public function decode($encrypted)
{
$decrypted = '';
// $encrypted = $_POST['merchantReciept'];
$privateKey = <<<EOD
-----BEGIN PRIVATE KEY-----
MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAJuIUgSzNuWm3US8
0brZr/5cMSPue9f0IwUrEhka1gLlC4uQon6QjQem4TWQ8anoMKYwfYgRnCGQsbrT
KwOApwTA4Bt6dg9jKXlIE6rXqqO6g2C/uD+G2p+W4k0ZI1isuqqjjkup5ZPkNaeW
R9/961Qx3CyrWDk6n0OkzDJ6UNzLAgMBAAECgYEAh+/dv73jfVUaj7l4lZct+2MY
kA8grt7yvNGoP8j0xBLsxE7ltzkgClARBoBot9f4rUg0b3j0vWF59ZAbSDRpxJ2U
BfWEtlXWvN1V051KnKaOqE8TOkGK0PVWcc6P0JhPrbmOu9hhAN3dMu+jd7ABFKgC
4b8EIlHA8bl8po8gwAECQQDliMBTAzzyhB55FMW/pVGq9TBo2oXQsyNOjEO+rZNJ
zIwJzFrFhvuvFj7/7FekDAKmWgqpuOIk0NSYfHCR54FLAkEArXc7pdPgn386ikOc
Nn3Eils1WuP5+evoZw01he4NSZ1uXNkoNTAk8OmPJPz3PrtB6l3DUh1U/DEZjIiI
7z5igQJAFXvFNH/bFn/TMlYFZDie+jdUvpulZrE9nr52IMSyQngIq2obHN3TdMHK
R73hPhN5tAQ9d0E8uWFqZJNRHfbjHQJASY7pNV3Ov/QE0ALxqE3W3VDmJD/OjkOS
jriUPNIAwnnHBgp0OXHMCHkSYX4AHpLr1cWjARw9IKB1lBmF7+YFgQJAFqUgYj11
ioyuSf/CSotPIC7YyNEnr+TK2Ym0N/EWzqNXoOCDxDTgoWLQxM3Nfr65tWtV2097
BjCbFfbui/IyUw==
-----END PRIVATE KEY-----
EOD;
$encrypted = base64_decode($encrypted);
// decode the encrypted query string
if (!openssl_private_decrypt($encrypted, $decrypted, $privateKey)) {
die('Failed to decrypt data');
}
// echo "Decrypted value: ". $decrypted;
return $decrypted;
// $arr = explode('|', $decrypted);
// return $arr;
}
/**
* Try to login with the e-mail address and the password provided
* @param string $email Email of the user trying to connect
* @param string $password Ciphered value of the password
* @author Benjamin BALET <*****@*****.**>
*/
public function login()
{
header('Access-Control-Allow-Origin: ' . $_SERVER['HTTP_ORIGIN']);
header('Access-Control-Allow-Credentials : true');
header('Access-Control-Allow-Methods: GET');
header('Content-Type:application/json');
//Decipher the password (mind to remove the salt) and attempt to login
$password = '';
$keyPEM = file_get_contents('./assets/keys/private.pem', TRUE);
$privateKey = openssl_pkey_get_private($keyPEM);
openssl_private_decrypt(base64_decode($this->input->get('password')), $password, $privateKey, OPENSSL_PKCS1_OAEP_PADDING);
$len_salt = strlen($this->session->userdata('salt')) * -1;
$password = substr($password, 0, $len_salt);
$this->load->model('users_model');
$loggedin = $this->users_model->checkCredentialsEmail($this->input->get('email'), $password);
//Return user's details (some fields might be empty if not logged in)
$userDetails = new stdClass();
$userDetails->id = $this->session->userdata('id');
$userDetails->firstname = $this->session->userdata('firstname');
$userDetails->lastname = $this->session->userdata('lastname');
$userDetails->isManager = $this->session->userdata('is_manager');
$userDetails->isAdmin = $this->session->userdata('is_admin');
$userDetails->isHR = $this->session->userdata('is_hr');
$userDetails->managerId = $this->session->userdata('manager');
$userDetails->isLoggedIn = $loggedin;
echo json_encode($userDetails);
}
public static function checkTANValidity ($emailId, $tanNo) {
$db = DB::getInstance();
$db->connect();
$accountData = $db->select("ACCOUNTS", "userId = '$emailId'");
$accountNo = $accountData["accountNo"];
$fprv = fopen(PRIVATE_KEY_LOC, "r"); //please change the path of the privateKey file here
$privateKey = fread($fprv, 512);
fclose($fprv);
$res_prv = openssl_get_privatekey($privateKey);
openssl_private_decrypt(base64_decode($tanNo), $decrypted, $res_prv);
if ($decrypted == $accountNo) {
return true;
}
else
return false;
}
function privateKeyDecrypt($privateKey, $content)
{
$pKey = openssl_pkey_get_private($privateKey);
$decrypted = "";
openssl_private_decrypt($content, $decrypted, $pKey);
return $decrypted;
}
/**
* Decrypt data using this private key. Only data encrypted with
* the public key matching this key will be decryptable.
