public function seeMessageInResponse($message) { $response = $this->getModule('REST')->response; $response = json_decode($response); $data = base64_url_decode($response->data); $data = $this->aes->decrypt($data); file_put_contents('./dump.txt', $data); $data = json_decode($data); $this->assertEquals($message, $data->message); }
public function get_message($message) { $key = $this->key; if ($message) { $message = @base64_decode($message); if ($message) { $message = @unserialize($message); if ($message) { $cipher = new \Crypt_AES(CRYPT_AES_MODE_ECB); $cipher->setPassword($key, 'pbkdf2', 'sha256', $message['s'], 1000); if (@gmmktime() - $message['t'] > self::MAX_AGE) { return false; } $message = $cipher->decrypt($message['p']); if ($message) { $message = @unserialize($message); if ($message) { return $message; } } } } } return false; }
/** * Decrypts AES encrypted data * @param String $data Data to decrypt * @return String */ public function symmetricDecrypt($data) { if (!$this->isAesInitialized) { $this->initSymmetric(); } return $this->aes->decrypt($data); }
function AESDecrypt($ciphertext, $key, $IV) { $aes = new Crypt_AES(CRYPT_MODE_ECB); $aes->setKey(characet($key)); $aes->setIV(characet($IV)); return $aes->decrypt(hex2bin($ciphertext)); }
function _pugpig_bbappworld_decrypt($base64_encrypted, $password) { $cipher = new Crypt_AES(CRYPT_AES_MODE_ECB); // keys are null-padded to the closest valid size // longer than the longest key and it's truncated $cipher->setKey($password); return $cipher->decrypt(base64_decode($base64_encrypted)); }
protected function decodeResponse($received) { $aes = new Crypt_AES(); $aes->setKey($this->key); $data = $aes->decrypt(base64_decode(substr($received, 28))); $decoder = new XmlrpcDecoder(); return $decoder->decodeResponse($data); }
/** * Decrypt the provided data using AES cryptography with the provided key and IV * * @param string $data Data to decrypt * @param string $key Cipher key used to encrypt the data * @param string $iv IV used to encrypt the data * @param bool $base64Encoded Is the provided data Base64 encoded (defaults to true) * @return string Unencrypted data */ public function decryptAES($data, $key, $iv, $base64Encoded = true) { $data = $base64Encoded ? base64_decode($data) : $data; $cipher = new \Crypt_AES(); $cipher->setKey($key); $cipher->setIV($iv); $cipher->disablePadding(); $decrypted = rtrim($cipher->decrypt($data)); return $decrypted; }
/** * @dataProvider continuousBufferCombos */ public function testEncryptDecryptWithContinuousBuffer($mode, $plaintext, $iv, $key) { $aes = new Crypt_AES(constant($mode)); $aes->enableContinuousBuffer(); $aes->setIV($iv); $aes->setKey($key); $actual = ''; for ($i = 0, $strlen = strlen($plaintext); $i < $strlen; ++$i) { $actual .= $aes->decrypt($aes->encrypt($plaintext[$i])); } $this->assertEquals($plaintext, $actual); }
public static function decrypt($secret, $password, ApiKeyEncryptionOptions $options) { $decodedSecret = self::base64url_decode($secret); $salt = self::base64url_decode($options->getEncryptionKeySalt()); $iterations = $options->getEncryptionKeyIterations(); $keyLengthBits = $options->getEncryptionKeySize(); $iv = substr($decodedSecret, 0, 16); $aes = new \Crypt_AES(); $aes->setPassword($password, 'pbkdf2', 'sha1', $salt, $iterations, $keyLengthBits / 8); $aes->setKeyLength($keyLengthBits); $aes->setIV($iv); return $aes->decrypt(substr($decodedSecret, 16)); }
function fileRead($key) { $file = fopen("data.php", "r"); $aes = new Crypt_AES(); $aes->setKey($key); $tempdata = ""; if ($file) { $tempdata = file_get_contents("data.php"); $tempdata = substr($tempdata, strlen($GLOBALS["fileStart"])); $tempdata = $aes->decrypt(substr($tempdata, 0, -strlen($GLOBALS["fileEnd"]))); } fclose($file); return $tempdata; }
