protected function initRsa($publicKeyFile) { if (!file_exists($publicKeyFile) || !is_readable($publicKeyFile)) { throw new \Exception('Public key file does not exist or is not readable.'); } $public_key = file_get_contents($publicKeyFile); $this->rsa = new \Crypt_RSA(); $x509 = new \File_X509(); $x509->loadX509($public_key); $this->rsa->loadKey($x509->getPublicKey()); $this->rsa->setEncryptionMode(CRYPT_RSA_ENCRYPTION_PKCS1); $this->rsa->setHash('sha1'); }
function activateKeyGen($key, $hwid, $privKey, $offline = false) { $rsa = new Crypt_RSA(); $rsa->loadKey($privKey); $rsa->setSignatureMode(CRYPT_RSA_SIGNATURE_PKCS1); $rsa->setHash('sha512'); $activateKey = $rsa->sign(sha1(base64_decode($key) . hash('sha512', $hwid, true))); if ($offline) { $license = '------BEGIN ACTIVATION KEY------' . "\r\n"; $license .= chunk_split(base64_encode($activateKey)); $license .= '------END ACTIVATION KEY------'; } else { $license = base64_encode($activateKey); } return $license; }
private function rsa($public_or_private_key, $padding_mode) { if ($public_or_private_key instanceof JOSE_JWK) { $rsa = $public_or_private_key->toKey(); } else { if ($public_or_private_key instanceof Crypt_RSA) { $rsa = $public_or_private_key; } else { $rsa = new Crypt_RSA(); $rsa->loadKey($public_or_private_key); } } $rsa->setHash($this->digest()); $rsa->setMGFHash($this->digest()); $rsa->setSignatureMode($padding_mode); return $rsa; }
public static function CreateLicense($licensee, $type) { // Gleiche Generalisierung wie am Client: $licenseeGen = self::GeneralizeDataString($licensee); $dataStr = $licenseeGen . (int) $type; // "ERIKAMUSTERMANN2" $rsa = new Crypt_RSA(); // Neue RSA-Klasse erstellen // Setzen der RSA-Optionen auf die, die auch am Client verwendet werden: $rsa->setPrivateKeyFormat(CRYPT_RSA_PRIVATE_FORMAT_XML); $rsa->setHash('SHA1'); $rsa->setSignatureMode(CRYPT_RSA_SIGNATURE_PKCS1); // privaten Schlüssel laden $rsa->loadKey(self::privateKey); // Erstellen der Signatur $signature = $rsa->sign($dataStr); // Formatierte Lizenzdaten zurückgeben return self::FormatLicense($licensee, $type, $signature); }
/** * Validates a signature * * Returns true if the signature is verified, false if it is not correct or NULL on error * * @param String $publicKeyAlgorithm * @param String $publicKey * @param String $signatureAlgorithm * @param String $signature * @param String $signatureSubject * @access private * @return Integer */ function _validateSignature($publicKeyAlgorithm, $publicKey, $signatureAlgorithm, $signature, $signatureSubject) { switch ($publicKeyAlgorithm) { case 'rsaEncryption': require_once 'Crypt/RSA.php'; $rsa = new Crypt_RSA(); $rsa->loadKey($publicKey); switch ($signatureAlgorithm) { case 'md2WithRSAEncryption': case 'md5WithRSAEncryption': case 'sha1WithRSAEncryption': case 'sha224WithRSAEncryption': case 'sha256WithRSAEncryption': case 'sha384WithRSAEncryption': case 'sha512WithRSAEncryption': $rsa->setHash(preg_replace('#WithRSAEncryption$#', '', $signatureAlgorithm)); $rsa->setSignatureMode(CRYPT_RSA_SIGNATURE_PKCS1); if (!@$rsa->verify($signatureSubject, $signature)) { return false; } break; default: return NULL; } break; default: return NULL; } return true; }
