0

Can anyone point me in the right direction.

I am trying to encrypt a string server side (PHP) with a private key and then decrypt it client side (c#) with a public key to verify authenticity of the message sent.

Thanks

Jamie Hunt
  • 33
  • 3
  • 1
    what kind of encryption are you using, do you have certificates? most encryption question can be solved with bouncycastle. http://www.bouncycastle.org/csharp/ – albertjan Nov 24 '11 at 19:53
  • Use RSA and that's all)) – Nikita Nov 24 '11 at 19:56
  • Not using any kind of encryption yet, would prefer to use something not certificate, just key based if possible though – Jamie Hunt Nov 24 '11 at 19:56
  • Do you just want to verify the authenticity of the sender. If you do you should probably use some sort of signing mechanism – albertjan Nov 24 '11 at 19:59
  • Yes, I am implementing my own signing by sha hashing my content, then encrypting this hash server side and decrypting it client side to verify authenticity. – Jamie Hunt Nov 24 '11 at 20:02
  • 2
    You mean encrypt it with a *public* key then decrypt it with a *private* key, that's how asymmetric encryption usually works. – Nasreddine Nov 24 '11 at 21:31
  • 2
    @Nacereddine: Signing works exactly the other way round. This is apparently what the OP is looking for ("... to verify authenticity of the message sent"). – dtb Nov 24 '11 at 21:54
  • @dtb I overlooked that part as soon as I saw the encrypt/decrypt words. my bad. – Nasreddine Nov 24 '11 at 21:58
  • If you encrypt with RSA, you **must** use OAEP with MGF1+SHA256 and e = 65537 to be secure. – Scott Arciszewski Mar 06 '16 at 18:42

3 Answers3

1

Don't try to come up with a custom encryption scheme based on basic crypto algorithms like RSA. Security protocols are very hard to get right; you don't only have to think about encrypting or signing the data, but also man in the middle attacks, replay attacks, padding oracle attacks and whatnot.

I suggest you use a standardised, well-tested security protocol that is easy to use and understand: Use HTTPS.

dtb
  • 213,145
  • 36
  • 401
  • 431
  • But then I would have to purchase a really expensive certificate – Jamie Hunt Nov 24 '11 at 20:06
  • 3
    You can use a self-signed certificate that you ship with your application. – dtb Nov 24 '11 at 20:09
  • @JamieHunt They are only really expensive if you buy them from the "more recognized" authorities. There are plenty of cheap ones out there that will serve your purpose identically. – John Cartwright Nov 24 '11 at 21:20
  • 1
    @Jamie actually, instead of using a self-signed one, better have your own CA whose self-signed certificate you ship, and who will sign the certificate actually used by the server. This way you can easier change the server's key without having to redeploy your client application. – Paŭlo Ebermann Nov 25 '11 at 00:05
0

.NET contains standard functions for RSA encryption/decryption.

To use RSA in PHP, you can find a lot of implementations by Google.

Only problem that you will stumble in future is in transferring data between PHP and .NET programm:

  • you probably have to use base64 string
  • and if you want to send data with GET or POST you have to use this solution

ADDED

RSA is a simple algorithm that isn't hard to implementation by hand.

What about this solution?

Same topic was discussed here and here.

Community
  • 1
  • 1
Nikita
  • 106
  • 5
  • Can you recommend any RSA php implementation? I cant seem to find a good one, they all require me to install a PHP module on the server or are very slow, outdated and unmaintained. – Jamie Hunt Nov 24 '11 at 20:44
  • I would recommend to use a standard implementation of RSA, not a self-made one. And as I explained in my answer, you want signature, not encryption. – Paŭlo Ebermann Nov 25 '11 at 00:02
  • The stevish.com RSA implementation is only interoperable with itself and is vulnerable to a whole host of attacks due to that fact. My recommendation: use http://phpseclib.sourceforge.net/. It implements the PKCS#1 v2.1 crypto standards - the same standards OpenSSL uses. That means (unlike the steivsh.com implementation) it's interoperable and protects against the attacks described here: http://en.wikipedia.org/wiki/RSA_%28algorithm%29#Attacks_against_plain_RSA –  Nov 25 '11 at 15:26
0

What you want to do is usually called signature, not encryption.

Even if in textbooks RSA signature is explained as "encryption with private key, decryption with public one", in reality it uses a slightly different procedure (in the part before the actual "encryption"), and thus you have different functions for signature than for encryption.

For signature in PHP, it looks like you can use the openssl_sign function.

To check the signature in C#, you can use .NET's RSACryptoServiceProvider class, with it's VerifyData method.

Of course, if your goal is simply an authenticated transfer between two entities in the internet (i.e. from server to client), use SSL/TLS, it is the standard solution. You can use your own certificate (or one from your own CA) instead of an costly one from a commercial CA, if you distribute the root certificate with your application.

Paŭlo Ebermann
  • 73,284
  • 20
  • 146
  • 210
  • are these two functions you mention compatible with each other? – Devela Jan 26 '14 at 21:34
  • You might have to explore which algorithm names to give to each of these functions (or classes) for them to be compatible. I didn't use either one, so I can't testify it yet. – Paŭlo Ebermann Jan 27 '14 at 09:12
  • Looks like it's a rather tough convertion, I found a couple of ways to do it, not so clean though. – Devela Jan 28 '14 at 21:17