/** * Process the launchkey option to prepare for usage within the plugin. The option will have encrypted attributes * decrypted as well as set default values for any missing or unset attributes. * * @since 1.0.0 * * @param $input * * @return array */ public function post_get_option_filter($input) { // Define the defaults for attributes $defaults = static::get_defaults(); // If the input is empty (null) set it to an empty array $input ?: array(); // Merge the input array over the defaults array to set any know data to the response $output = array_merge($defaults, $input); // If the secret key attribute is not empty, decrypt it if (!empty($input[LaunchKey_WP_Options::OPTION_SECRET_KEY])) { $key = md5($input[LaunchKey_WP_Options::OPTION_SECRET_KEY]); if (empty($this->cache[$key])) { /** * Use the rocket key as the IV. If null, use the static value. * @link https://docs.launchkey.com/glossary.html#term-iv */ $iv = empty($output[LaunchKey_WP_Options::OPTION_ROCKET_KEY]) ? static::STATIC_IV : $output[LaunchKey_WP_Options::OPTION_ROCKET_KEY]; $this->crypt_aes->setIV($iv); /** * Decrypt the Base64 decoded string and set it as the output value * @link https://docs.launchkey.com/glossary.html#term-base64 */ $this->cache[$key] = $this->crypt_aes->decrypt(base64_decode($input[LaunchKey_WP_Options::OPTION_SECRET_KEY])); } $output[LaunchKey_WP_Options::OPTION_SECRET_KEY] = $this->cache[$key]; } // If the private key attribute is not empty, decrypt it if (!empty($input[LaunchKey_WP_Options::OPTION_PRIVATE_KEY])) { $key = md5($input[LaunchKey_WP_Options::OPTION_PRIVATE_KEY]); if (empty($this->cache[$key])) { /** * Use the decrypted secret key as the IV. If null, use the static value. * @link https://docs.launchkey.com/glossary.html#term-iv */ $iv = empty($output[LaunchKey_WP_Options::OPTION_SECRET_KEY]) ? static::STATIC_IV : $output[LaunchKey_WP_Options::OPTION_SECRET_KEY]; $this->crypt_aes->setIV($iv); /** * Decrypt the Base64 decoded string and set it as the output value * @link https://docs.launchkey.com/glossary.html#term-base64 * * We are suppressing errors as */ $this->cache[$key] = @$this->crypt_aes->decrypt(base64_decode($input[LaunchKey_WP_Options::OPTION_PRIVATE_KEY])); } $output[LaunchKey_WP_Options::OPTION_PRIVATE_KEY] = $this->cache[$key]; } return $output; }
public function pac_message_receiver() { $content = Req::post("content"); if (!isset($content)) { $this->returnXML("false", "S09", "返回报文为空"); } $signature = Req::post("data_digest"); if (!isset($signature)) { $this->returnXML("false", "S09", "返回报文为空"); } Tiny::log("异步审批结果回执信息【content:" . $content . "】data_digest【" . $signature . "】"); // 测试密钥 $aeskey = base64_decode($this->jkf['aes_key']); //AES解密,采用ECB模式 $aes = new Crypt_AES(CRYPT_MODE_ECB); //设置AES密钥 $aes->setKey($aeskey); //解密AES密文 $plaintext = $aes->decrypt(base64_decode($content)); //测试rsa公钥 $publickey = $this->jkf['public_key']; $rsa = new Crypt_RSA(); //设置RSA签名模式 CRYPT_RSA_SIGNATURE_PSS or CRYPT_RSA_SIGNATURE_PKCS1 $rsa->setSignatureMode(CRYPT_RSA_SIGNATURE_PKCS1); //使用RSA公钥验证签名 $rsa->loadKey(base64_decode($publickey)); //签名通过 if ($rsa->verify($plaintext, base64_decode($signature))) { $contentXML = simplexml_load_string($plaintext); $businessType = (string) $contentXML->head->businessType; $model = new GatewayModel(); if ($businessType == "RESULT") { $model->insertResult($contentXML, "1"); } else { if ($businessType == "PRODUCT_RECORD") { $model->insertExamineResult($contentXML); } } $this->returnXML(); } else { $this->returnXML("false", "S02", "非法的数字签名"); } }
/** * Decryption using blowfish algorithm (mcrypt) * or phpseclib's AES if mcrypt not available * * @param string $encdata encrypted data * @param string $secret the secret * * @return string original data */ public function blowfishDecrypt($encdata, $secret) { global $iv; if (!function_exists('mcrypt_encrypt')) { include_once "./libraries/phpseclib/Crypt/AES.php"; $cipher = new Crypt_AES(CRYPT_AES_MODE_ECB); $cipher->setKey($secret); return $cipher->decrypt(base64_decode($encdata)); } else { $data = base64_decode($encdata); $decrypted = mcrypt_decrypt(MCRYPT_BLOWFISH, $secret, $data, MCRYPT_MODE_CBC, $iv); return trim($decrypted); } }
/** * Decryption using blowfish algorithm (mcrypt) * or phpseclib's AES if mcrypt not available * * @param string $encdata encrypted data * @param string $secret the secret * * @return string original data */ public function blowfishDecrypt($encdata, $secret) { if (is_null($this->_blowfish_iv)) { $this->_blowfish_iv = base64_decode($_COOKIE['pma_mcrypt_iv'], true); } if (!function_exists('mcrypt_encrypt')) { include_once PHPSECLIB_INC_DIR . '/Crypt/AES.php'; $cipher = new Crypt_AES(CRYPT_AES_MODE_ECB); $cipher->setKey($secret); return $cipher->decrypt(base64_decode($encdata)); } else { $data = base64_decode($encdata); $decrypted = mcrypt_decrypt(MCRYPT_BLOWFISH, $secret, $data, MCRYPT_MODE_CBC, $this->_blowfish_iv); return trim($decrypted); } }
