1

Is it possible to generate an RSA public key from a passphrase using Cryptico, then use PHP to encrypt a message with that public key, and decrypt it with JavaScrpt using the original passphrase?

Cryptico seems to work great on its own, but I'm trying to use phpseclib to encrypt a message using the public key that Cryptico generated and i'm not getting an output. Even if I did, would I be able to base64 encode it and decrypt it with Cryptico?

Using the passphase "stackoverflow rocks" with Bits set to 1024 I get this public key:

XEjrqvt5K3pjM2m98ZFQOf9fObVNKPJQ9TYbo4sdNPaUO0NKdLtno8hXa292MiAmwip9JOiplmSQVEvpEnfebGNFFzqNgd4hAS6oXD6zHexVHsHpFTYxfVFQE93eHtbz0Mi7l64rnq6UOQKAB53CXVUev6RqyR6hs4oBiJRAOCs=

But when I use the following code with or without the PKCS1 line, I get no output. 

$rsa = new Crypt_RSA();
$rsa->loadKey('XEjrqvt5K3pjM2m98ZFQOf9fObVNKPJQ9TYbo4sdNPaUO0NKdLtno8hXa292MiAmwip9JOiplmSQVEvpEnfebGNFFzqNgd4hAS6oXD6zHexVHsHpFTYxfVFQE93eHtbz0Mi7l64rnq6UOQKAB53CXVUev6RqyR6hs4oBiJRAOCs='); // public key

$plaintext = 'tester';
$rsa->setEncryptionMode(CRYPT_RSA_ENCRYPTION_PKCS1);
$ciphertext = $rsa->encrypt($plaintext);
echo $ciphertext;
?>

Does anyone know what i'm missing to make this work? - Or is this impossible and i'm wasting my time?

EDIT: ------------ Code i'm using re owlstead's comment ------------- Tried with and without the PKCS1 line

<?php
include('Crypt/RSA.php');

$rsa = new Crypt_RSA();
$rsa->loadKey('-----BEGIN PUBLIC KEY-----
XEjrqvt5K3pjM2m98ZFQOf9fObVNKPJQ9TYbo4sdNPaUO0NKdLtno8hXa292MiAmwip9JOiplmSQVEvpEnfebGNFFzqNgd4hAS6oXD6zHexVHsHpFTYxfVFQE93eHtbz0Mi7l64rnq6UOQKAB53CXVUev6RqyR6hs4oBiJRAOCs=
-----END PUBLIC KEY-----'); // public key

$plaintext = 'tester';
$rsa->setEncryptionMode(CRYPT_RSA_ENCRYPTION_PKCS1);
$ciphertext = $rsa->encrypt($plaintext);
echo $ciphertext;
?>
neubert
  • 15,947
  • 24
  • 120
  • 212
NotSoSmart
  • 89
  • 12

1 Answers1

0

Yes, this can be made to work, as the Cryptoco library only seems to use standard cryptographic primitives. Your PHP code seems to require PEM encoded public keys. Cryptoco seems to generate only base 64 encoding however, so you need to surround the encoded public keys with the PEM header and footer:

-----BEGIN PUBLIC KEY-----
XEjrqvt5K3pjM2m98ZFQOf9fObVNKPJQ9TYbo4sdNPaUO0NKdLtno8hXa292MiAmwip9JOiplmSQVEvpEnfebGNFFzqNgd4hAS6oXD6zHexVHsHpFTYxfVFQE93eHtbz0Mi7l64rnq6UOQKAB53CXVUev6RqyR6hs4oBiJRAOCs=
-----END PUBLIC KEY-----

Note that the current Cryptoco protocol is broken, and that using untrusted code (such as JavaScript in the browser with regular HTTP instead of HTTPS) is unlikely to result in a secure system. I would shy away from any cryptographic library that does not have a supporting organization or well known cryptographer behind it.

Maarten Bodewes
  • 90,524
  • 13
  • 150
  • 263
  • 1
    Created a bug report just now. – Maarten Bodewes Dec 21 '13 at 16:31
  • Thanks for the reply, but I still get no output after adding -----BEGIN PUBLIC KEY----- & -----END PUBLIC KEY----- – NotSoSmart Dec 21 '13 at 21:31
  • Could you give me the full code you're using with phpseclib to get an output? – NotSoSmart Dec 21 '13 at 21:33
  • I don't get it, that's just 128 bits of output, and even then it does not start with a 1 bit as a modulus should. It does not look like a public key at all. Maybe it is a set of 32 bit values in little endian form or something. How do you generate the public key string? – Maarten Bodewes Dec 22 '13 at 03:20
  • @NotSoSmart I don't have any code, but I do have a lot of knowledge about *applied* crypto. – Maarten Bodewes Dec 22 '13 at 13:27
  • I thought the key seemed too small, but they're calling it an RSA key and it all works with the Cryptico JS code. I don't really know how it works. This is the documentation: (http://wwwtyro.github.io/cryptico/). I just downloaded this: (https://github.com/wwwtyro/cryptico), and made an edit of the test.html page. Even if I use the public key generated on their documentation page, I still can't get an output from phpseclib whatever I try. – NotSoSmart Dec 22 '13 at 15:49
  • It could be just an encoded modulus, while they are using a static public exponent. That would however not explain the first bit being zero (check out with any online base 64 to hexadecimal converter). I'll quickly check the implementation – Maarten Bodewes Dec 22 '13 at 16:17
  • 1
    Yes, it is just the modulus, which means the RSA key generation is a *bit* off. I'll check for the public exponent. In general, I would not trust single person **look, I can do encryption too!** libraries like this. Most of the time they have only been tested against the misconceptions of the creator. OK, so the public exponent is the value 3. Now check PKCS#1 v1.5 standard on how to create an encoded public key out of it. Gotta do some shopping... – Maarten Bodewes Dec 22 '13 at 16:28
  • OK, i've literally spent all day trying to figure this out, but I just can't get it to work. Can anyone show me how to encrypt to a Cryptico public key with PHP? @owlstead - I understand that you think this is the worst encryption tool on the planet, but it would actually serve my purpose quite well if I could use PHP to encrypt. – NotSoSmart Dec 23 '13 at 01:31
  • well, if you allow padding oracle attacks the plaintext could be easily retrieved by an attacker. This protocol signs, then encrypts, then uses CBC encoding. Each byte of plain text in less than 128 tries. It's not just bad, it is severely broken. Check my issue report. If it doesn't actually give you confidentiality, what use would it be? Going to sleep, brain is getting mushy. – Maarten Bodewes Dec 23 '13 at 01:42
  • Ok, I get your point. What i've decided to do is use: https://github.com/travist/jsencrypt (http://travistidwell.com/jsencrypt/demo/index.html) to generate an RSA key pair client side, then encrypt the private key with AES and store it in a database on the server. It's a bit more messing around, but i'm sure I can make it work. My question is: Is there anything wrong with this: https://github.com/travist/jsencrypt Is says it's based on this: http://www-cs-students.stanford.edu/~tjw/jsbn/ So, that's all good.. Right? – NotSoSmart Dec 23 '13 at 23:34
  • 1
    It only performs the RSA encryption so in that sense it is less vulnerable to some of the issues mentioned. Unfortunately I don't know if the RSA component has production quality. If you require long ciphertext you will have to create the protocol yourself so watch out not to fall into the same mistakes as the cryptico lib - validate a MAC over the ciphertext before accepting and make sure that step cannot be skipped. JavaScript and PHP are very popular to code hackers which translates into many libs that "work" but are not secure. – Maarten Bodewes Dec 24 '13 at 13:36