey, $encSymKey, self::getPubKey(), OPENSSL_PKCS1_PADDING);
//OPENSSL_PKCS1_PADDING is the default but setting explicitly because that's what we expect on the server.
return base64_encode($encSymKey);
}
/**
* 公钥加密
*/
public function pubEncrypt($data)
{
if (!is_string($data)) {
return null;
}
return openssl_public_encrypt($data, $encrypted, self::getPublicKey()) ? base64_encode($encrypted) : null;
}
public function post_id_new1_new2_handler()
{
global $FANNIE_PLUGIN_SETTINGS, $FANNIE_OP_DB;
$dbc = FannieDB::get($FANNIE_PLUGIN_SETTINGS['GiveUsMoneyDB']);
$ret = array('errors' => '');
$safe = $this->safetyCheck();
if ($safe !== true) {
$ret['errors'] = $safe;
} else {
$keyfile = realpath(dirname(__FILE__) . '/keys/public.key');
$pubkey = openssl_pkey_get_public(file_get_contents($keyfile));
$try = openssl_public_encrypt($this->new1, $encrypted, $pubkey);
if (!$try) {
$ret['errors'] = 'Error occurred during encryption';
} else {
if ($this->new1 !== $this->new2) {
$ret['errors'] = 'New values do not match';
} else {
$model = new GumTaxIdentifiersModel($dbc);
$model->card_no($this->id);
$model->encryptedTaxIdentifier($encrypted);
$model->maskedTaxIdentifier(substr($this->new1, -4));
$model->save();
}
}
}
echo json_encode($ret);
return false;
}
public static function verifyUtwenteCredentials($username, $password)
{
// Do weird escape character stuff, because DotEnv doesn't support newlines :(
$publicKey = str_replace('_!n_', "\n", env('UTWENTEAUTH_KEY'));
$token = md5(rand());
// Generate random token
// Store userdata in array to create JSON later on
$userData = array('user' => $username, 'password' => $password, 'token' => $token);
// Encrypt userData in JSON with public key
openssl_public_encrypt(json_encode($userData), $userDataEncrypted, $publicKey);
// Start CURL to secureAuth on WESP
$ch = curl_init(env('UTWENTEAUTH_SRV'));
// Tell CURL to post encrypted userData in base64
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, "challenge=" . urlencode(base64_encode($userDataEncrypted)));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
// Execute CURL, store response
$response = curl_exec($ch);
curl_close($ch);
// If response matches token, user is verified.
if ($response == $token) {
return true;
}
return false;
}
/**
* 证书Id验证密码方法
* @param $sPin
* @param $sCardNo
* @param array $options 参数数组
* @return array
*/
function encryptedPin($sPin, $sCardNo, $options)
{
$resArr = ['code' => 1];
$fp = fopen($options['encrypt_cert_path'], "r");
if ($fp != NULL) {
$sCrt = fread($fp, 8192);
fclose($fp);
$sPubCrt = openssl_x509_read($sCrt);
if ($sPubCrt === false) {
$resArr['code'] = 2;
$resArr['message'] = '读取密码加密证书数据失败';
} else {
$pinBlock = new UnionPayPinBlock();
$sInput = $pinBlock->Pin2PinBlockWithCardNO($sPin, $sCardNo);
if ($sInput['code'] > 0) {
$resArr['code'] = 3;
$resArr['message'] = $sInput['message'];
} else {
$iRet = openssl_public_encrypt($sInput['data'], $sOutData, $sCrt, OPENSSL_PKCS1_PADDING);
if ($iRet === true) {
$resArr['data'] = base64_encode($sOutData);
} else {
$resArr['code'] = 3;
$resArr['message'] = '加密失败';
}
}
}
} else {
$resArr['code'] = 1;
$resArr['message'] = '打开密码加密证书失败';
}
return $resArr;
}
/**
* @Rest\Post("/users/auth")
* @param unknown $request
*/
public function userAuthAction()
{
$data = $this->getRequest()->get("data");
