<?php
include '../phpseclib/vendor/autoload.php';
$rsa_signer = new \phpseclib\Crypt\RSA();
$private = file_get_contents('private.pem');
$rsa_signer->setPassword('VdcpDTWTc5Aehxgv2uL9haaFddDBhrc8uCMG3ykg');
$rsa_signer->load($private);
$rsa_signer->setHash('sha512');
$rsa_signer->setMGFHash('sha512');
$message = 'Litwo Ojczyzno moja, ty jesteś jak zdrowie';
$signature = $rsa_signer->sign($message, phpseclib\Crypt\RSA::PADDING_PSS);
$signature_base64 = base64_encode($signature);
echo 'Message: ' . $message . "\r\n";
echo 'Signature (RAW): ' . $signature . "\r\n";
echo 'Signature (base64): ' . $signature_base64 . "\r\n";
echo '------------------------------------DECODING------------------------------------------' . "\r\n";
$rsa_verifier = new \phpseclib\Crypt\RSA();
$rsa_verifier->setHash('sha512');
$rsa_verifier->setMGFHash('sha512');
$public = file_get_contents('public.pem');
$rsa_verifier->load($public);
$verification = $rsa_verifier->verify($message, $signature);
echo 'Verified: ' . ($verification ? 'TRUE' : 'FALSE');
/**
* @param string $hashtype
* @param object $key
* @throws OpenIDConnectClientException
* @return bool
*/
private function verifyRSAJWTsignature($hashtype, $key, $payload, $signature)
{
if (!class_exists('\\phpseclib\\Crypt\\RSA')) {
throw new OpenIDConnectClientException('Crypt_RSA support unavailable.');
}
if (!(property_exists($key, 'n') and property_exists($key, 'e'))) {
throw new OpenIDConnectClientException('Malformed key object');
}
/* We already have base64url-encoded data, so re-encode it as
regular base64 and use the XML key format for simplicity.
*/
$public_key_xml = "<RSAKeyValue>\r\n" . " <Modulus>" . b64url2b64($key->n) . "</Modulus>\r\n" . " <Exponent>" . b64url2b64($key->e) . "</Exponent>\r\n" . "</RSAKeyValue>";
$rsa = new \phpseclib\Crypt\RSA();
$rsa->setHash($hashtype);
$rsa->loadKey($public_key_xml, \phpseclib\Crypt\RSA::PUBLIC_FORMAT_XML);
$rsa->signatureMode = \phpseclib\Crypt\RSA::SIGNATURE_PKCS1;
return $rsa->verify($payload, $signature);
}
$private = file_get_contents('private.pem');
//This private key is password protected, so load key
$rsa_private->setPassword($password);
//load the private key
$rsa_private->load($private);
//set hash (I chose sha512 because sha1 apparently has collisions)
$rsa_private->setHash('sha512');
//set MGF hash
$rsa_private->setMGFHash('sha512');
//Create new RSA Object - public key
$rsa_public = new \phpseclib\Crypt\RSA();
//Get public key (in this case content of file)
$public = file_get_contents('public.pem');
//load the public key
$rsa_public->load($public);
//set hash
$rsa_public->setHash('sha512');
//set MGF hash
$rsa_public->setMGFHash('sha512');
echo 'Plaintext: ' . $plaintext . PHP_EOL;
//encrypt with public key and OAEP as padding
$ciphertext_raw = $rsa_public->encrypt($plaintext, phpseclib\Crypt\RSA::PADDING_OAEP);
echo 'Ciphertext (RAW): ' . $ciphertext_raw . PHP_EOL;
//Encode as base64 for better management
$ciphertext = base64_encode($ciphertext_raw);
echo 'Ciphertext (base64): ' . $ciphertext . PHP_EOL;
//Decode from base64 then decrypt with private key
$decrypted = $rsa_private->decrypt(base64_decode($ciphertext));
echo 'Decrypted: ' . $decrypted . PHP_EOL;
//Is everything ok?
var_dump($plaintext == $decrypted);
<?php
include '../phpseclib/vendor/autoload.php';
$rsa = new \phpseclib\Crypt\RSA();
$public = file_get_contents('public.pem');
$rsa->load($public);
$rsa->setHash('sha512');
$rsa->setMGFHash('sha512');
echo 'n= ' . $rsa->modulus . PHP_EOL;
echo 'e= ' . $rsa->exponent . PHP_EOL;
echo 'Bits: ' . $rsa->getSize() . ' bits.' . '(' . strlen($rsa->modulus) . ')' . PHP_EOL;
echo PHP_EOL;
echo $rsa->getPublicKey('PKCS1') . PHP_EOL;