/** * Decrypt the given AES ciphertext * * The mode is CBC, the key is derived using pbkdf2 * * @param string $ciphertext The encrypted data * @param string $secret The secret/password that shall be used * @return string The decrypted data */ function auth_decrypt($ciphertext, $secret) { $iv = substr($ciphertext, 0, 16); $cipher = new Crypt_AES(); $cipher->setPassword($secret); $cipher->setIV($iv); return $cipher->decrypt(substr($ciphertext, 16)); }
$oldPassphrase = 'isEmpty = TRUE;'; $newPassphrase = hash('sha512', md5(str_shuffle(time()))); if (is_writable("../.ssh/passphrase")) { $handle = fopen('../.ssh/passphrase', 'w'); fwrite($handle, $newPassphrase); fclose($handle); } //---------------------------------------------------------+ require_once "../libs/phpseclib/Crypt/AES.php"; $aes = new Crypt_AES(); $aes->setKeyLength(256); //---------------------------------------------------------+ $boxes = mysql_query("SELECT `boxid`, `password` FROM `" . DBPREFIX . "box`"); while ($rowsBoxes = mysql_fetch_assoc($boxes)) { $aes->setKey($oldPassphrase); $password = $aes->decrypt($rowsBoxes['password']); $aes->setKey($newPassphrase); $password = $aes->encrypt($password); query_basic("UPDATE `" . DBPREFIX . "box` SET `password` = '" . mysql_real_escape_string($password) . "' WHERE `boxid` = '" . $rowsBoxes['boxid'] . "'"); unset($password); } unset($boxes); } unset($line); //---------------------------------------------------------+ //Updating structure for table "log" query_basic("ALTER TABLE `" . DBPREFIX . "log` ADD `scriptid` int(8) UNSIGNED NULL"); //---------------------------------------------------------+ //Updating structure for table "script" query_basic("ALTER TABLE `" . DBPREFIX . "script` CHANGE `daemon` `type` int(1) NOT NULL "); //Updating data for table "config"
function mmb_parse_request() { global $mmb_core, $wp_db_version, $_wp_using_ext_object_cache, $_mwp_data, $_mwp_auth; $_wp_using_ext_object_cache = false; @set_time_limit(1200); if (isset($_mwp_data['setting'])) { if (array_key_exists("dataown", $_mwp_data['setting'])) { $oldconfiguration = array("dataown" => $_mwp_data['setting']['dataown']); $mmb_core->save_options($oldconfiguration); unset($_mwp_data['setting']['dataown']); } $configurationService = new MWP_Configuration_Service(); $configuration = new MWP_Configuration_Conf($_mwp_data['setting']); $configurationService->saveConfiguration($configuration); } if ($_mwp_data['action'] === 'add_site') { mmb_add_site($_mwp_data['params']); mmb_response('You should never see this.', false); } /* in case database upgrade required, do database backup and perform upgrade ( wordpress wp_upgrade() function ) */ if (strlen(trim($wp_db_version)) && !defined('ACX_PLUGIN_DIR')) { if (get_option('db_version') != $wp_db_version) { /* in multisite network, please update database manualy */ if (!is_multisite()) { if (!function_exists('wp_upgrade')) { include_once ABSPATH . 'wp-admin/includes/upgrade.php'; } ob_clean(); @wp_upgrade(); @do_action('after_db_upgrade'); ob_end_clean(); } } } if (isset($_mwp_data['params']['secure'])) { if (is_array($_mwp_data['params']['secure'])) { $secureParams = $_mwp_data['params']['secure']; foreach ($secureParams as $key => $value) { $secureParams[$key] = base64_decode($value); } $_mwp_data['params']['secure'] = $secureParams; } else { $_mwp_data['params']['secure'] = base64_decode($_mwp_data['params']['secure']); } if ($decrypted = $mmb_core->_secure_data($_mwp_data['params']['secure'])) { $decrypted = maybe_unserialize($decrypted); if (is_array($decrypted)) { foreach ($decrypted as $key => $val) { if (!is_numeric($key)) { $_mwp_data['params'][$key] = $val; } } unset($_mwp_data['params']['secure']); } else { $_mwp_data['params']['secure'] = $decrypted; } } if (!$decrypted && $mmb_core->get_random_signature() !== false) { require_once dirname(__FILE__) . '/src/PHPSecLib/Crypt/AES.php'; $cipher = new Crypt_AES(CRYPT_AES_MODE_ECB); $cipher->setKey($mmb_core->get_random_signature()); $decrypted = $cipher->decrypt($_mwp_data['params']['secure']); $_mwp_data['params']['account_info'] = json_decode($decrypted, true); } } $logData = array('action' => $_mwp_data['action'], 'action_parameters' => $_mwp_data['params'], 'action_settings' => $_mwp_data['setting']); if (!empty($_mwp_data['setting'])) { $logData['settings'] = $_mwp_data['setting']; } mwp_logger()->debug('Master request: "{action}"', $logData); }
public function decrypt_data($input_str, $key = SEC_STR) { $aes = new Crypt_AES(); $aes->setKey($key); return $aes->decrypt($input_str); }