$stringDecrypted = "";
openssl_private_decrypt(base64_decode($data), $stringDecrypted, openssl_pkey_get_private(file_get_contents(__DIR__ . "/keys/server/private_key_server.pem")));
$jsonDecrypted = json_decode($stringDecrypted);
$entityManager = $this->container->get('fos_user.user_manager');
$user = $entityManager->findUserByUsername($jsonDecrypted->username);
$encoder_service = $this->get('security.encoder_factory');
$encoder = $encoder_service->getEncoder($user);
$encoded_pass = $encoder->isPasswordValid($user->getPassword(), $jsonDecrypted->password, $user->getSalt());
$token = 0;
if ($encoded_pass) {
$currentTime = time();
$tokenTime = $currentTime + 86400;
// on day
$user->setTokenExpiresAt($tokenTime);
$clearToken = $user->getUsername() . '@' . $tokenTime;
$shaToken = sha1($clearToken);
$user->setToken($shaToken);
$stringCrypted = "";
$json = "{'token':'" . $clearToken . "'}";
openssl_public_encrypt($json, $stringCrypted, openssl_pkey_get_public(file_get_contents(__DIR__ . "/keys/server/public_key_mobile.pem")));
$token = base64_encode($stringCrypted);
return json_encode(["data" => $token]);
} else {
return false;
}
}
public function decode()
{
$core = $this->core;
list($vMajor, $vMinor) = $core->getVersion();
// Client
$connOut = $core->getOutDuplex();
// Server
$connIn = $core->getInDuplex();
// ECDHE
if ($core->cipherSuite->isECDHEEnabled()) {
$extensions = $core->extensions;
$data = $extensions->call('Curve', 'decodeClientKeyExchange', '');
$preMaster = $extensions->call('Curve', 'getPremaster', null);
} else {
$preMaster = Core::_pack('C', $vMajor) . Core::_pack('C', $vMinor) . Core::getRandom(46);
$crtDers = $core->getCrtDers();
$publicKey = X509::getPublicKey($crtDers);
openssl_public_encrypt($preMaster, $encPreMaster, $publicKey);
$data = Core::_pack('n', strlen($encPreMaster)) . $encPreMaster;
}
// Set Master Secret, IV and MAC
$this->setKeys($preMaster, $connIn, $connOut);
$this->msgType = HandshakeType::CLIENT_KEY_EXCHANGE;
$this->length = strlen($data);
return $this->getBinHeader() . $data;
}
function encrypt($data, $publicKey)
{
// Encrypt the data using the public key
openssl_public_encrypt($data, $encryptedData, $publicKey);
// Return encrypted data
return $encryptedData;
}
/**
* Encrypt data using this public key. Data will be decryptable
* only with the matching private key.
*
* This method can only encrypt short data (= shorter than the key,
* see the PHP manual). To encrypt larger values, use the seal()
* method.
*
* @see php://openssl_public_encrypt
* @param string data
* @return string
* @throws security.crypto.CryptoException if the operation fails
*/
public function encrypt($data)
{
if (false === openssl_public_encrypt($data, $out, $this->_hdl)) {
throw new CryptoException('Error encrypting data', OpenSslUtil::getErrors());
}
return $out;
}
function publicKeyEncrypt($publicKey, $content)
{
$pKey = openssl_pkey_get_public($publicKey);
$encrypted = "";
openssl_public_encrypt($content, $encrypted, $pKey);
return base64_encode($encrypted);
}
function EncryptedPin($sPin, $sCardNo, $sPubKeyURL)
{
global $log;
$sPubKeyURL = trim(SDK_ENCRYPT_CERT_PATH, " ");
/**
* [WeEngine System] Copyright (c) 2014 WE7.CC
* WeEngine is NOT a free software, it under the license terms, visited http://www.we7.cc/ for more details.
