Encrypting in Javascript, decrypting PHP using PKCS#1

Question

I have trying to do encryption/decryption in Javascript/PHP using PKCS#1. I have the following variables:

e: Public exponent (for encryption)
d: Private exponent (for decryption)
n: modulus

I am using this javascript library to decrypt: http://www-cs-students.stanford.edu/~tjw/jsbn/rsa.js like this:

    var rsa = new RSAKey();

    rsa.setPublic(n, e);

    var cipherText = rsa.encrypt(plainText);

To decrypt in PHP I use PHPSec library:

Question1: How do I convert from d and n to a private key to be used in phpseclib?

Question2: How do I convert the output from the Javascript code to a form that can be used with phpseclib?

Just a suggestion: maybe you should do encryption in PHP as well, via ajax call. In that way you won't need the rsa.js and would not have any problems :) — povilasp, Dec 10 '12 at 19:39
Relevant: http://www.youtube.com/watch?v=M7kEpw1tn50 (not for OP, but anyone interested in how RSA works) — Šime Vidas, Dec 10 '12 at 19:39
@povilasp You mean... send the **plain text** data across the wire, unencrypted, so that it can be encrypted and sent back to the client, so that it can be "securely" sent encrypted to the server? How did this comment get three upvotes? — user229044, Dec 10 '12 at 19:46
@Ratmil Why are you doing encryption client-side in JavaScript? Are you sure your needs wouldn't be better met by SSL? — user229044, Dec 10 '12 at 19:47
@meagar, well maybe he is not doing a public application, maybe just a proof-of-concept code of some kind and security is not an actual issue here, you know, just sayin' :) yet, if you would use SSL you could send the data over the wire without worrying. — povilasp, Dec 10 '12 at 19:52
If it's a proof of concept your suggestion is *far worse*. The answer to "How do I encrypt data in JavaScript as a proof of concept" is *not* "Send the unencrypted data across the Internet to a PHP server". — user229044, Dec 10 '12 at 20:03
http://kjur.github.com/jsrsasign/ demo little outdated, but last time i tried it worked — zb', Dec 10 '12 at 21:41

score 0 · Answer 1 · answered Dec 13 '12 at 17:08

For javascript / PHP interoperability check out this:

http://area51.phpbb.com/phpBB/viewtopic.php?f=84&t=33024&start=0

It does PKCS#1 v2.1 RSAES-OAEP (which is supposed to offer better security than PKCS#1 v2.1 RSASSA-PKCS1-v1_5).

$rsa->loadKey( array( 'e' => new Math_BigInteger('...', 256), 'n' => new Math_BigInteger('...', 256) ) );

If that doesn't work let me know.

Alternatively, you could try this:

http://www.frostjedi.com/phpbb3/viewtopic.php?p=331621#p331621

(see the second code block)

For converting the js output to a format PHP could use... the proof of concept I linked to is passing the output to char2hex():

function char2hex(source)
{
   var hex = "";
   for (var i = 0; i < source.length; i+=1)
   {
      temp = source[i].toString(16);
      switch (temp.length)
      {
         case 1:
            temp = "0" + temp;
            break;
         case 0:
           temp = "00";
      }
      hex+= temp;
   }
   return hex;
}

Good luck!

score 0 · Answer 2 · answered Oct 15 '15 at 12:59

I guess that you've already found a solution for your problem since, but here is a little examle to use RSA between Javascript and PHP for those who are still looking for a solution (example):

<?php
$path = 'phpseclib';
set_include_path(get_include_path() . PATH_SEPARATOR . $path);
include_once('Crypt/RSA.php');

$rsa = new Crypt_RSA();
$rsa->setPublicKeyFormat(CRYPT_RSA_PUBLIC_FORMAT_RAW);
$key = $rsa->createKey(512);
$e = new Math_BigInteger($key['publickey']['e'], 10);
$e = $e->toHex();
$n = new Math_BigInteger($key['publickey']['n'], 10);
$n = $n->toHex();
function decrypt($msg, $key) {
    $rsa = new Crypt_RSA();
    $rsa->setEncryptionMode(CRYPT_RSA_ENCRYPTION_PKCS1);
    $rsa->loadKey($key, CRYPT_RSA_PRIVATE_FORMAT_PKCS1);
    $s = new Math_BigInteger($msg, 16);
    return $rsa->decrypt($s->toBytes());
}
?>
<script type="text/javascript" src="javascript/jsbn.js"></script>
<script type="text/javascript" src="javascript/prng4.js"></script>
<script type="text/javascript" src="javascript/rng.js"></script>
<script type="text/javascript" src="javascript/rsa.js"></script>
<script>
<?php
echo "var n='".$n."';";
echo "var e='".$e."';";
?>
function encrypt() {
    var rsa = new RSAKey();
    rsa.setPublic(n, e);
    document.getElementById('enc_text').value = rsa.encrypt(document.getElementById('plaintext').value);
}
</script>

Plain Text:<br/>
<input id='plaintext' name='plaintext' type="text" size="40"/><br/>
<input type="button" onclick="encrypt()" value="Encrypt"/><br/>
Encrypted Text:<br/>
<form action="" method="post">
<input id="enc_text" name='enc_text' type="text" size="40"/><br/>
<?php
echo '<input id="key" name="key" type="hidden" size="40" value="'.urlencode($key['privatekey']).'"/><br/>';
?>
<input name="submit" type="submit" value="Submit" size="10"/>
</form>
<?php
if(isset($_POST['submit']) && ($_POST['enc_text'] != 0)) {
echo decrypt($_POST['enc_text'], urldecode($_POST['key']));
}
?>

If you need more examples, visit the official website for documentation at : http://phpseclib.sourceforge.net/new/rsa/examples.html

or

http://bestmike007.com/2011/08/secure-data-transmission-between-pure-php-and-javascript-using-rsa/

Encrypting in Javascript, decrypting PHP using PKCS#1

2 Answers2