RSA Encrypt in PHP to decrypt in .NET

php .net rsa pear
user312904 picture user312904 · Apr 9, 2010 · Viewed 12.4k times · Source

In PHP I am RSA encrypting a message to be decrypted by .NET application... but I keep getting a "Bad Key" exception from .NET....

For RSA encryption, I am using PEAR class Crypt_RSA-> encrypting with the public key (which is a modulus, exponent pair) I get from working encryption system in .NET...

I guess the easiest question would be-> does "Bad Key" mean it is not able to decrypt the message whatsoever? IE, it is not encrypted correctly?

The harder question is-> Is there anything specific about RSA encryption that causes quirks between .NET and PHP?

Answer

user260294 picture user260294 · Apr 10, 2010

Security Warning: Use OAEP, not PKCS#1.

If you want to use a solution that doesn't require the openssl extension, try phpseclib's Crypt_RSA. Examples follow:

Decryption with PKCS#1 padding:

openssl rsautl -inkey privatekey.txt -encrypt -in plaintext.txt -out ciphertext.txt

<?php
include('Crypt/RSA.php');

$rsa = new Crypt_RSA();
$rsa->loadKey(file_get_contents('privatekey.txt'));
$rsa->setEncryptionMode(CRYPT_RSA_ENCRYPTION_PKCS1);
echo $rsa->decrypt(file_get_contents('ciphertext.txt'));
?>

Encryption with PKCS#1 padding:

<?php
include('Crypt/RSA.php');

$rsa = new Crypt_RSA();
$rsa->loadKey(file_get_contents('privatekey.txt'));
$rsa->loadKey($rsa->getPublicKey());
$rsa->setEncryptionMode(CRYPT_RSA_ENCRYPTION_PKCS1);
echo $rsa->encrypt('1234567890');
?>

openssl rsautl -inkey privatekey.txt -decrypt -in ciphertext.txt -out plaintext.txt

Decryption with OAEP padding:

openssl rsautl -inkey privatekey.txt -encrypt -oaep -in plaintext.txt -out ciphertext.txt

<?php
include('Crypt/RSA.php');

$rsa = new Crypt_RSA();
$rsa->loadKey(file_get_contents('privatekey.txt'));
echo $rsa->decrypt(file_get_contents('ciphertext.txt'));
?>

Encryption with OAEP padding:

<?php
include('Crypt/RSA.php');

$rsa = new Crypt_RSA();
$rsa->loadKey(file_get_contents('privatekey.txt'));
$rsa->loadKey($rsa->getPublicKey());
echo $rsa->encrypt('1234567890');
?>

openssl rsautl -inkey privatekey.txt -decrypt -oaep -in ciphertext.txt -out plaintext.txt

phpseclib can be downloaded from http://phpseclib.sourceforge.net/

Good luck!

Related questions

Calling a function from a string in C#

I know in php you are able to make a call like: $function_name = 'hello'; $function_name(); function hello() { echo 'hello'; } Is this possible in .Net?

Read More
Creating a 'robot' to fill form with some pages in

I want to implement an 'robot' that could automatically fill forms. Is there an solution when you can fill data on page for example,form1.html and submit it, wait to next page and submit with data on form2.html,…

Read More
How do I check if a string contains a specific word?

Consider: $a = 'How are you?'; if ($a contains 'are') echo 'true'; Suppose I have the code above, what is the correct way to write the statement if ($a contains 'are')?

Read More