phpseclib: OpenSSL Interoperability

CLI:

RSA Encryption with
- PKCS#1
- OAEP
RSA Signatures with
- PKCS#1
- PSS
AES

PHP Bindings (openssl_*):

Encrypt (PKCS#1) with

OpenSSL

openssl rsautl -inkey publickey.txt -pubin -encrypt -in plaintext.txt -out ciphertext.txt

phpseclib

<?php
include('Crypt/RSA.php');

$rsa = new Crypt_RSA();
$rsa->loadKey(file_get_contents('privatekey.txt'));
$rsa->loadKey($rsa->getPublicKey());
$rsa->setEncryptionMode(CRYPT_RSA_ENCRYPTION_PKCS1);
echo $rsa->encrypt(file_get_contents('plaintext.txt'));

Decrypt with

phpseclib

<?php
include('Crypt/RSA.php');

$rsa = new Crypt_RSA();
$rsa->loadKey(file_get_contents('privatekey.txt'));
$rsa->setEncryptionMode(CRYPT_RSA_ENCRYPTION_PKCS1);
echo $rsa->decrypt(file_get_contents('ciphertext.txt'));

OpenSSL

openssl rsautl -inkey privatekey.txt -decrypt -in ciphertext.txt -out plaintext.txt

Encrypt (OAEP) with

OpenSSL

openssl rsautl -inkey publickey.txt -encrypt -oaep -in plaintext.txt -out ciphertext.txt

phpseclib

<?php
include('Crypt/RSA.php');

$rsa = new Crypt_RSA();
$rsa->loadKey(file_get_contents('privatekey.txt'));
$rsa->loadKey($rsa->getPublicKey());
echo $rsa->encrypt(file_get_contents('plaintext.txt'));

Decrypt with

phpseclib

<?php
include('Crypt/RSA.php');

$rsa = new Crypt_RSA();
$rsa->loadKey(file_get_contents('privatekey.txt'));
$rsa->setEncryptionMode(CRYPT_RSA_ENCRYPTION_PKCS1);
echo $rsa->decrypt(file_get_contents('ciphertext.txt'));

OpenSSL

openssl rsautl -inkey privatekey.txt -decrypt -oaep -in ciphertext.txt -out plaintext.txt

Sign (PKCS#1) with

OpenSSL

openssl dgst -sha1 -out signature.txt -sign privatekey.txt plaintext.txt

phpseclib

<?php
include('Crypt/RSA.php');

$rsa = new Crypt_RSA(); 
$rsa->loadKey(file_get_contents('privatekey.txt')); 
$rsa->setSignatureMode(CRYPT_RSA_SIGNATURE_PKCS1); 
file_put_contents(
    'signature.txt',
    $rsa->sign(file_get_contents('plaintext.txt'))
);

Verify with

phpseclib

<?php
include('Crypt/RSA.php');

$rsa = new Crypt_RSA(); 
$rsa->loadKey(file_get_contents('privatekey.txt')); 
$rsa->loadKey($rsa->getPublicKey()); 
$rsa->setSignatureMode(CRYPT_RSA_SIGNATURE_PKCS1); 
echo $rsa->verify( 
    file_get_contents('plaintext.txt'), 
    file_get_contents('signature.txt') 
) ? 'verified' : 'unverified';

OpenSSL

openssl dgst -sha1 -verify publickey.txt -signature signature.txt plaintext.txt

Sign (PSS) with

OpenSSL

openssl dgst -sha1 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:-1 -out signature.txt -sign privatekey.txt plaintext.txt

phpseclib

<?php
include('Crypt/RSA.php');

$rsa = new Crypt_RSA(); 
$rsa->loadKey(file_get_contents('privatekey.txt')); 
file_put_contents(
    'signature.txt',
    $rsa->sign(file_get_contents('plaintext.txt'))
);

Verify with

phpseclib

<?php
include('Crypt/RSA.php');

$rsa = new Crypt_RSA(); 
$rsa->loadKey(file_get_contents('privatekey.txt'));
$rsa->loadKey($rsa->getPublicKey());
echo $rsa->verify(
    file_get_contents('plaintext.txt'),
    file_get_contents('signature.txt')
) ? 'verified' : 'unverified';

OpenSSL

openssl dgst -sha1 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:-1 -verify publickey.txt -signature signature.txt plaintext.txt