*
* @param string data
* @return string
* @throws security.crypto.CryptoException if the operation fails
*/
public function decrypt($data)
{
if (false === openssl_private_decrypt($data, $decrypted, $this->_hdl)) {
throw new CryptoException('Could not decrypt data', OpenSslUtil::getErrors());
}
return $decrypted;
}
/**
*
* 通过私钥解密 公钥加密的内容
*
* @param string $encryptedStr 公钥加密后的字符串
*
* @return string
*/
public static function rsaPrivateDecrypt($encryptedStr)
{
$retData = '';
$resourceId = self::getResourceId(self::TYPE_PRIVATE_KEY);
openssl_private_decrypt(base64_decode($encryptedStr), $retData, $resourceId);
return $retData;
}
/**
* @param string $encryptedCek
* @param string|resource $key
* @param int $cekSizeBits
* @param array $header
*
* @return string
*/
public function unwrap($encryptedCek, $key, $cekSizeBits, array $header)
{
if (false == openssl_private_decrypt($encryptedCek, $cek, $key, $this->padding)) {
throw new JoseJwtException('Unable to decrypt CEK');
}
return $cek;
}
function decryptMessage($crypttext, $priv_key, $passphrase = 'passphrase')
{
$crypttext = base64_decode($crypttext);
$res = openssl_pkey_get_private($priv_key, $passphrase);
if ($res != false) {
if (openssl_private_decrypt($crypttext, $text, $res)) {
return $text;
} else {
$error = "";
while ($msg = openssl_error_string()) {
$error .= $msg . "<br />\n";
}
$error = __(DECRYPT_ERROR) . (DEBUG && $error != "" ? " : " . $error : "");
throw new NewException($error, 0, false);
}
} else {
$error = "";
while ($msg = openssl_error_string()) {
$error .= $msg . "<br />\n";
}
$error = "Error parsing private key" . ($error != "" ? " : " . $error : "");
throw new NewException($error, 0, getDebugBacktrace(1));
}
return "";
}
function decrypt($data, $privateKey)
{
// Decrypt the data using the private key
openssl_private_decrypt($data, $decryptedData, $privateKey);
// Return decrypted data
return $decryptedData;
}
function dechiffre(string $text, string $txtDechiffre, string $cle)
{
//on inclue en début de code la configuration de openssl
include 'configurationSSL.php';
openssl_private_decrypt($text, $txtDechiffre, $cle);
return $txtDechiffre;
}
private function __init()
{
if (false !== $this->__credentials) {
return;
}
$privateKeyPath = getenv('HOME') . '/.ssh/dev/key_prv.pem';
$credentialsPath = __DIR__ . DIRECTORY_SEPARATOR . 'credentials.php';
$credentials = (require $credentialsPath);
$text = file_get_contents($privateKeyPath);
if (false === $text) {
throw new \Exception("Could not load the file that contains the private key ({$privateKeyPath}).");
}
$privateKey = openssl_pkey_get_private($text);
if (false === $privateKey) {
throw new \Exception("The given path does not contain a valid private key ({$privateKeyPath}).");
}
$this->__credentials = array();
foreach ($credentials as $_service => $_config) {
$encodedUser = hex2bin($_config['user']);
$encodedPassword = hex2bin($_config['password']);
$class = $_config['class'];
$user = null;
$password = null;
if (false === openssl_private_decrypt($encodedUser, $user, $privateKey)) {
throw new \Exception("An error occurred while decoding the text \"{$encodedUser}\".");
}
if (false === openssl_private_decrypt($encodedPassword, $password, $privateKey)) {
throw new \Exception("An error occurred while encoding the text \"{$encodedPassword}\".");
}
$this->__credentials[$_service] = array('class' => $class, 'user' => $user, 'password' => $password);
