It generates the keys just fine, but the private key doesn't seem to work to decrypt the message using pidCrypt. I copy and paste both keys into your online demo, and it encrypts just fine. But when I click "Decrypt," the encrypted text just disappears and the unencrypted message doesn't display in the original box. I've checked the console, and there are no error messages. I've implemented the pidCrypt libraries into my own page and it behaves the same way.
I was originally using sha512 and a private key size of 4096 bits, but I reduced both settings hoping it would fix things. Unfortunately, it didn't. Is there some other setting I need to change in PHP to make it generate my keys to be compatible with pidCrypt?
Thanks for your time.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
The PHP documentation is not very detailed about what they are using the digest_alg for.
Our guess is that you need that only for encrypted certificates (see below).
pidCrypt needs the RSA private key, more specifically modulus, publicExponent, privateExponent, prime1, prime2, exponent1, exponent2, and coefficient, respectively to decrypt data.
Unlike PHP (see https://sourceforge.net/p/pidcrypt/discussion/923749/thread/d967b703/) pidcrypt uses BASE64 encoding prior to RSA encryption and after RSA decryption to handle special characters. If you want to avoid this BASE64 en/decoding you can use the encryptRaw and decryptRaw methods that pidcrypt provides.
In case of encrypted certificates, pidcrypt supports aes-xxx-cbc encrypted certificates, and per default only the generation of key and iv from a salt and password using md5 hashing (as that was the OpenSSL implementation at the time). If additional (and more secure) methods for key and iv generation are needed, then the method createKeyAndIv needs to be extended accordingly, like the e.g. deriveKeyAndIv we implemented in cipherbox (see http://www.cipherbox.org/wiki/index.php/Developer_documentation#deriveKeyAndIv.28.29).
After all this background, could you please check if creating your keypair in PHP using the following
I'm generating my keys in PHP using openssl_pkey_new. Here are the options I'm using:
$config = array(
"digest_alg" => "sha1",
"private_key_bits" => 1024,
"private_key_type" => OPENSSL_KEYTYPE_RSA,);
It generates the keys just fine, but the private key doesn't seem to work to decrypt the message using pidCrypt. I copy and paste both keys into your online demo, and it encrypts just fine. But when I click "Decrypt," the encrypted text just disappears and the unencrypted message doesn't display in the original box. I've checked the console, and there are no error messages. I've implemented the pidCrypt libraries into my own page and it behaves the same way.
I was originally using sha512 and a private key size of 4096 bits, but I reduced both settings hoping it would fix things. Unfortunately, it didn't. Is there some other setting I need to change in PHP to make it generate my keys to be compatible with pidCrypt?
Thanks for your time.
The PHP documentation is not very detailed about what they are using the digest_alg for.
Our guess is that you need that only for encrypted certificates (see below).
pidCrypt needs the RSA private key, more specifically
modulus,publicExponent,privateExponent,prime1,prime2,exponent1,exponent2, andcoefficient, respectively to decrypt data.It derives them from the private key certificate by ASN.1 parsing of the (unencrypted) certificate (see https://www.pidder.com/pidcrypt/?page=asn1).
Unlike PHP (see https://sourceforge.net/p/pidcrypt/discussion/923749/thread/d967b703/) pidcrypt uses BASE64 encoding prior to RSA encryption and after RSA decryption to handle special characters. If you want to avoid this BASE64 en/decoding you can use the
encryptRawanddecryptRawmethods that pidcrypt provides.In case of encrypted certificates, pidcrypt supports aes-xxx-cbc encrypted certificates, and per default only the generation of
keyandivfrom a salt and password using md5 hashing (as that was the OpenSSL implementation at the time). If additional (and more secure) methods forkeyandivgeneration are needed, then the methodcreateKeyAndIvneeds to be extended accordingly, like the e.g.deriveKeyAndIvwe implemented in cipherbox (see http://www.cipherbox.org/wiki/index.php/Developer_documentation#deriveKeyAndIv.28.29).After all this background, could you please check if creating your keypair in PHP using the following
$privateKey = openssl_pkey_new( array( 'private_key_bits' => 1024, 'private_key_type' => OPENSSL_KEYTYPE_RSA, ) );see http://andytson.com/blog/2009/07/php-public-key-cryptography-using-openssl/
will solve your problem?