function decryptPublic($path, $cText)
{
$fcontents = file_get_contents($path);
$publicKey = openssl_pkey_get_public($fcontents);
openssl_public_decrypt($cText, $decrypted, $publicKey);
return $decrypted;
}
/**
* Decrypts $data using this public key.
* @param mixed $data
* @return string
* @throws DecryptionFailedException
*/
public function decrypt($data)
{
if (!openssl_public_decrypt($data, $decrypted, $this->keyResource)) {
throw new DecryptionFailedException('Failed decrypting the data with this public key.');
}
return $decrypted;
}
/**
* 通过公钥解密 私钥加密后的内容
*
* @param string $encryptedStr 私钥加密后的字符串
*
* @return string
*/
public static function rsaPublicDecrypt($encryptedStr)
{
$retData = '';
$resourceId = self::getResourceId(self::TYPE_PUBLIC_KEY);
openssl_public_decrypt(base64_decode($encryptedStr), $retData, $resourceId);
return $retData;
}
/**
* Método que verifica el código de autorización de folios
* @return =true si está ok el XML cargado
* @author Esteban De La Fuente Rubio, DeLaF (esteban[at]sasco.cl)
* @version 2015-10-30
*/
public function check()
{
// validar firma del SII sobre los folios
$firma = $this->getFirma();
$idk = $this->getIDK();
if (!$firma or !$idk) {
return false;
}
$pub_key = \sasco\LibreDTE\Sii::cert($idk);
if (!$pub_key or openssl_verify($this->xml->getFlattened('/AUTORIZACION/CAF/DA'), base64_decode($firma), $pub_key) !== 1) {
\sasco\LibreDTE\Log::write(\sasco\LibreDTE\Estado::FOLIOS_ERROR_FIRMA, \sasco\LibreDTE\Estado::get(\sasco\LibreDTE\Estado::FOLIOS_ERROR_FIRMA));
return false;
}
// validar clave privada y pública proporcionada por el SII
$private_key = $this->getPrivateKey();
if (!$private_key) {
return false;
}
$plain = md5(date('U'));
if (!openssl_private_encrypt($plain, $crypt, $private_key)) {
\sasco\LibreDTE\Log::write(\sasco\LibreDTE\Estado::FOLIOS_ERROR_ENCRIPTAR, \sasco\LibreDTE\Estado::get(\sasco\LibreDTE\Estado::FOLIOS_ERROR_ENCRIPTAR));
return false;
}
$public_key = $this->getPublicKey();
if (!$public_key) {
return false;
}
if (!openssl_public_decrypt($crypt, $plain_firmado, $public_key)) {
\sasco\LibreDTE\Log::write(\sasco\LibreDTE\Estado::FOLIOS_ERROR_DESENCRIPTAR, \sasco\LibreDTE\Estado::get(\sasco\LibreDTE\Estado::FOLIOS_ERROR_DESENCRIPTAR));
return false;
}
return $plain === $plain_firmado;
}
function publicKeyDecrypt($publicKey, $content)
{
$pKey = openssl_pkey_get_public($publicKey);
$decrypted = "";
openssl_public_decrypt($content, $decrypted, $pKey);
return $decrypted;
}
public static function check_license($license)
{
$signature = $license['Signature'];
unset($license['Signature']);
uksort($license, "strcasecmp");
$total = '';
foreach ($license as $value) {
$total .= $value;
}
$key_raw = <<<EOD
-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCtl7Dgf4x0fi0lXfws7Cq/lk0d
TIEXnCu8PBMep0mtRia9WEJ8N53d+8gbuAcMzb4sW6MVOzTEKYrmtq/DTbiaXKiJ
o6osz5KgBjbcGrCzKKvk8uQuTZWusqp69LQfTYSwxwJIp45kl0g8yalewGUtpYuu
yWXBBsw7Z909BpTLBQIDAAAD
-----END PUBLIC KEY-----
EOD;
$key = openssl_get_publickey($key_raw);
openssl_public_decrypt(base64_decode($signature), $checkDigest, $key);
$digest = sha1($total, true);
if ($digest === $checkDigest) {
return true;
}
return false;
}
/**
* Decrypt data using this public key. Only data encrypted with
* the private key matching this key will be decryptable.
