1

I am trying to convert a piece of JS code based on Dave Shapiro's 'RSA in Javascript' library (http://ohdave.com/rsa/) to PHP (I am trying to create a PHP crawler for a page that uses JS to encrypt the login form)

Here is the JS code I am trying to replicate:

var encryptionExponent = '010001';
var modulus = '00c6d7c11554aab59454b558169da42db14dec4ae0aacd9311aaec4260040fbb474885b5b1b73a5a40288f6ec301db37f920b05a0ad9f8119453b2b6b9ec4cca163ab3ab51e2d334eade81efeb01bed16e4f15fb2143e422cd3dec91a1b96ede4229ca9141ed27ffa72e643340a8db68b3ce38f65a8f59f570851196a76d2cbd67';
setMaxDigits(130);
var keyPair = new RSAKeyPair(encryptionExponent, null, modulus);
var encrypted = encryptedString(keyPair, 'test');
console.log(encrypted);

Here is the encrypted output of the JS code: c026f303aaa7114c7c0328e7112755eaa33c8f785908206c36d96e56bbee141c0a5504a41cbb8acf52de8254fa225ee0007b78fcd7791ce7a930ea1f3cd582329d05330c33d98354410562982f85f8997069c1535df062224103a09d1b2a4d0bf1bfa454f882af2a9828ed214c405f75d74cab8077c384bdef0c7f28a84eb8fe

Here is my PHP code, based on PHPSecLib:

$rsa = new Crypt_RSA();
$rsa->modulus= new Math_BigInteger('00c6d7c11554aab59454b558169da42db14dec4ae0aacd9311aaec4260040fbb474885b5b1b73a5a40288f6ec301db37f920b05a0ad9f8119453b2b6b9ec4cca163ab3ab51e2d334eade81efeb01bed16e4f15fb2143e422cd3dec91a1b96ede4229ca9141ed27ffa72e643340a8db68b3ce38f65a8f59f570851196a76d2cbd67', 16);
$rsa->publicExponent= new Math_BigInteger('010001', 16);      
$key = $rsa->getPublicKey();
$rsa->loadKey($key);
$rsa->setEncryptionMode(CRYPT_RSA_ENCRYPTION_PKCS1);
$ciphertext = $rsa->encrypt("test");
echo bin2hex($ciphertext)."\n";

Here is the encrypted output of the PHP code: 147e59d33fa0f5757bdd0a18822843aa6511f7c82d3398d503c19fb11e65b6b238694407cadf0c79655dfb4c2e0ab465e5e8e4025e2f579ea160be760af121aa7e303f875f813848cff2a82fd8c4d24f8bc87981e99c7a22216546013fb54210c06752833ac8722db789212636bf8c9be94b589b8def8af8c632df7c4dac432a

The output is different, even though the exponent and modulus are the same. I need my PHP output to be identical to the JS output (the decryption will happen on a server I have no control over).

I am having trouble understanding what kind of encryption the JS code is performing. I suspect my PHP encryption options are wrong.

Also, should I do something to my PHP BigIntegers in order to match the JS setMaxDigits(130)?

EL Louis
  • 89
  • 1
  • 5
  • You don't need matching encryptions, you need a working decryption. Have you tried that? – Artjom B. Dec 17 '14 at 17:43
  • Good point. Since I have no way of knowing how the decryption is handled, I did not bother trying to decrypt both strings with the same method. – EL Louis Dec 17 '14 at 19:07
  • I could not figure out how to decrypt. Probably because I only know the encoding exponent and modulus, not the private key. Meanwhile, I have bypassed the problem: I use CasperJS to access the page so I can directly access the JS encryption method. It's far from ideal (or elegant), but it works. – EL Louis Dec 18 '14 at 03:50

1 Answers1

3

You see a difference, because this JavaScript implementation uses a Zero Padding, but phpseclib only supports RSAES-PKCS1-v1_5 and RSAES-OAEP paddings. You either have to exchange your JavaScript implementation or the php implementation so that both support the same thing.

I suggest you exchange the JavaScript implementation for something versatile such as forge.

Artjom B.
  • 61,146
  • 24
  • 125
  • 222
  • Thanks, but I cannot touch the JS implementation. PHPSecLib was the only way I found to reproduce the exponent/modulus-based encryption with PHP. Do you know of a PHP alternative that would use Zero Padding? – EL Louis Dec 18 '14 at 15:10
  • That's too bad. I don't know any other RSA implementation in PHP, but I'm sure you can find one that is compatible. Besides, SO is not for recommendations. You can also try to recreate the Zero Padding found in the JS implementation in phpseclib, because it is open source. – Artjom B. Dec 18 '14 at 15:13
  • 2
    You can do non-padded RSA with phpseclib using the technique described at http://stackoverflow.com/a/4534385/569976 – neubert Dec 20 '14 at 14:30
  • No luck. Unfortunately. – EL Louis Dec 22 '14 at 20:41