*/
$fp = fopen($sPubKeyURL, "r");
if ($fp != NULL) {
$sCrt = fread($fp, 8192);
fclose($fp);
}
$sPubCrt = openssl_x509_read($sCrt);
if ($sPubCrt === FALSE) {
print "openssl_x509_read in false!";
return -1;
}
$sPubKey = openssl_x509_parse($sPubCrt);
$sInput = Pin2PinBlockWithCardNO($sPin, $sCardNo);
if ($sInput == 1) {
print "Pin2PinBlockWithCardNO Error ! : " . $sInput;
return 1;
}
$iRet = openssl_public_encrypt($sInput, $sOutData, $sCrt, OPENSSL_PKCS1_PADDING);
if ($iRet === TRUE) {
$sBase64EncodeOutData = base64_encode($sOutData);
return $sBase64EncodeOutData;
} else {
print "openssl_public_encrypt Error !";
return -1;
}
}
function password_add($Name, $Description, $Link, $Username, $Password)
{
global $pdo;
echo "Adding password";
$stmt = $pdo->prepare('insert into `passwords` set
`name` = :name,
`description` = :description,
`link` = :link,
`username` = :username
');
$stmt->bindValue(':name', $Name);
$stmt->bindValue(':description', $Description);
$stmt->bindValue(':link', $Link);
$stmt->bindValue(':username', $Username);
$stmt->execute();
$PasswordID = $pdo->lastInsertId();
// Go through every user, and insert a row for them, using their public key
$stmt = $pdo->prepare('select * from `users`');
$stmt->execute();
while ($row = $stmt->fetch(PDO::FETCH_ASSOC)) {
if (is_readable(PATH . 'keys/' . $row['username'] . '.pub')) {
openssl_public_encrypt($Password, $Encrypted, file_get_contents(PATH . 'keys/' . $row['username'] . '.pub'));
$stmt = $pdo->prepare('insert into `password_encrypted` set
`password_id` = :password_id,
`user_id` = :user_id,
`blob` = :blob
');
$stmt->bindValue(':password_id', $PasswordID, PDO::PARAM_INT);
$stmt->bindValue(':user_id', $row['id'], PDO::PARAM_INT);
$stmt->bindValue(':blob', $Encrypted, PDO::PARAM_LOB);
$stmt->execute();
}
}
return true;
}
function encrypt($text)
{
$encryptedText = "";
openssl_public_encrypt($text, $encryptedText, $this->StringPublicKey);
$encryptedText = base64_encode($encryptedText);
return $encryptedText;
}
function EncryptedPin($sPin, $sCardNo, $sPubKeyURL)
{
global $log;
$sPubKeyURL = trim(SDK_ENCRYPT_CERT_PATH, " ");
$fp = fopen($sPubKeyURL, "r");
if ($fp != NULL) {
$sCrt = fread($fp, 8192);
fclose($fp);
}
$sPubCrt = openssl_x509_read($sCrt);
if ($sPubCrt === FALSE) {
print "openssl_x509_read in false!";
return -1;
}
$sPubKey = openssl_x509_parse($sPubCrt);
$sInput = Pin2PinBlockWithCardNO($sPin, $sCardNo);
if ($sInput == 1) {
print "Pin2PinBlockWithCardNO Error ! : " . $sInput;
return 1;
}
$iRet = openssl_public_encrypt($sInput, $sOutData, $sCrt, OPENSSL_PKCS1_PADDING);
if ($iRet === TRUE) {
$sBase64EncodeOutData = base64_encode($sOutData);
return $sBase64EncodeOutData;
} else {
print "openssl_public_encrypt Error !";
return -1;
}
}
public function handshakeAction()
{
$sessStore = Container::getDefaultManager()->getStorage();
ob_start();
// get client sected
$cryptedClientSecred = $this->request->getContent();
$privKey = openssl_get_privatekey('file:///' . APP_DIR . '/data/keys/server.key');
openssl_private_decrypt(base64_decode($cryptedClientSecred), $clientSecred, $privKey);
$sessStore['c_secred'] = $clientSecred;
// identify client and load public key
$userid = $this->request->getHeader('X-API-User')->getFieldValue();
$sessStore['user_id'] = $userid;
$clientKey = file_get_contents(APP_DIR . '/data/keys/client_' . $userid . '.crt');
$sessStore['client_key'] = $clientKey;
// server secred
$characters = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
$key = '';
for ($i = 0; $i < 64; $i++) {
$key .= $characters[mt_rand(0, strlen($characters) - 1)];
}
$sessStore['s_secred'] = $key;
// send server secred
openssl_public_encrypt($key, $cryptedKey, $clientKey);
echo base64_encode($cryptedKey);
$this->response->setContent(ob_get_clean());
return $this->response;
}
public function encrypt($data)
{