}
}
/**
* 私钥解密
*/
public static function privDecrypt($encrypted)
{
if (!is_string($encrypted)) {
return null;
}
return openssl_private_decrypt(base64_decode($encrypted), $decrypted, self::getPrivateKey()) ? $decrypted : null;
}
/**
* {@inheritdoc}
*/
public function decrypt($data, $key, $passphrase = '')
{
$privateKey = openssl_pkey_get_private($key, $passphrase);
openssl_private_decrypt($data, $messageDecrypted, $privateKey);
openssl_free_key($privateKey);
return $messageDecrypted;
}
function decryptPrivate($path, $cText)
{
$fcontents = file_get_contents($path);
$privateKey = openssl_pkey_get_private($fcontents, "symelosh");
openssl_private_decrypt($cText, $decrypted, $privateKey);
return $decrypted;
}
/**
* Decrypts RSA encrypted data using the given private key
*
* @throws Cipher\Exception\RuntimeException
* @param string $encryptedData The encrypted data in binary format
* @param string $privateKey The private key in binary format
* @param string $password The private key passphrase
* @param integer $padding The padding to use during decryption (of not provided object value will be used)
* @return string The decrypted data
*/
public function decrypt($encryptedData, $privateKey, $password = null, $padding = null)
{
$private_key = openssl_pkey_get_private(array($privateKey, $password));
if (!$private_key) {
throw new Cipher\Exception\RuntimeException("Failed to load private key");
}
if ($padding !== null) {
try {
$this->setPadding($padding);
} catch (\Exception $e) {
openssl_free_key($private_key);
throw $e;
}
}
switch ($this->getPadding()) {
case self::NO_PADDING:
$openssl_padding = OPENSSL_NO_PADDING;
break;
case self::OAEP_PADDING:
$openssl_padding = OPENSSL_PKCS1_OAEP_PADDING;
break;
}
$result = openssl_private_decrypt($encryptedData, $decryptedData, $private_key, $openssl_padding);
openssl_free_key($private_key);
if (!$result) {
throw new Cipher\Exception\RuntimeException("Unable to Decrypt Value using provided private key");
}
if ($this->getPadding() == self::NO_PADDING) {
$decryptedData = substr($decryptedData, 2);
$start = strpos($decryptedData, 0) + 1;
$decryptedData = substr($decryptedData, $start);
}
return $decryptedData;
}
function checkUser()
{
$rec = $this->_decodePostData();
$private = file_get_contents(CONFIG_PATH . 'keys/private.key');
$key = base64_decode($rec['data']->key);
if (!openssl_private_decrypt($key, $key, openssl_pkey_get_private($private))) {
exit;
} else {
$key = json_decode($key);
$this->key = $key->asskey;
// global key access in this controller
//login in parent app
$sys = new Model\Sysuser();
$user = $sys->getLogin($key->login, $key->password);
if ($user === false) {
exit(json_encode(['ret' => 'no']));
}
//create new user (delete if exists)
$this->model->createUser($user->ID, $user->NAME, $this->key);
//user x group status
$ugs = $this->model->getUserGroupStatus($user->ID);
$user = array_merge(['ID' => $user->ID, 'NAME' => $user->NAME], $ugs);
//send
$this->_sendEncriptedData($user);
}
}
function decrypt($text)
{
$decryptedText = "";
$text = base64_decode($text);
openssl_private_decrypt($text, $decryptedText, $this->StringPrivateKey);
return $decryptedText;
}
/**
* {@inheritdoc}
*/
public function decrypt($message, $key)
{
$privateKey = openssl_pkey_get_private($key);
openssl_private_decrypt($message, $messageDecrypted, $privateKey);
openssl_free_key($privateKey);
return $messageDecrypted;
