echo "make sure you DELETE the private key (.key file) and DO NOT UPLOAD the .key file to your server.";
exit;
}
//
// The remote user is requesting a public certificate.
//
if (isset($_POST['getkey'])) {
echo file_get_contents($PublicKeyFile);
exit;
}
//
// The remote user is sending an encrypted AES key and iv to use for encrypting.
//
if (isset($_POST['key']) && isset($_POST['iv'])) {
include $PrivateKeyFile;
$rsa = new RSA();
$rsa->setEncryptionMode(RSA_ENCRYPTION_PKCS1);
$rsa->loadKey($PrivateRSAKey);
$_SESSION['key'] = Base64UrlEncode($rsa->decrypt(Base64UrlDecode($_POST['key'])));
$_SESSION['iv'] = Base64UrlEncode($rsa->decrypt(Base64UrlDecode($_POST['iv'])));
SendEncryptedResponse("AES OK");
}
//
// The remote user is sending an AES encrypted message.
//
if (isset($_SESSION['key']) && isset($_SESSION['iv']) && isset($_POST['data'])) {
$aes = new AES(AES_MODE_CBC);
$aes->setKeyLength(256);
$aes->setKey(Base64UrlDecode($_SESSION['key']));
$aes->setIV(Base64UrlDecode($_SESSION['iv']));
$aes->enablePadding();
<?php
//
// Copyright (c) 2011 Scott Clayton
//
// This file is part of the C# to PHP Encryption Library.
//
// The C# to PHP Encryption Library is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// The C# to PHP Encryption Library is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with the C# to PHP Encryption Library. If not, see <http://www.gnu.org/licenses/>.
//
use Simbacode\Xcrypto\Crypt\RSA;
$code = str_replace(array('_', '-'), array('/', '+'), $_POST['code']);
$code = base64_decode($code);
$rsa = new RSA();
$rsa->setEncryptionMode(RSA_ENCRYPTION_PKCS1);
// The key is hardcoded in on both the client and server side of this example
$rsa->loadKey("-----BEGIN RSA PRIVATE KEY-----\nMIICXgIBAAKBgQCixMLZ4Ug97FDIncnKMAIbqcufTzIfBWF+nmysuDWKhIhTjc67\no5BrQGYJlGggEARJhnHwVA1XeHsO9l44pKtFoQVI7vsJqyHIJ0HCDAFzJGdoAVdd\nkpLws0ayX+c6jtKwtMf7QZYv+Oihq88mC5eyt0BcdzEDzb1TvsP29HKGrQIDAQAB\nAoGBAJRE7kYxLHCT+wa0jWOrldADPSRSrRKLAUOpJs+zQbp7ff+2trJAjcbVM93Y\nHX3PeUhMuy+0MS8T5e08SZoJjqV7y4P35+NlkDg0OFoP/1fgK+0T58+hSQeA0plL\n5gEWuRaQjnD0H10L/BWa17yPK0Us3vxMPkGsy1hzhia8v6fBAkEA0JjRPY9XOr6d\nF9xgfhMEuL5vMkcFy3a95zj0AyMNqz1z9O2SO8YDXF/N9MPaH2aoAadIzF1IhJEU\nullJcXnKsQJBAMfB3h5iSZdSRy82QLWyvYxQvL2iA6orsmJH8TfRbQYwE/Ls4944\nFJVTUz3R9Ay2vutjYA9qs5noAvhu1hC6gr0CQBN9I5d3y/OOGYlAKre8uSU1jZgJ\n8K2ow2dV995PKRjFng7VH2N8RZYc0VY78iYa5jl5UqDdWkggcepTKzxx35ECQQC2\nC5ovuocynss83YaPkHtp+tJnR9VrKjOBmerdYcCoGPy1MOphxF4N0EhWWJa/V3Qa\n9Q/APQ+8vVKnseroh/FJAkEAgUYfyaKCsrPA2GP8y5wohgz9828uy4seFDJKD1SA\nh+oCNW4VbM0cHtaAqddQXxJE1Yf+2FFEh5+nmTZkH8neYA==\n-----END RSA PRIVATE KEY-----\n");
$plaintext = $rsa->decrypt($code);
echo "The text was " . $plaintext . ".";
/**
* used to decrypt a message
*
* @param type $key
* @param type $iv
* @param type $data
* @return type
*/
public function DecryptMessage($data)
{
$rsa = new RSA();
$rsa->setEncryptionMode(RSA_ENCRYPTION_PKCS1);
$rsa->loadKey($this->PrivateKeyFileString);
if (isset($this->key) && isset($this->iv) && isset($data)) {
$aes = new AES(AES_MODE_CBC);
$aes->setKeyLength(256);
$aes->setKey($this->Base64UrlDecode($this->key));
$aes->setIV($this->Base64UrlDecode($this->iv));
$aes->enablePadding();
// This is PKCS
$this->AESMessage = $aes->decrypt($this->Base64UrlDecode($data));
return $this->AESMessage;
}
}