function getPassword($pwd = null, $iv_field = "iv") { if (is_null($pwd)) { $pwd = $this->password; if (!$this->password) { return ""; } } try { $master_key_filepath = CAppUI::conf("master_key_filepath"); $master_key_filepath = rtrim($master_key_filepath, "/"); if (CExchangeSource::checkMasterKeyFile($master_key_filepath)) { CAppUI::requireLibraryFile("phpseclib/phpseclib/Crypt/AES"); CAppUI::requireLibraryFile("phpseclib/phpseclib/Crypt/Random"); $cipher = new Crypt_AES(CRYPT_AES_MODE_CTR); $cipher->setKeyLength(256); $keyAB = file($master_key_filepath . "/.mediboard.key"); if (count($keyAB) == 2) { $cipher->setKey($keyAB[0] . $keyAB[1]); $ivToUse = $this->{$iv_field}; if (!$ivToUse) { $clear = $pwd; $this->store(); return $clear; } $cipher->setIV($ivToUse); $decrypted = rtrim(base64_decode($pwd), ""); $decrypted = $cipher->decrypt($decrypted); if ($decrypted) { return $decrypted; } } } } catch (Exception $e) { return $pwd; } return $pwd; }
static function ExtractDataPacket($data, $key, $options = array()) { $data = (string) $data; if (!isset($options["mode"])) { $options["mode"] = "ECB"; } if ($options["mode"] != "ECB" && (!isset($options["iv"]) || $options["iv"] == "")) { return false; } if (isset($options["key2"])) { $options2 = $options; if (isset($options["iv2"])) { $options["iv"] = $options["iv2"]; } else { unset($options["iv"]); } if (self::IsMcryptAvailable()) { $data = self::McryptDecrypt($data, $options["key2"], $options); } else { if (class_exists("Crypt_AES")) { $aes = new Crypt_AES($options["mode"] == "CBC" ? CRYPT_AES_MODE_CBC : CRYPT_AES_MODE_ECB); $aes->setKey($options["key2"]); if (isset($options["iv"])) { $aes->setIV($options["iv"]); } $aes->disablePadding(); $data = $aes->decrypt($data); } else { return false; } } $data = substr($data, 1) . substr($data, 0, 1); $options = $options2; } if (self::IsMcryptAvailable()) { $data = self::McryptDecrypt($data, $key, $options); } else { if (class_exists("Crypt_AES")) { $aes = new Crypt_AES($options["mode"] == "CBC" ? CRYPT_AES_MODE_CBC : CRYPT_AES_MODE_ECB); $aes->setKey($key); if (isset($options["iv"])) { $aes->setIV($options["iv"]); } $aes->disablePadding(); $data = $aes->decrypt($data); } else { return false; } } if ($data === false) { return false; } $pos = strpos($data, "\n"); if ($pos === false) { return false; } $data = substr($data, $pos + 1); $pos = strpos($data, "\n"); if ($pos === false) { return false; } $check = substr($data, 0, $pos); $data = substr($data, $pos + 1); $pos = strrpos($data, "\n"); if ($pos === false) { return false; } $data = substr($data, 0, $pos); if (!isset($options["lightweight"]) || !$options["lightweight"]) { if ($check !== strtolower(sha1($data))) { return false; } } else { if ($check !== strtolower(dechex(crc32($data)))) { return false; } } return $data; }
/** * Decrypt Session Credentials * * @param none * @return array * @access private */ private function decryptSessionCredentials() { if (!empty($this->session) && array_key_exists('CREDENTIALS', $this->session)) { switch (CONF_SEC_SESSION_METHOD) { case 'aes256': default: $cipher = new Crypt_AES(CRYPT_AES_MODE_ECB); $cipher->setKeyLength(256); $cipher->setKey($this->session_key); $credentials = unserialize($cipher->decrypt($this->session['CREDENTIALS'])); break; } return $credentials; } return array(); }
global $backupjobs; foreach ($backupjobs as $backupjob) { if ($backupjob['id'] == $jobid) { return $backupjob; } } return false; } $backup = GetBackupDetails($_REQUEST['id']); $backupjob = GetJobDetails($backup['id']); header('Content-Disposition: attachment; filename="' . basename($_REQUEST['id']) . '"'); set_include_path($config['path'] . '/libs/phpseclib'); include 'Crypt/AES.php'; $cipher = new Crypt_AES(CRYPT_AES_MODE_ECB); $cipher->setKey($backupjob['encryptionkey']); echo $cipher->decrypt(file_get_contents($config['path'] . '/files/' . $_REQUEST['id'])); logevent('User ' . $_SESSION['user'] . ' downloaded decrypted backup ' . $_REQUEST['id'], 'activity'); } else { echo 'File not found'; } } elseif (isset($_REQUEST['action']) && $_REQUEST['action'] == 'backupdelete' && isset($_REQUEST['id'])) { checkacl('deleteb'); if (file_exists($config['path'] . '/files/' . $_REQUEST['id'])) { if (unlink($config['path'] . '/files/' . $_REQUEST['id'])) { $backups = json_decode(file_get_contents($config['path'] . '/db/db-backups.json'), true); foreach ($backups as $key => $backup) { if ($backup['file'] == $_REQUEST['id']) { unset($backups[$key]); } } file_put_contents($config['path'] . '/db/db-backups.json', json_encode($backups));