*
* @param string data
* @return string
* @throws security.crypto.CryptoException if the operation fails
*/
public function decrypt($data)
{
if (false === openssl_public_decrypt($data, $decrypted, $this->_hdl)) {
throw new CryptoException('Could not decrypt data', OpenSslUtil::getErrors());
}
return $decrypted;
}
function dec_pub($dat)
{
list($cry,$str) = array_map('base64_decode',explode(':',$dat));
$res = openssl_get_publickey($this->pub);
openssl_public_decrypt($cry,$key,$res);
$ret = $this->dec_sym($key,$str);
return trim($ret);
}
public function decrypt($data, $pubkey)
{
$rs = '';
if (@openssl_public_decrypt($data, $rs, $pubkey) === FALSE) {
return NULL;
}
return $rs;
}
/**
* @param string $encrypted
*
* @return string
*/
public function decrypt(string $encrypted) : string
{
$status = openssl_public_decrypt($encrypted, $decrypted, $this);
if (!$status) {
throw new RuntimeException('Decrypt failed');
}
return $decrypted;
}
public function decrypt1($data)
{
if (openssl_public_decrypt(base64_decode($data), $decrypted, $this->pubkey)) {
$data = $decrypted;
} else {
$data = '';
}
return $data;
}
function verifyAesKeyFileEncrypted()
{
$pubk = $this->readIrsPublicKey(true);
$decrypted = "";
if (!openssl_public_decrypt($this->aesEncrypted, $decrypted, $pubk)) {
throw new \Exception("Failed to decrypt aes key for verification purposes");
}
return $decrypted == $this->am->getAesIv();
}
public static function publicDecrypt($pubKey, $data)
{
if (!strstr($pubKey, 'BEGIN PUBLIC KEY')) {
$pubKey = self::lengthenPublicKey($pubKey);
}
$key_resource = openssl_get_publickey($pubKey);
openssl_public_decrypt(base64_decode($data), $cleartext, $key_resource);
return $cleartext;
}
public static function decryptByPublicKey($data)
{
$pu_key = openssl_pkey_get_public(file_get_contents($_SERVER['DOCUMENT_ROOT'] . '/system/modules/pay/lib/cbjpay/config/wy_rsa_public_ley.pem'));
//这个函数可用来判断公钥是否是可用的,可用返回资源id Resource id
$decrypted = "";
$data = base64_decode($data);
openssl_public_decrypt($data, $decrypted, $pu_key);
//公钥解密
return $decrypted;
}
/**
* Decrypts the given data.
*
* @param string $encryptedData The data to decrypt.
* @param int $padding The padding to use for decryption.
* @return string Returns the decrypted data.
* @since 0.3
*/
public function decrypt(string $encryptedData, int $padding = OPENSSL_PKCS1_PADDING) : string
{
OpenSSL::resetErrors();
if (openssl_public_decrypt($encryptedData, $decrypted, $this->resource, $padding) === false) {
// @codeCoverageIgnoreStart
throw new OpenSSLException(OpenSSL::getErrors(), 'Could not decrypt the given data with this public key.');
// @codeCoverageIgnoreEnd
}
return $decrypted;
}
public static function decryptByPublicKey($data)
{
$pu_key = openssl_pkey_get_public(file_get_contents(APP_ROOT_PATH . 'system/payment/jdpay/config/wy_rsa_public_key_production.pem'));
//这个函数可用来判断公钥是否是可用的,可用返回资源id Resource id
$decrypted = "";
$data = base64_decode($data);
openssl_public_decrypt($data, $decrypted, $pu_key);
//公钥解密
return $decrypted;
}
public function decrypt($text)
{
if ($this->public_key) {
$ret = '';
if (openssl_public_decrypt(base64_decode($text), $ret, $this->public_key)) {
return $ret;
}
}
return null;
}
public static function decryptByPublicKey($data)
{
$pu_key = openssl_pkey_get_public(file_get_contents(dirname(__DIR__) . '/configure/wy_rsa_public_key.pem'));
//这个函数可用来判断公钥是否是可用的,可用返回资源id Resource id
$decrypted = "";
$data = base64_decode($data);
openssl_public_decrypt($data, $decrypted, $pu_key);
//公钥解密
return $decrypted;
}
/**
* Rsa解密
* @param string $data 需解密的数据
* @return null|string 解密结果
*/
public function decrypt($data)
{
$this->_makesure_provider();
$data = base64_decode($data);
if ($this->isPrivate) {
$r = openssl_private_decrypt($data, $decrypted, $this->keyProvider, OPENSSL_PKCS1_PADDING);
} else {
$r = openssl_public_decrypt($data, $decrypted, $this->keyProvider, OPENSSL_PKCS1_PADDING);
}
return $r ? $decrypted : null;
}
public function publicDecrypt($message)
{
$key = \Clips\get_default($this, 'publicKey');
if ($key) {
$ret = '';
if (openssl_public_decrypt(base64_decode($message), $ret, $key)) {
return $ret;
}
}
return false;
}
/**
* Performs decryption of data received from service.