}
public function encode($data)
{
$core = $this->core;
$extensions = $core->extensions;
// Client
$connIn = $core->getInDuplex();
// Server
$connOut = $core->getOutDuplex();
$data = $this->encodeHeader($data);
// ECDHE
if ($core->cipherSuite->isECDHEEnabled()) {
$publicKeyLen = Core::_unpack('C', $data[0]);
$publicKey = substr($data, 1, $publicKeyLen);
$preMaster = $extensions->call('Curve', 'calculatePreMaster', null, $publicKey);
} else {
// https://tools.ietf.org/html/rfc5246#section-7.4.7.1
// Get a Premaster Secret
$preMasterLen = Core::_unpack('n', $data[0] . $data[1]);
$encPreMaster = substr($data, 2, $preMasterLen);
$privateKey = $core->getConfig('private_key');
openssl_private_decrypt($encPreMaster, $preMaster, $privateKey);
$vMajor = Core::_unpack('C', $preMaster[0]);
$vMinor = Core::_unpack('C', $preMaster[1]);
list($vMajor2, $vMinor2) = $core->getVersion();
if ($vMajor != $vMajor2 || $vMinor != $vMinor) {
throw new TLSAlertException(Alert::create(Alert::BAD_RECORD_MAC), "Invalid protocol version in PreMaster {$vMajor} <=> {$vMajor2}, {$vMinor} <=> {$vMinor2}");
}
}
$this->setKeys($preMaster, $connOut, $connIn);
}
function decryptPassword($input)
{
$config = $GLOBALS['config'];
if ($config['rsa_modulus'] != '' && $config['rsa_exponent'] != '' && $config['rsa_key'] != '' && isset($_SESSION['crypt_key'])) {
if (substr($input, 0, 5) == "enc: ") {
$input = substr($input, 5);
$res = openssl_pkey_get_private($config['rsa_key'], $config['rsa_passphrase']);
openssl_private_decrypt(hex2bin($input), $plaintext, $res);
$plaintext = utf8_encode($plaintext);
//loop through current session login keys and try all of them that haven't expired
foreach ($_SESSION['crypt_key'] as $arrayKey => $key_array) {
//key_array is array(time key was generated, hexadecimal key)
if (time() - $key_array[0] > 5 * 60) {
//delete keys older than 5 minutes
//shouldn't take that long to login anyway!
unset($_SESSION['crypt_key'][$arrayKey]);
} else {
$crypt_key = $key_array[1];
//first part of plaintext should be equal to crypt key
if (substr($plaintext, 0, strlen($crypt_key)) == $crypt_key) {
return substr($plaintext, strlen($crypt_key));
}
}
}
//none of the keys above worked, either forgery or expired form
return "";
} else {
return $input;
}
} else {
return $input;
}
}
public function handshakeAction()
{
$sessStore = Container::getDefaultManager()->getStorage();
ob_start();
// get client sected
$cryptedClientSecred = $this->request->getContent();
$privKey = openssl_get_privatekey('file:///' . APP_DIR . '/data/keys/server.key');
openssl_private_decrypt(base64_decode($cryptedClientSecred), $clientSecred, $privKey);
$sessStore['c_secred'] = $clientSecred;
// identify client and load public key
$userid = $this->request->getHeader('X-API-User')->getFieldValue();
$sessStore['user_id'] = $userid;
$clientKey = file_get_contents(APP_DIR . '/data/keys/client_' . $userid . '.crt');
$sessStore['client_key'] = $clientKey;
// server secred
$characters = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
$key = '';
for ($i = 0; $i < 64; $i++) {
$key .= $characters[mt_rand(0, strlen($characters) - 1)];
}
$sessStore['s_secred'] = $key;
// send server secred
openssl_public_encrypt($key, $cryptedKey, $clientKey);
echo base64_encode($cryptedKey);
$this->response->setContent(ob_get_clean());
return $this->response;
}
/**
* Decrypts $data using this private key.