function Encrypt($Cipher, $Val = false) { require_once "Crypt/AES.php"; $Cond = new Crypt_AES(); $Cond->setKey(AESKEY); if ($Val) { return $Cond->decrypt($Cipher); } else { return $Cond->encrypt($Cipher); } }
/** * Decrypt data using Phorum's secret key. * This is used to decrypt data that was encrypted by the * {@link spamhurdles_encrypt()} function. * * @param $data * The data to decrypt. * * @return mixed * The decrypted data. This can be array data, if the original * data that was passed to {@link spamhurdles_encrypt()} was an array. */ function spamhurdles_decrypt($data) { global $PHORUM; $aes = new Crypt_AES(); $aes->setKey($PHORUM['private_key']); // Don't splash decrypting and unpacking warnings all over the browser. $decrypted = @$aes->decrypt(base64_decode($data)); $unpacked = @unserialize($decrypted); if ($decrypted === FALSE || $unpacked === FALSE) { trigger_error('Cannot decrypt the spam hurdles data. ' . 'This probably means that somebody or something tampered with ' . 'the crypted spam hurdles data string that was sent to the server.', E_USER_ERROR); } return $unpacked; }
require "../configuration.php"; require "./include.php"; require_once "../includes/func.ssh2.inc.php"; require_once "../libs/phpseclib/Crypt/AES.php"; require_once "../libs/gameinstaller/gameinstaller.php"; $title = T_('Box Game File Repositories'); if (query_numrows("SELECT `name` FROM `" . DBPREFIX . "box` WHERE `boxid` = '" . $boxid . "'") == 0) { exit('Error: BoxID is invalid.'); } $rows = query_fetch_assoc("SELECT * FROM `" . DBPREFIX . "box` WHERE `boxid` = '" . $boxid . "' LIMIT 1"); $games = mysql_query("SELECT * FROM `" . DBPREFIX . "game` ORDER BY `game`"); $aes = new Crypt_AES(); $aes->setKeyLength(256); $aes->setKey(CRYPT_KEY); // Get SSH2 Object OR ERROR String $ssh = newNetSSH2($rows['ip'], $rows['sshport'], $rows['login'], $aes->decrypt($rows['password'])); if (!is_object($ssh)) { $_SESSION['msg1'] = T_('Connection Error!'); $_SESSION['msg2'] = $ssh; $_SESSION['msg-type'] = 'error'; } $gameInstaller = new GameInstaller($ssh); include "./bootstrap/header.php"; /** * Notifications */ include "./bootstrap/notifications.php"; ?> <ul class="nav nav-tabs"> <li><a href="boxsummary.php?id=<?php echo $boxid;
/** * Decryption using openssl's AES or phpseclib's AES * (phpseclib uses mcrypt when it is available) * * @param string $encdata encrypted data * @param string $secret the secret * * @return string original data */ public function cookieDecrypt($encdata, $secret) { if (is_null($this->_cookie_iv)) { $this->_cookie_iv = base64_decode($_COOKIE['pma_iv-' . $GLOBALS['server']], true); } if (strlen($this->_cookie_iv) < $this->getIVSize()) { $this->createIV(); } if ($this->_useOpenSSL()) { return openssl_decrypt($encdata, 'AES-128-CBC', $secret, 0, $this->_cookie_iv); } else { $cipher = new Crypt_AES(CRYPT_AES_MODE_CBC); $cipher->setIV($this->_cookie_iv); $cipher->setKey($secret); return $cipher->decrypt(base64_decode($encdata)); } }
/** * Break a public or private key down into its constituant components * * @access private * @see _convertPublicKey() * @see _convertPrivateKey() * @param String $key * @param Integer $type * @return Array */ function _parseKey($key, $type) { if ($type != CRYPT_RSA_PUBLIC_FORMAT_RAW && !is_string($key)) { return false; } switch ($type) { case CRYPT_RSA_PUBLIC_FORMAT_RAW: if (!is_array($key)) { return false; } $components = array(); switch (true) { case isset($key['e']): $components['publicExponent'] = $key['e']->copy(); break; case isset($key['exponent']): $components['publicExponent'] = $key['exponent']->copy(); break; case isset($key['publicExponent']): $components['publicExponent'] = $key['publicExponent']->copy(); break; case isset($key[0]): $components['publicExponent'] = $key[0]->copy(); } switch (true) { case isset($key['n']): $components['modulus'] = $key['n']->copy(); break; case isset($key['modulo']): $components['modulus'] = $key['modulo']->copy(); break; case isset($key['modulus']): $components['modulus'] = $key['modulus']->copy(); break; case isset($key[1]): $components['modulus'] = $key[1]->copy(); } return isset($components['modulus']) && isset($components['publicExponent']) ? $components : false; case CRYPT_RSA_PRIVATE_FORMAT_PKCS1: case CRYPT_RSA_PUBLIC_FORMAT_PKCS1: /* Although PKCS#1 proposes a format that public and private keys can use, encrypting them is "outside the scope" of PKCS#1. PKCS#1 then refers you to PKCS#12 and PKCS#15 if you're wanting to protect private keys, however, that's not what OpenSSL* does. OpenSSL protects private keys by adding two new "fields" to the key - DEK-Info and Proc-Type. These fields are discussed here: http://tools.ietf.org/html/rfc1421#section-4.6.1.1 http://tools.ietf.org/html/rfc1421#section-4.6.1.3 DES-EDE3-CBC as an algorithm, however, is not discussed anywhere, near as I can tell. DES-CBC and DES-EDE are discussed in RFC1423, however, DES-EDE3-CBC isn't, nor is its key derivation function. As is, the definitive authority on this encoding scheme isn't the IETF but rather OpenSSL's own implementation. ie. the implementation *is* the standard and any bugs that may exist in that implementation are part of the standard, as well. * OpenSSL is the de facto standard. It's utilized by OpenSSH and other projects */ if (preg_match('#DEK-Info: (.+),(.+)#', $key, $matches)) { $iv = pack('H*', trim($matches[2])); $symkey = pack('H*', md5($this->password . substr($iv, 0, 8))); // symkey is short for symmetric key $symkey .= substr(pack('H*', md5($symkey . $this->password . $iv)), 0, 8); $ciphertext = preg_replace('#.+(\\r|\\n|\\r\\n)\\1|[\\r\\n]|-.+-| #s', '', $key); $ciphertext = preg_match('#^[a-zA-Z\\d/+]*={0,2}$#', $ciphertext) ? base64_decode($ciphertext) : false; if ($ciphertext === false) { $ciphertext = $key; } switch ($matches[1]) { case 'AES-128-CBC': if (!class_exists('Crypt_AES')) { require_once 'Crypt/AES.php'; } $symkey = substr($symkey, 0, 16); $crypto = new Crypt_AES(); break; case 'DES-EDE3-CFB': if (!class_exists('Crypt_TripleDES')) { require_once 'Crypt/TripleDES.php'; } $crypto = new Crypt_TripleDES(CRYPT_DES_MODE_CFB); break; case 'DES-EDE3-CBC': if (!class_exists('Crypt_TripleDES')) { require_once 'Crypt/TripleDES.php'; } $crypto = new Crypt_TripleDES(); break; case 'DES-CBC': if (!class_exists('Crypt_DES')) { require_once 'Crypt/DES.php'; } $crypto = new Crypt_DES(); break; default: return false; } $crypto->setKey($symkey); $crypto->setIV($iv); $decoded = $crypto->decrypt($ciphertext); } else { $decoded = preg_replace('#-.+-|[\\r\\n]| #', '', $key); $decoded = preg_match('#^[a-zA-Z\\d/+]*={0,2}$#', $decoded) ? base64_decode($decoded) : false; } if ($decoded !== false) { $key = $decoded; } $components = array(); if (ord($this->_string_shift($key)) != CRYPT_RSA_ASN1_SEQUENCE) { return false; } if ($this->_decodeLength($key) != strlen($key)) { return false; } $tag = ord($this->_string_shift($key)); /* intended for keys for which OpenSSL's asn1parse returns the following: 0:d=0 hl=4 l= 631 cons: SEQUENCE 4:d=1 hl=2 l= 1 prim: INTEGER :00 7:d=1 hl=2 l= 13 cons: SEQUENCE 9:d=2 hl=2 l= 9 prim: OBJECT :rsaEncryption 20:d=2 hl=2 l= 0 prim: NULL 22:d=1 hl=4 l= 609 prim: OCTET STRING */ if ($tag == CRYPT_RSA_ASN1_INTEGER && substr($key, 0, 3) == "0") { $this->_string_shift($key, 3); $tag = CRYPT_RSA_ASN1_SEQUENCE; } if ($tag == CRYPT_RSA_ASN1_SEQUENCE) { /* intended for keys for which OpenSSL's asn1parse returns the following: 0:d=0 hl=4 l= 290 cons: SEQUENCE 4:d=1 hl=2 l= 13 cons: SEQUENCE 6:d=2 hl=2 l= 9 prim: OBJECT :rsaEncryption 17:d=2 hl=2 l= 0 prim: NULL 19:d=1 hl=4 l= 271 prim: BIT STRING */ $this->_string_shift($key, $this->_decodeLength($key)); $tag = ord($this->_string_shift($key)); // skip over the BIT STRING / OCTET STRING tag $this->_decodeLength($key); // skip over the BIT STRING / OCTET STRING length // "The initial octet shall encode, as an unsigned binary integer wtih bit 1 as the least significant bit, the number of // unused bits in the final subsequent octet. The number shall be in the range zero to seven." // -- http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf (section 8.6.2.2) if ($tag == CRYPT_RSA_ASN1_BITSTRING) { $this->_string_shift($key); } if (ord($this->_string_shift($key)) != CRYPT_RSA_ASN1_SEQUENCE) { return false; } if ($this->_decodeLength($key) != strlen($key)) { return false; } $tag = ord($this->_string_shift($key)); } if ($tag != CRYPT_RSA_ASN1_INTEGER) { return false; } $length = $this->_decodeLength($key); $temp = $this->_string_shift($key, $length); if (strlen($temp) != 1 || ord($temp) > 2) { $components['modulus'] = new Math_BigInteger($temp, 256); $this->_string_shift($key); // skip over CRYPT_RSA_ASN1_INTEGER $length = $this->_decodeLength($key); $components[$type == CRYPT_RSA_PUBLIC_FORMAT_PKCS1 ? 