/** * @param string $hashtype * @param object $key * @throws OpenIDConnectClientException * @return bool */ private function verifyRSAJWTsignature($hashtype, $key, $payload, $signature) { if (!class_exists('Crypt_RSA')) { throw new OpenIDConnectClientException('Crypt_RSA support unavailable.'); } if (!(property_exists($key, 'n') and property_exists($key, 'e'))) { throw new OpenIDConnectClientException('Malformed key object'); } /* We already have base64url-encoded data, so re-encode it as regular base64 and use the XML key format for simplicity. */ $public_key_xml = "<RSAKeyValue>\r\n" . " <Modulus>" . b64url2b64($key->n) . "</Modulus>\r\n" . " <Exponent>" . b64url2b64($key->e) . "</Exponent>\r\n" . "</RSAKeyValue>"; $rsa = new Crypt_RSA(); $rsa->setHash($hashtype); $rsa->loadKey($public_key_xml, CRYPT_RSA_PUBLIC_FORMAT_XML); $rsa->signatureMode = CRYPT_RSA_SIGNATURE_PKCS1; return $rsa->verify($payload, $signature); }
public function rsa($hashAlg, $key) { $rsa = new Crypt_RSA(); $rsa->loadKey($key); $rsa->setHash($hashAlg); $rsa->setSignatureMode(CRYPT_RSA_SIGNATURE_PKCS1); return $rsa; }
/** * @param $rsaKey * @return \Crypt_RSA */ private function getSignor($rsaKey, $password = null) { $crypt = new \Crypt_RSA(); $crypt->loadKey($rsaKey); $crypt->setPassword($password); $crypt->setHash('sha256'); $crypt->setSignatureMode(CRYPT_RSA_SIGNATURE_PKCS1); return $crypt; }
public function verify_signature($message, $signature, $key, $hash_algorithm = 'sha256') { $this->ensure_crypto_loaded(); $rsa = new Crypt_RSA(); $rsa->setHash(strtolower($hash_algorithm)); // This is not the default, but is what we use $rsa->setSignatureMode(CRYPT_RSA_SIGNATURE_PKCS1); $rsa->loadKey($key); // Don't hash it - Crypt_RSA::verify() already does that // $hash = new Crypt_Hash($hash_algorithm); // $hashed = $hash->hash($message); $verified = $rsa->verify($message, base64_decode($signature)); if ($this->debug) { $this->log('Signature verification result: ' . serialize($verified)); } return $verified; }
protected function verify_phpseclib($data, $sigBin, $publickey, $algo = 'sha256WithRSAEncryption') { $isHash = preg_match("/^([a-z]+[0-9]).+/", $algo, $hashinfo); $hash = $isHash ? $hashinfo[1] : 'sha256'; $rsa = new Crypt_RSA(); $rsa->setHash($hash); $rsa->setSignatureMode(CRYPT_RSA_SIGNATURE_PKCS1); $rsa->setEncryptionMode(CRYPT_RSA_ENCRYPTION_PKCS1); $rsa->loadKey($publickey); return $rsa->verify($data, $sigBin) === TRUE ? TRUE : FALSE; }
<?php set_time_limit(0); if (file_exists('private.key')) { echo base64_encode(file_get_contents('private.key')); } else { include 'Crypt/RSA.php'; $rsa = new Crypt_RSA(); $rsa->setHash('sha1'); $rsa->setMGFHash('sha1'); $rsa->setEncryptionMode(CRYPT_RSA_ENCRYPTION_OAEP); $rsa->setPrivateKeyFormat(CRYPT_RSA_PRIVATE_FORMAT_PKCS1); $rsa->setPublicKeyFormat(CRYPT_RSA_PUBLIC_FORMAT_PKCS1); $res = $rsa->createKey(1024); $privateKey = $res['privatekey']; $publicKey = $res['publickey']; file_put_contents('public.key', $publicKey); file_put_contents('private.key', $privateKey); echo base64_encode($privateKey); }
/** * Fill out $this->privateKey or $this->publicKey with a Crypt_RSA object * representing the give key (as mod/exponent pair). * * @param string $mod base64-encoded * @param string $exp base64-encoded exponent * @param string $type one of 'public' or 'private' */ public function loadKey($mod, $exp, $type = 'public') { common_log(LOG_DEBUG, "Adding " . $type . " key: (" . $mod . ', ' . $exp . ")"); $rsa = new Crypt_RSA(); $rsa->signatureMode = CRYPT_RSA_SIGNATURE_PKCS1; $rsa->setHash('sha256'); $rsa->modulus = new Math_BigInteger(Magicsig::base64_url_decode($mod), 256); $rsa->k = strlen($rsa->modulus->toBytes()); $rsa->exponent = new Math_BigInteger(Magicsig::base64_url_decode($exp), 256); if ($type == 'private') { $this->privateKey = $rsa; } else { $this->publicKey = $rsa; } }
