/** * Decrypt with RSAES-OAEP + MGF1+SHA256 * * @param string $ciphertext * @param PrivateKey $rsaPrivateKey * @return string * @throws InvalidCiphertextException */ protected static function rsaDecrypt($ciphertext, PrivateKey $rsaPrivateKey) { static $rsa = null; if (!$rsa) { $rsa = new RSA(); $rsa->setEncryptionMode(RSA::ENCRYPTION_OAEP); $rsa->setMGFHash('sha256'); } $rsa->loadKey($rsaPrivateKey->getKey()); $return = @$rsa->decrypt($ciphertext); if ($return === false) { throw new InvalidCiphertextException('Decryption failed'); } return $return; }