* Data need to be encrypted using service private key for this function to work (it uses service public key)
*
* @param Service $service
* @param $data string Encrypted service data
*
* @return string Decrypted service data using it's public key
*/
public function serviceDecrypt(Service $service, $encryptedData)
{
$key = $this->getKey($service->getPublicKeyName(), self::TYPE_PUBLIC);
$decryptedData = '';
if (!openssl_public_decrypt($encryptedData, $decryptedData, $key)) {
throw new \RuntimeException('Service data decryption failed');
}
unset($key);
gc_collect_cycles();
//Remove key from memory
return $decryptedData;
}
/**
* Decrypt using this key
*
* @param string $data
* @return string
* @throws Exception\RuntimeException
*/
public function decrypt($data)
{
$decrypted = '';
$result = openssl_public_decrypt($data, $decrypted, $this->getOpensslKeyResource());
if (false === $result) {
throw new Exception\RuntimeException(
'Can not decrypt; openssl ' . openssl_error_string()
);
}
return $decrypted;
}
public static function decrypt($data, $key, $choose = true)
{
$data = base64_decode($data);
if ($choose) {
$res = openssl_pkey_get_private($key);
openssl_private_decrypt($data, $destr, $res);
} else {
$res = openssl_pkey_get_public($key);
openssl_public_decrypt($data, $destr, $res);
}
return $destr;
}
function publickey_decodeing_sectionalized($crypttext, $interval, $publickey)
{
$pubkeyid = openssl_get_publickey($publickey);
$output = "";
while ($crypttext) {
$input = substr($crypttext, 0, $interval);
$crypttext = substr($crypttext, $interval);
openssl_public_decrypt($input, $out, $pubkeyid);
$output .= $out;
}
openssl_free_key($pubkeyid);
return $output;
}
public function decryptSignature()
{
$form = new certCheckSignatureFormGUI();
if (!$form->checkInput()) {
ilUtil::sendFailure($this->pl->txt('decrypt_failed'), true);
}
$public_key = openssl_get_publickey('file://' . ilCertificateConfig::get('signature_publickey'));
openssl_public_decrypt(base64_decode($form->getInput('signature')), $decrypted, $public_key);
if ($decrypted) {
ilUtil::sendInfo($this->pl->txt('decrypt_successful') . '<br/>' . $decrypted, true);
} else {
ilUtil::sendFailure($this->pl->txt('decrypt_failed'), true);
}
}
private function verifySignature()
{
if (function_exists('openssl_public_decrypt')) {
openssl_public_decrypt($sign, $request_sign, $pub_key);
$ret = $text == $request_sign;
return $ret;
} else {
set_include_path(main::getPluginDir() . '/libs/phpseclib');
require_once 'Crypt/RSA.php';
$rsa = new Crypt_RSA();
$rsa->loadKey($pub_key);
$ret = $rsa->verify($text, $sign2);
return $ret;
}
}
function readAuthCookie()
{
global $keys, $AUTHERROR, $shibauthed;
if (get_magic_quotes_gpc()) {
$cookie = stripslashes($_COOKIE["VCLAUTH"]);
} else {
$cookie = $_COOKIE["VCLAUTH"];
}
$cookie = base64_decode($cookie);
if (!openssl_public_decrypt($cookie, $tmp, $keys['public'])) {
$AUTHERROR["code"] = 3;