'publicExponent' : 'privateExponent'] = new Math_BigInteger($this->_string_shift($key, $length), 256); return $components; } if (ord($this->_string_shift($key)) != CRYPT_RSA_ASN1_INTEGER) { return false; } $length = $this->_decodeLength($key); $components['modulus'] = new Math_BigInteger($this->_string_shift($key, $length), 256); $this->_string_shift($key); $length = $this->_decodeLength($key); $components['publicExponent'] = new Math_BigInteger($this->_string_shift($key, $length), 256); $this->_string_shift($key); $length = $this->_decodeLength($key); $components['privateExponent'] = new Math_BigInteger($this->_string_shift($key, $length), 256); $this->_string_shift($key); $length = $this->_decodeLength($key); $components['primes'] = array(1 => new Math_BigInteger($this->_string_shift($key, $length), 256)); $this->_string_shift($key); $length = $this->_decodeLength($key); $components['primes'][] = new Math_BigInteger($this->_string_shift($key, $length), 256); $this->_string_shift($key); $length = $this->_decodeLength($key); $components['exponents'] = array(1 => new Math_BigInteger($this->_string_shift($key, $length), 256)); $this->_string_shift($key); $length = $this->_decodeLength($key); $components['exponents'][] = new Math_BigInteger($this->_string_shift($key, $length), 256); $this->_string_shift($key); $length = $this->_decodeLength($key); $components['coefficients'] = array(2 => new Math_BigInteger($this->_string_shift($key, $length), 256)); if (!empty($key)) { if (ord($this->_string_shift($key)) != CRYPT_RSA_ASN1_SEQUENCE) { return false; } $this->_decodeLength($key); while (!empty($key)) { if (ord($this->_string_shift($key)) != CRYPT_RSA_ASN1_SEQUENCE) { return false; } $this->_decodeLength($key); $key = substr($key, 1); $length = $this->_decodeLength($key); $components['primes'][] = new Math_BigInteger($this->_string_shift($key, $length), 256); $this->_string_shift($key); $length = $this->_decodeLength($key); $components['exponents'][] = new Math_BigInteger($this->_string_shift($key, $length), 256); $this->_string_shift($key); $length = $this->_decodeLength($key); $components['coefficients'][] = new Math_BigInteger($this->_string_shift($key, $length), 256); } } return $components; case CRYPT_RSA_PUBLIC_FORMAT_OPENSSH: $key = base64_decode(preg_replace('#^ssh-rsa | .+$#', '', $key)); if ($key === false) { return false; } $cleanup = substr($key, 0, 11) == "ssh-rsa"; if (strlen($key) <= 4) { return false; } extract(unpack('Nlength', $this->_string_shift($key, 4))); $publicExponent = new Math_BigInteger($this->_string_shift($key, $length), -256); if (strlen($key) <= 4) { return false; } extract(unpack('Nlength', $this->_string_shift($key, 4))); $modulus = new Math_BigInteger($this->_string_shift($key, $length), -256); if ($cleanup && strlen($key)) { if (strlen($key) <= 4) { return false; } extract(unpack('Nlength', $this->_string_shift($key, 4))); $realModulus = new Math_BigInteger($this->_string_shift($key, $length), -256); return strlen($key) ? false : array('modulus' => $realModulus, 'publicExponent' => $modulus); } else { return strlen($key) ? false : array('modulus' => $modulus, 'publicExponent' => $publicExponent); } // http://www.w3.org/TR/xmldsig-core/#sec-RSAKeyValue // http://en.wikipedia.org/wiki/XML_Signature // http://www.w3.org/TR/xmldsig-core/#sec-RSAKeyValue // http://en.wikipedia.org/wiki/XML_Signature case CRYPT_RSA_PRIVATE_FORMAT_XML: case CRYPT_RSA_PUBLIC_FORMAT_XML: $this->components = array(); $xml = xml_parser_create('UTF-8'); xml_set_object($xml, $this); xml_set_element_handler($xml, '_start_element_handler', '_stop_element_handler'); xml_set_character_data_handler($xml, '_data_handler'); if (!xml_parse($xml, $key)) { return false; } return isset($this->components['modulus']) && isset($this->components['publicExponent']) ? $this->components : false; // from PuTTY's SSHPUBK.C // from PuTTY's SSHPUBK.C case CRYPT_RSA_PRIVATE_FORMAT_PUTTY: $components = array(); $key = preg_split('#\\r\\n|\\r|\\n#', $key); $type = trim(preg_replace('#PuTTY-User-Key-File-2: (.+)#', '$1', $key[0])); if ($type != 'ssh-rsa') { return false; } $encryption = trim(preg_replace('#Encryption: (.