3

I have an web site and i'm trying to make my forms secure. I've done some research and even though I'm not no programmer, i'm authenticating users via a home made challenge-response mechanism and I'm encrypting form values using aes encryption from mcrypt library. All good so far. Except that my aes password need to be sent from client to server...securely. I thought that RSA would do the trick. So i'v downloaded phpseclib, I've successfully encrypted/decrypted on server-side. Now, I needed a client-side code to encrypt RSA. I've used this library here http://www.ohdave.com/rsa/. Now...here's my problem.

  1. I generate a pair of keys in php using phpseclib.
  2. I extract the private exponent, the public exponent and the modulus (public).

  3. I send the public exponent and modulus (public) to the javascript.

    include('Scripts/phpseclib/Crypt/RSA.php');
require_once('Scripts/phpseclib/Math/BigInteger.php');

session_start();

$rsa = new Crypt_RSA();

extract($rsa->createKey(512));

$priv = $rsa->_parseKey($privatekey,CRYPT_RSA_PRIVATE_FORMAT_PKCS1);
$privExp = $priv['privateExponent']->toHex();
$pubExp = $priv['publicExponent']->toHex();
$pubMod = $priv['modulus']->toHex();


$rsa->setEncryptionMode(CRYPT_RSA_ENCRYPTION_PKCS1);
 $_SESSION['privatekey']=$privatekey;
   $_SESSION['publickey']=$publickey;

The javascript generates a random number which will become the password that i will further use for aes-encryption. The javascript will use the public exponent and the modulus (public) sent from php from the server in order to encrypt the randomly-generated string in javascript (that will become the aes-key), and will send it back to the php server for decryption. 

password = random(); 

key = new RSAKeyPair(
 "<?php echo $pubExp; ?>",
 "",
 "<?php echo $pubMod; ?>"
);

x = encryptedString(key,password);
y = decryptedString(key,x);
document.write(" text cryptat = "+x);
document.write(" text decryptat = "+y);

window.location = "rsa.php?text="+x;
</script>

The php server will receive the encrypted string and using the private exponent generate from start will be able to decrypt the aes-key (randomly generated by the client-side javascript), thus generating a key-agreement between client-server without outside intervention.

PROBLEM: The javascript encrypts the random string....but not PKCS#1 v1.5.....the phpseclib accepts only PKCS#1 v1.5 padding so the php script is unable to decrypt correctly.

Please help me with finding or modifying the JavaScript in order to output to the php script the encrypted string format PKCS# v 1.5 that it expects.

meager
  • 209,754
  • 38
  • 307
  • 315
Rivas
  • 31
  • 3

1 Answers1

0

phpseclib does OAEP padding by default. Here's a demo of making javascript interoperable with that:

http://www.frostjedi.com/terra/dev/rsa/index.php

Here's a website that does PKCS#1 padding in javascript:

http://www-cs-students.stanford.edu/~tjw/jsbn/rsa.html

neubert
  • 14,208
  • 21
  • 90
  • 172
  • >Here's what i got: >>js encryptedstring = 3d769d784bf0a1cf6234c468ddd9de8442b6a69582d7a797a5e07692d237a07dd699a36cfd2e040e5f09494705188c1ff7b7963f1d739204874d2b9432b9f400 ; >>JS Encrypted string to bytes = =vxKð¡Ïb4ÄhÝÙÞ„B¶¦•‚ק—¥àv’Ò7 }Ö™£lý._ IGŒ÷·–?s’‡M+”2¹ô; >>Clear text = (nothing). >Here is the text I encrypted with phpseclib : =mŠrOJ#sé®z…£…²Å¼×àôH•VôF¬Ü¶j6€ãBäù°¹C¿E‡å}¼/XˆcçÚâœV’ZN£ , and the Cear text: cojo. >So it works in php but not between the 2: js and php. I'm going to try OAEP but doubt i will succed. With respect! – Rivas Jan 22 '12 at 19:26
  • Can you post the private keys you're using and the hex encoding of the ciphertext? – neubert Jan 24 '12 at 13:24