$pubres = openssl_pkey_get_public($this->pubkey);
openssl_public_encrypt($data, $encrypted, $pubres);
$encrypted = base64_encode($encrypted);
return $encrypted;
}
/**
* {@inheritdoc}
*/
public function encrypt($data, $key)
{
$publicKey = openssl_pkey_get_public($key);
openssl_public_encrypt($data, $messageEncrypted, $publicKey);
openssl_free_key($publicKey);
return $messageEncrypted;
}
function encryptPublic($path, $plainText)
{
$fcontents = file_get_contents($path);
$publicKey = openssl_pkey_get_public($fcontents);
openssl_public_encrypt($plainText, $encrypted, $publicKey);
return $encrypted;
}
public function send($data)
{
if (openssl_public_encrypt($data, $result, $this->public)) {
return $result;
} else {
return false;
}
}
function EncryptData($source)
{
$fp = fopen(APP_DIR . '/../data/server.crt', 'r');
$pub_key = fread($fp, 8192);
fclose($fp);
openssl_public_encrypt($source, $crypttext, $pub_key);
return base64_encode($crypttext);
}
/**
* 对明文进行加密
*
* @param string $text 明文
*
* @return string 密文,并且进行base64转换
*/
static function encrypt($source)
{
global $cfg;
$prikey = $cfg['rsa']['pubkey'];
openssl_get_publickey($pubkey);
$res = openssl_public_encrypt($source, $crypttext, $pubkey, OPENSSL_PKCS1_PADDING);
return $res ? base64_encode($crypttext) : false;
}
public function encrypt($data, $pubkey)
{
$rs = '';
if (@openssl_public_encrypt($data, $rs, $pubkey) === FALSE) {
return NULL;
}
return $rs;
}
/**
* Encode a string.
* @param string $inString String to encode.
* @return string The method returns the encoded string.
* @throws \Exception
*/
public function encode($inString)
{
$result = null;
if (false === openssl_public_encrypt($inString, $result, $this->__publicKey)) {
throw new \Exception("An error occurred while encoding the text.");
}
return bin2hex($result);
}
public function encryptWithKey($input, $key)
{
if (openssl_public_encrypt($input, $encrypted, $key)) {
return $encrypted;
} else {
return FALSE;
}
}
/**
* 公钥加密
*
* @param string 明文
* @return string 密文(base64编码)
*/
function publickey_encodeing($sourcestr)
{
$key_content = file_get_contents("../server.crt");
$pubkeyid = openssl_get_publickey($key_content);
if (openssl_public_encrypt($sourcestr, $crypttext, $pubkeyid)) {
return base64_encode("" . $crypttext);
}
}
/**
* 通过公钥进行加密
*
* @param $dataStr
*
* @return string
*/
public static function rsaPublicEncrypt($dataStr)
{
$retData = '';
$resourceId = self::getResourceId(self::TYPE_PUBLIC_KEY);
openssl_public_encrypt($dataStr, $retData, $resourceId);
$retData = base64_encode($retData);
return $retData;
}
/**
* @param int $cekSizeBits
* @param string|resource $kek
* @param array $header
*
* @return array [cek, encryptedCek]
*/
public function wrapNewKey($cekSizeBits, $kek, array $header)
{
$cek = $this->randomGenerator->get($cekSizeBits / 8);
if (false == openssl_public_encrypt($cek, $cekEncrypted, $kek, $this->padding)) {
throw new JoseJwtException('Unable to encrypt CEK');
}
return [$cek, $cekEncrypted];
}
/**
* @param string $decrypted
*
* @return string
*/
public function encrypt(string $decrypted) : string
{
$status = openssl_public_encrypt($decrypted, $encrypted, $this);
if (!$status) {
throw new RuntimeException('Encrypt failed');
}
return $encrypted;
}
function derive_nonce($c_nonce)
{
// decrypt nonce
openssl_private_decrypt(base64_decode($c_nonce), $tmp_nonce, $this->idp_private_key);
// encrypt nonce with public key of the SP
openssl_public_encrypt($tmp_nonce, $tmp_c_nonce, $this->sp_public_key);
return array("nonce" => $tmp_nonce, "c_nonce" => base64_encode($tmp_c_nonce));
}
/**
* Encrypt a string
*
* @param $data string
* @return string an encrypted string
*/
public function encrypt($data)
{
$encrypted = "";
if (!openssl_public_encrypt($data, $encrypted, $this->getPublic())) {
throw new Exception("Encryption failed");
}
return $encrypted;
}