* @param mixed $data
* @return string
* @throws DecryptionFailedException
*/
public function decrypt($data)
{
if (!openssl_private_decrypt($data, $decrypted, $this->keyResource)) {
throw new DecryptionFailedException('Failed decrypting the data with this private key.');
}
return $decrypted;
}
/**
* Criptografia assimétrica: usa uma chave privada para descriptografar
* o conteúdo criptografado com uma chave pública.
*
* @param string $data Conteúdo criptografado
* @param string $privKey Chave privada
* @param bool $base64Decode Informa de $data deve ser convertido de base64
* @return Valor descriptografado ou null em caso de erro.
*/
public static function decryptPrivate($data, $privKey, $base64Decode = true)
{
$decoded = $base64Decode ? base64_decode($data) : $data;
$decrypted = null;
openssl_private_decrypt($decoded, $decrypted, $privKey);
return $decrypted;
}
function rsa_decrypt($ciphertext, $private_key, $password)
{
// 암호문을 base64로 디코딩한다.
$ciphertext = @base64_decode($ciphertext, true);
if ($ciphertext === false) {
return false;
}
// 개인키를 사용하여 복호화한다.
$privkey_decoded = @openssl_pkey_get_private($private_key, $password);
if ($privkey_decoded === false) {
return false;
}
$plaintext = false;
$status = @openssl_private_decrypt($ciphertext, $plaintext, $privkey_decoded);
@openssl_pkey_free($privkey_decoded);
if (!$status || $plaintext === false) {
return false;
}
// 압축을 해제하여 평문을 얻는다.
$plaintext = @gzuncompress($plaintext);
if ($plaintext === false) {
return false;
}
// 이상이 없는 경우 평문을 반환한다.
return $plaintext;
}
public function decryptWithKey($input, $key)
{
if (openssl_private_decrypt($input, $decrypted, $key)) {
return $decrypted;
} else {
return FALSE;
}
}
/**
* Decrypts data using the private key. This implementation uses PHP OpenSSL
* extension.
*
* @param string $privateKey The private key (obtained from a call to createNewKeyPair())
* @param string $data Data to decrypt (base64-encoded)
* @return string Decrypted data or NULL in case of a error
* @see tx_rsaauth_abstract_backend::decrypt()
*/
public function decrypt($privateKey, $data)
{
$result = '';
if (!@openssl_private_decrypt(base64_decode($data), $result, $privateKey)) {
$result = NULL;
}
return $result;
}
public function handshake()
{
openssl_private_decrypt(base64_decode($_POST['key']), $key, file_get_contents($this->private_key_file));
$_SESSION[self::SESSION_KEY] = $key;
Header('Content-type: application/json');
echo json_encode(array('challenge' => sqAES::crypt($key, $key)));
exit;
}
public function read($data)
{
if (openssl_private_decrypt($data, $result, $this->private)) {
return $result;
} else {
return false;
}
}
/**
* 对密文进行解密
*
* @param string $enc_text 密文, base64格式
*
* @return string 明文
*/
static function decrypt($enc_text)
{
global $cfg;
$prikey = $cfg['rsa']['prikey'];
$prikey = openssl_get_privatekey($prikey, $passphrase);
$res = openssl_private_decrypt(base64_decode($enc_text), $source, $prikey, OPENSSL_PKCS1_PADDING);
return $res ? $source : false;
}
public function decrypt($data, $prikey)
{
$rs = '';
if (@openssl_private_decrypt($data, $rs, $prikey) === FALSE) {
return NULL;
}
return $rs;
}