<?php include 'Crypt/RSA.php'; $rsa = new Crypt_RSA(); $msg = ""; $color = ""; $cisti_tekst = file_get_contents('./cisti_tekst.txt', FILE_USE_INCLUDE_PATH); if (isset($_POST['potpisi'])) { file_put_contents('potpis.txt', ''); $cisti_tekst = file_get_contents('./cisti_tekst.txt', FILE_USE_INCLUDE_PATH); $rsa->setHash("sha256"); $rsa->setSignatureMode(CRYPT_RSA_SIGNATURE_PKCS1); $privatekey = file_get_contents('./privatni_kljuc.txt', FILE_USE_INCLUDE_PATH); $rsa->loadKey($privatekey); //$signature = base64_encode($rsa->sign(base64_decode($cisti_tekst))); //$signature = base64_encode($rsa->sign(base64_decode($cisti_tekst))); $signature = $rsa->sign($cisti_tekst); $signature = base64_encode($signature); $ret = file_put_contents('potpis.txt', $signature, FILE_APPEND | LOCK_EX); if ($ret === false) { die('Neuspješna pohrana u datoteku'); } else { echo "U datoteku je pohranjeno: " . $ret . " bajtova"; } } if (isset($_POST['provjeri'])) { $rsa->setHash("sha256"); $rsa->setSignatureMode(CRYPT_RSA_SIGNATURE_PKCS1); $publickey = file_get_contents('./javni_kljuc.txt', FILE_USE_INCLUDE_PATH); $rsa->loadKey($publickey); $signature = file_get_contents('./potpis.txt', FILE_USE_INCLUDE_PATH);
/** * Validates a signature * * Returns true if the signature is verified, false if it is not correct or null on error * * @param String $publicKeyAlgorithm * @param String $publicKey * @param String $signatureAlgorithm * @param String $signature * @param String $signatureSubject * @access private * @return Integer */ function _validateSignature($publicKeyAlgorithm, $publicKey, $signatureAlgorithm, $signature, $signatureSubject) { switch ($publicKeyAlgorithm) { case 'rsaEncryption': if (!class_exists('Crypt_RSA')) { include_once EASYWIDIR . '/third_party/phpseclib/Crypt/RSA.php'; } $rsa = new Crypt_RSA(); $rsa->loadKey($publicKey); switch ($signatureAlgorithm) { case 'md2WithRSAEncryption': case 'md5WithRSAEncryption': case 'sha1WithRSAEncryption': case 'sha224WithRSAEncryption': case 'sha256WithRSAEncryption': case 'sha384WithRSAEncryption': case 'sha512WithRSAEncryption': $rsa->setHash(preg_replace('#WithRSAEncryption$#', '', $signatureAlgorithm)); $rsa->setSignatureMode(CRYPT_RSA_SIGNATURE_PKCS1); if (!@$rsa->verify($signatureSubject, $signature)) { return false; } break; default: return null; } break; default: return null; } return true; }
/** * Fill out $this->privateKey or $this->publicKey with a Crypt_RSA object * representing the give key (as mod/exponent pair). * * @param string $mod base64-encoded * @param string $exp base64-encoded exponent * @param string $type one of 'public' or 'private' */ public function loadKey($mod, $exp, $type = 'public') { $rsa = new Crypt_RSA(); $rsa->setSignatureMode(CRYPT_RSA_SIGNATURE_PKCS1); $rsa->setHash($this->getHash()); $rsa->modulus = new Math_BigInteger(Magicsig::base64_url_decode($mod), 256); $rsa->k = strlen($rsa->modulus->toBytes()); $rsa->exponent = new Math_BigInteger(Magicsig::base64_url_decode($exp), 256); if ($type == 'private') { $this->privateKey = $rsa; } else { $this->publicKey = $rsa; } }
