why different result with sign and encrypt with priv key

Question

I am coding with openssl, and I would like to know, why the openssl_sign function, gives a diferent result than openssl_private_encrypt in a logical sense.

Specifically with openssl_sign:

$fp = fopen("i.pem", "r");  //i.pem is the private key file
$priv_key = fread($fp, 8192);
fclose($fp);
$pkeyid = openssl_get_privatekey($priv_key);

$data="f2e140eb-2b09-44ab-8504-87b25d81914c";
openssl_sign($data, $signature, $pkeyid);
$reto22 = base64_encode($signature);    //this gives UNmlEfwISea9hoGfiwdM.......

Specifically with openssl_private_encrypt:

$llave_priv = file_get_contents("i.pem");  //i.pem is the private key file
$plaintext = "f2e140eb-2b09-44ab-8504-87b25d81914c";
openssl_private_encrypt($plaintext, $encrypted, $llave_priv);
$reto = base64_encode($encrypted);  //this gives ugSMAsCQlIKIlQ17exIvSEqkA60.......

Why is reto22 is different than $reto? they should be the same, shouldn't they? encrypt with priv key = sign, as far as I know

thanks for clarifying mario

I too want to learn the difference between `openssl_private_encrypt` vs `openssl_sign`, and the current answers don't seem to explain it well. — Ryan, Aug 04 '19 at 23:06

score 2 · Answer 1 · edited Nov 29 '14 at 18:53

2

Generally speaking, Encryption in public key systems is performed with the public key (so that the private key can be used to decrypt it) while signing is done with the private key (so that the public key can be used to verify it)

Signatures with openssl involve encrypting the hash of the message. So even if the same key is used, the output will be different, because while openssl_private_encrypt does encrypt with the private key like you would in a signature scheme, it doesn't hash the message, or (possibly, not certain) perform the same padding that a signature scheme would perform.

Stick with openssl_sign, as it will be more efficient and less prone to potential side channel attacks than rolling your own signature scheme.

edited Nov 29 '14 at 18:53

Artjom B.

61,146
24
125
222

answered Feb 16 '13 at 19:04

Peter Elliott

3,273
16
30

Thanks for your advise, excuse me, what did you say at the end? "built in constr" ???? is it a software? Maybe my confusion is in the name of the function openssl_private_encrypt. In encryption is with the public key of the receiver, why the term private in the function? seems contradictory or confused to me. – user1873420 Feb 18 '13 at 19:17
1

I misread your question a little bit, so that whole last paragraph didn't really fit. `openssl_encrypt_private` does indeed encrypt with the private key, as the documentation says. And in a simple sense, signing a message is just encrypting it with a private key, but there is other stuff that goes into Signing, as I've updated my answer to reflect. – Peter Elliott Feb 19 '13 at 00:31

score 1 · Answer 2 · edited May 23 '17 at 11:44

See this answer:

https://stackoverflow.com/a/2706636/1359088

It's helpful because it explains that openssl_sign performs a hash on the data internally before returning the signature, whereas openssl_private_encrypt requires you to perform the hash yourself. I understand conceptually why you want to openssl_sign (because encrypting is normally done with the public key, whereas signing is with the private key), but I was going crazy because SSCrypto has a method named sign that was returning the same data as openssl_private_encrypt rather than openssl_sign, and that answer above helped me to sort it out. I'm signing a message in an iPhone app, which will be verified by PHP; I'm using SSCrypto for the signing and openssl_verify to verify, but I'm testing with openssl_sign because I need the data to be identical to work.

score -3 · Answer 3 · answered Feb 15 '13 at 22:11

-3

You can use flour to make bread and you can use flour to make a roux. Yet bread isn't a roux and a roux isn't bread.

Similarly, encryption isn't signing and signing isn't encryption.

answered Feb 15 '13 at 22:11

Nik Bougalis

10,495
1
21
37

I see, in the first case, text can be seen by everyone, but it is proved the autenticity. In the second, nobody will see the text, is protected. Is my appreciation correct? – user1873420 Feb 15 '13 at 22:23
I guess. At least it *sounds* reasonable. – Nik Bougalis Feb 15 '13 at 22:26
Just One detail, in both cases I am using my private key, for encryption I use the public key of the receiver, so he is the only one to see, after applying his private key, then the doubt remains, arent these two sections the same thing? or what is the diferente? – user1873420 Feb 15 '13 at 22:54

why different result with sign and encrypt with priv key

3 Answers3