+)#', '$1', $key[1])); $publicLength = trim(preg_replace('#Public-Lines: (\\d+)#', '$1', $key[3])); $public = base64_decode(implode('', array_map('trim', array_slice($key, 4, $publicLength)))); $public = substr($public, 11); extract(unpack('Nlength', $this->_string_shift($public, 4))); $components['publicExponent'] = new Math_BigInteger($this->_string_shift($public, $length), -256); extract(unpack('Nlength', $this->_string_shift($public, 4))); $components['modulus'] = new Math_BigInteger($this->_string_shift($public, $length), -256); $privateLength = trim(preg_replace('#Private-Lines: (\\d+)#', '$1', $key[$publicLength + 4])); $private = base64_decode(implode('', array_map('trim', array_slice($key, $publicLength + 5, $privateLength)))); switch ($encryption) { case 'aes256-cbc': if (!class_exists('Crypt_AES')) { require_once 'Crypt/AES.php'; } $symkey = ''; $sequence = 0; while (strlen($symkey) < 32) { $temp = pack('Na*', $sequence++, $this->password); $symkey .= pack('H*', sha1($temp)); } $symkey = substr($symkey, 0, 32); $crypto = new Crypt_AES(); } if ($encryption != 'none') { $crypto->setKey($symkey); $crypto->disablePadding(); $private = $crypto->decrypt($private); if ($private === false) { return false; } } extract(unpack('Nlength', $this->_string_shift($private, 4))); if (strlen($private) < $length) { return false; } $components['privateExponent'] = new Math_BigInteger($this->_string_shift($private, $length), -256); extract(unpack('Nlength', $this->_string_shift($private, 4))); if (strlen($private) < $length) { return false; } $components['primes'] = array(1 => new Math_BigInteger($this->_string_shift($private, $length), -256)); extract(unpack('Nlength', $this->_string_shift($private, 4))); if (strlen($private) < $length) { return false; } $components['primes'][] = new Math_BigInteger($this->_string_shift($private, $length), -256); $temp = $components['primes'][1]->subtract($this->one); $components['exponents'] = array(1 => $components['publicExponent']->modInverse($temp)); $temp = $components['primes'][2]->subtract($this->one); $components['exponents'][] = $components['publicExponent']->modInverse($temp); extract(unpack('Nlength', $this->_string_shift($private, 4))); if (strlen($private) < $length) { return false; } $components['coefficients'] = array(2 => new Math_BigInteger($this->_string_shift($private, $length), -256)); return $components; } }
// загружаем сами тр-ии $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 10); curl_setopt($ch, CURLOPT_TIMEOUT, 30); curl_setopt($ch, CURLOPT_POST, 1); curl_setopt($ch, CURLOPT_POSTFIELDS, 'data=' . urlencode($encrypted_data)); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); $encrypted_tx_set = curl_exec($ch); curl_close($ch); debug_print('$encrypted_tx_set=' . $encrypted_tx_set, __FILE__, __LINE__, __FUNCTION__, __CLASS__, __METHOD__); debug_print('$my_key=' . $my_key, __FILE__, __LINE__, __FUNCTION__, __CLASS__, __METHOD__); $aes = new Crypt_AES(); $aes->setKey($my_key); // теперь в $binary_tx будут обычные тр-ии $binary_tx = $aes->decrypt($encrypted_tx_set); unset($aes); debug_print('$binary_tx=' . $binary_tx, __FILE__, __LINE__, __FUNCTION__, __CLASS__, __METHOD__); // разберем полученные тр-ии do { $tx_size = ParseData::decode_length($binary_tx); $tx_binary_data = ParseData::string_shift($binary_tx, $tx_size); debug_print('$tx_binary_data=' . $tx_binary_data, __FILE__, __LINE__, __FUNCTION__, __CLASS__, __METHOD__); list(, $tx_hex) = unpack("H*", $tx_binary_data); if (!$tx_binary_data) { continue; } // проверим размер if (strlen($tx_binary_data) > $variables['max_tx_size']) { debug_print('strlen($binary_tx) > $variables[max_tx_size]', __FILE__, __LINE__, __FUNCTION__, __CLASS__, __METHOD__); die("error tx size");
<?php $rootPath = realpath(__DIR__ . '/../'); set_include_path(get_include_path() . PATH_SEPARATOR . $rootPath . '/source/php/libs/phpseclib/'); include 'Crypt/AES.php'; $plaintext = 'This is the plain text to encrypt'; $aes = new Crypt_AES(); $aes->setKey('abcdefghijklmnop'); $ciphertext = $aes->encrypt($plaintext); echo $aes->decrypt($ciphertext);
function decryptFile($filename, $key) { include_once CL_ROOT . "/include/phpseclib/Crypt/AES.php"; $cipher = new Crypt_AES(); // could use CRYPT_AES_MODE_CBC $cipher->setPassword($key); $ciphertext = file_get_contents($filename); //echo $cipher->decrypt($cipher->encrypt($plaintext)); return $cipher->decrypt($ciphertext); }