$AUTHERROR["message"] = "Failed to decrypt auth cookie";
return NULL;
}
$tmparr = explode('|', $tmp);
$loginid = $tmparr[0];
$remoteIP = $tmparr[1];
$ts = $tmparr[2];
if (count($tmparr) > 3) {
$shibauthed = $tmparr[3];
# check to see if shibauth entry still exists for $shibauthed
$query = "SELECT ts FROM shibauth WHERE id = {$shibauthed}";
$qh = doQuery($query, 101);
if ($row = mysql_fetch_assoc($qh)) {
$shibstart = $row['ts'];
# TODO if $shibstart is too old, expire the login session
} else {
# user should have been logged out, log them out now
setcookie("VCLAUTH", "", time() - 10, "/", COOKIEDOMAIN);
stopSession();
dbDisconnect();
header("Location: " . BASEURL);
exit;
}
}
if ($ts < time()) {
$AUTHERROR["code"] = 4;
$AUTHERROR["message"] = "Auth cookie has expired";
return NULL;
}
if ($_SERVER["REMOTE_ADDR"] != $remoteIP) {
//setcookie("ITECSAUTH", "", time() - 10, "/", COOKIEDOMAIN);
$AUTHERROR["code"] = 4;
$AUTHERROR["message"] = "remote IP in auth cookie doesn't match user's remote IP";
return NULL;
}
return $loginid;
}
function Pub_decrypt($str, $fromjs = FALSE)
{
global $public_key;
$decrypted = '';
$pu_key = openssl_pkey_get_public($public_key);
//判断公钥是否是可用
if (!$pu_key) {
echo 'public_key false~!';
exit;
}
$padding = $fromjs ? OPENSSL_NO_PADDING : OPENSSL_PKCS1_PADDING;
if (openssl_public_decrypt(base64_decode($str), $decrypted, $pu_key, $padding)) {
return $fromjs ? rtrim(strrev($decrypted), "/0") : "" . $decrypted;
} else {
return 'decrypt false~!';
}
}
/**
* 用公钥解密私钥加密内容
* @param string $data 要解密的数据
* @return string 解密后的字符串
*/
public function decodePrivateEncode($data)
{
$decrypted = '';
$this->_needKey(1);
$public_key = openssl_pkey_get_public($this->_config['public_key']);
$array_data = $this->_toArray($data);
//数据base64_decode 后 反序列化成数组
$str = '';
foreach ($array_data as $value) {
openssl_public_decrypt($value, $decrypted, $public_key);
//私钥加密的内容通过公钥可用解密出来
$str .= $decrypted;
//对数组中的每个元素解密 并拼接
}
return base64_decode($str);
//把拼接的数据base64_decode 解密还原
}
private function testKeys($params)
{
$str = 'test string';
if (!function_exists('openssl_public_decrypt')) {
// зашифруем строку
openssl_private_encrypt($str, $sign, $params['private']);
// проверим подпись
openssl_public_decrypt($sign, $str2, $params['public']);
$ret = $str == $str2;
} else {
set_include_path(get_include_path() . PATH_SEPARATOR . WPAdm_Core::getPluginDir() . '/modules/phpseclib');
require_once 'Crypt/RSA.php';
// зашифруем строку
define('CRYPT_RSA_PKCS15_COMPAT', true);
$rsa = new Crypt_RSA();
$rsa->loadKey($params['private']);
$rsa->setEncryptionMode(CRYPT_RSA_ENCRYPTION_PKCS1);
$ciphertext = $rsa->encrypt($str);
// проверим подпись
$rsa = new Crypt_RSA();
$rsa->loadKey($params['public']);
$rsa->setEncryptionMode(CRYPT_RSA_ENCRYPTION_PKCS1);
$ret = $str == $rsa->decrypt($ciphertext);
}
$this->result->setResult(WPAdm_result::WPADM_RESULT_SUCCESS);
$this->result->setData(array('match' => (int) $ret));
}