/** * Sign a message using a private RSA key * * @param string $payload The message to be signed * @param string $private_key An RSA private key * @return string A base64-encoded and url-encoded hash of the $payload_string */ private function signMessage($payload, $private_key) { $signature_urlencoded = ''; $rsa_signature = new \Crypt_RSA(); $rsa_signature->loadKey($private_key); $rsa_signature->setSignatureMode(CRYPT_RSA_SIGNATURE_PKCS1); $rsa_signature->setHash('md5'); $payload_base64 = urldecode(substr($payload, 0, -6)); $signature_binary = $rsa_signature->sign($payload_base64); $signature_base64 = base64_encode($signature_binary); $signature_urlencoded = urlencode($signature_base64) . "decode"; return $signature_urlencoded; }
/** * Quasi-private - marked public to work-around PHP 5.3 compat. * * @param string $key * @param string $type * 'public' or 'private' * @return \Crypt_RSA */ public static function getRsa($key, $type) { $rsa = new \Crypt_RSA(); $rsa->loadKey($key); if ($type == 'public') { $rsa->setPublicKey(); } $rsa->setEncryptionMode(Constants::RSA_ENC_MODE); $rsa->setSignatureMode(Constants::RSA_SIG_MODE); $rsa->setHash(Constants::RSA_HASH); return $rsa; }
/** * * */ protected static function _signatureIsValid($pub, $sig, $str, $hash = 'sha1') { // Convert key back into PEM format $key = sprintf("-----BEGIN PUBLIC KEY-----\n%s\n-----END PUBLIC KEY-----", wordwrap($pub, 64, "\n", true)); // prefer Crypt_RSA // http://phpseclib.sourceforge.net // [DG]: X3 how Crypt_RSA works, skip if (class_exists('Crypt_RSA')) { $rsa = new Crypt_RSA(); $rsa->setHash($hash); $rsa->setSignatureMode(CRYPT_RSA_SIGNATURE_PKCS1); $rsa->loadKey($pub); return $rsa->verify($str, base64_decode($sig)); } else { // $pubkeyid = openssl_get_publickey($key); $signature_alg = constant('OPENSSL_ALGO_' . strtoupper($hash)); return openssl_verify($str, base64_decode($sig), $key, $signature_alg); } }
static function crypt_rsa_key($mod, $exp, $hash = 'SHA256') { $rsa = new Crypt_RSA(); $rsa->setSignatureMode(CRYPT_RSA_SIGNATURE_PKCS1); $rsa->setHash(strtolower($hash)); $rsa->modulus = new Math_BigInteger($mod, 256); $rsa->k = strlen($rsa->modulus->toBytes()); $rsa->exponent = new Math_BigInteger($exp, 256); $rsa->setPublicKey(); return $rsa; }
/** * Validates a signature * * Returns true if the signature is verified, false if it is not correct or NULL on error * * @param String $publicKeyAlgorithm * @param String $publicKey * @param String $signatureAlgorithm * @param String $signature * @param String $signatureSubject * @access private * @return Integer */ function _validateSignature($publicKeyAlgorithm, $publicKey, $signatureAlgorithm, $signature, $signatureSubject) { switch ($publicKeyAlgorithm) { case 'rsaEncryption': if (!class_exists('Crypt_RSA')) { require_once 'Crypt/RSA.php'; } $rsa = new Crypt_RSA(); $rsa->loadKey($publicKey); switch ($signatureAlgorithm) { case 'md2WithRSAEncryption': case 'md5WithRSAEncryption': case 'sha1WithRSAEncryption': case 'sha224WithRSAEncryption': case 'sha256WithRSAEncryption': case 'sha384WithRSAEncryption': case 'sha512WithRSAEncryption': $rsa->setHash(preg_replace('#WithRSAEncryption$#', '', $signatureAlgorithm)); $rsa->setSignatureMode(CRYPT_RSA_SIGNATURE_PKCS1); if (!@$rsa->verify($signatureSubject, $signature)) { return false; } break; default: throw new UnsupportedAlgorithmException('Signature algorithm unsupported'); } break; default: throw new UnsupportedAlgorithmException('Public key algorithm unsupported'); } return true; }