Encrypt with

OpenSSL

openssl enc -aes-128-cbc -e -in plaintext.txt -out ciphertext.txt -nosalt -K AA -iv AA -p

Decrypt with

phpseclib

<?php
include('Crypt/AES.php');

$aes = new Crypt_AES(); 
$aes->setKey(pack('H*', 'AA')); // null-padded to 128 bits
$aes->setIV(pack('H*', 'AA')); // null-padded to 128 bits
echo $aes->decrypt(file_get_contents('ciphertext.txt'));

"Seal" with

OpenSSL

<?php
$plaintext = 'hello world!'; 
$privkey = file_get_contents('/path/to/private.key');

// openssl_get_publickey() only creates public key resources from X.509
// certificates hence our creating one
$dn = array();  // use defaults
$res_privkey = openssl_pkey_get_private($privkey);
$res_csr = openssl_csr_new($dn, $res_privkey);
$res_cert = openssl_csr_sign($res_csr, null, $res_privkey, 365);
openssl_x509_export($res_cert, $str_cert);
$res_pubkey = openssl_get_publickey($str_cert);

// now that the public key is in a format openssl_get_publickey can use... 
openssl_seal($plaintext, $ciphertext, $enckey, array($res_pubkey)); 
$enckey = $enckey[0];

phpseclib

<?php
include_once('Crypt/RSA.php'); 
include_once('Crypt/RC4.php'); 

$key = 'thisisthekey'; 
$plaintext = 'hello world!'; 

$privkey = file_get_contents('/path/to/private.key'); 

$rsa = new Crypt_RSA(); 
$rsa->loadKey($privkey); 
$rsa->loadKey($rsa->getPublicKey()); 
$rsa->setEncryptionMode(CRYPT_RSA_ENCRYPTION_PKCS1); 
$enckey = $rsa->encrypt($key); 

$rc4 = new Crypt_RC4(); 
$rc4->setKey($key); 
$ciphertext = $rc4->encrypt($plaintext);

"Open" with

phpseclib

// continuing from the above

include_once('Crypt/RSA.php'); 
include_once('Crypt/RC4.php'); 

$rsa = new Crypt_RSA(); 
$rsa->loadKey($privkey); 
$rsa->setEncryptionMode(CRYPT_RSA_ENCRYPTION_PKCS1); 
$key = $rsa->decrypt($enckey); 

$rc4 = new Crypt_RC4(); 
$rc4->setKey($key); 
$result = $rc4->decrypt($ciphertext); 

echo $result;
?>

OpenSSL

// continuing from the above

openssl_open($ciphertext, $result, $enckey, openssl_get_privatekey($privkey)); 

echo $result;
?>

Encrypt with

OpenSSL

<?php
$privkey = file_get_contents('/path/to/private.key');

openssl_private_encrypt('ddd', $ciphertext, $privkey);

phpseclib

<?php
include_once('Crypt/RSA.php'); 

// phpseclib implements PKCS#1 v2.1 which is largely compatible with
// PKCS#1 v1.5 (which is what OpenSSL implements) save for instances
// where the private key is being used to encrypt.
define('CRYPT_RSA_PKCS15_COMPAT', true); 

$privkey = file_get_contents('/path/to/private.key');

$rsa = new Crypt_RSA(); 
$rsa->loadKey($privkey); 
$rsa->setEncryptionMode(CRYPT_RSA_ENCRYPTION_PKCS1); 
$ciphertext = $rsa->encrypt('ddd');

Decrypt with

phpseclib

// continuing from the above

$rsa = new Crypt_RSA(); 
$rsa->loadKey($privkey); 
$rsa->loadKey($rsa->getPublicKey()); 
$rsa->setEncryptionMode(CRYPT_RSA_ENCRYPTION_PKCS1); 
echo $rsa->decrypt($ciphertext);
?>

OpenSSL

// continuing from the above

// openssl_get_publickey() only creates public key resources from X.509
// certificates hence our creating one
$dn = array();  // use defaults 
$res_privkey = openssl_pkey_get_private($privkey); 
$res_csr = openssl_csr_new($dn, $res_privkey); 
$res_cert = openssl_csr_sign($res_csr, null, $res_privkey, 365); 
openssl_x509_export($res_cert, $str_cert); 
$res_pubkey = openssl_get_publickey($str_cert); 

openssl_public_decrypt($ciphertext, $plaintext, $res_pubkey); 

echo $plaintext;
?>

permanent link