RSA encryption/decryption between Delphi and Php

Hi all. I have a "little" problem using RSA encryption in a compatible way between Delphi and Php. I found several class for Php and several cmponents for Delphi and they all work fine but when I try to decrypt with Php a string encrypted in Delphi (or viceversa) my code fails: simply returned string isn't the expected one. Googling I found that the problem (if I correctly understood) is the key-pair generation: it seems that Php and Delphi generate different key pairs and I don't know how to make them use the same keys.
Here at EE I found this thread ( which seems to provide a solution but using suggested library and suggested components didn't solve my problem. I'm sure that is something I do wrong or I simply do not but what it is? Any suggestion will be appreciated.

Thanks to all.
LVL 31
Marco GasiFreelancerAsked:
Who is Participating?
get the sample I wrote for you:

cheers - Lorenzo -
Marco GasiFreelancerAuthor Commented:
Thanks for your answer, Mahdi, but I knew that topic. There the problem was another one, concerning some difficult with DCPCrypt component, but I can get DCPCrypt working perfectly and I yet can encrypt/decrypt with Rjindael cypher using both Delphi and Php.

But I wish to use RSA encryption.

Cloud Class® Course: Microsoft Exchange Server

The MCTS: Microsoft Exchange Server 2010 certification validates your skills in supporting the maintenance and administration of the Exchange servers in an enterprise environment. Learn everything you need to know with this course.

There should be two keys, one public and one private. The public key is used for encrypting, can be given to anyone. The private key is used for decrypting the encrypted data with that particular public key. Are you following this scenario in your tests. If yes, to ensure it is not a math issue in one of the implementations (Delphi or PHP) try to use that key to decrypt/encrypt in another different implementations to find out whether they agree with the Delphi or PHP results, or maybe none of them. At the end you can test them against each other to be certain about your doubts.



Marco GasiFreelancerAuthor Commented:
Hi, jimiX. My problem is that. How pass the private key to other program? Let me explain. Suppose I want to encrypt a string in Delphi and decrypt it in Php: then I have to create the public key in Php and pass it to Delphi to encrypt in a way Php script can decrypt, right? But using, for instance, TurboPower LockBox in Delphi 7, I don't find a way to pass a key created by my php script: maybe this is one of that stupid things that I don't see if someone doesn't make me see them, but if you can help, I'll be very grateful.

use openssl instead. there is an import unit for openssl here:
to generate keypair in php:
      $res = openssl_pkey_new();
      openssl_pkey_export($res, $privkey);
      $pubkey = openssl_pkey_get_details($res);
      echo $privkey;
      echo $pubkey["key"];
you can create a script that passes public key to delphi, and stores private key into session data.
then, in Delphi you use openssl library to crypt data with public key; then invoke another script that decrypts data using private key stored into session.
tell me if you need more info I can write down a sample --
Marco GasiFreelancerAuthor Commented:
I'm sorry I'm late, lomo74, but I have some more urgent private issue to solve. Any way, can you provide some sample code about scripts you spoken about?
Thanks for the help.
I'd better post solution here --

one more thing, pay attention to the size of data you try to encrypt.
from openssl RSA_public_encrypt documentation:
"flen must be less than RSA_size(rsa) - 11 for the PKCS #1 v1.5 based padding modes"
it means that with a 1024 bit key (128 bytes) max size of data being encrypted is 116 bytes;
244 bytesfor 2048 bit key;
and so on...
Marco GasiFreelancerAuthor Commented:
Hi Lorenzo (are you italian?). I got this

requesting public key to the server...
got public key, reading it...
OOOPS! something went wrong!
error:0906D06C:PEM routines:PEM_read_bio:no start line

Can you understand what happened?

yes, I'm italian :-)

you have to put the key.php script on a server
then change the base URL (in the client test program) as needed

I used http://acer.rete.local/rsa/key.php because I have a linux box on my LAN named acer.rete.local

if you haven't a server right now, try to change base URL to this one:
I put the script on my web space, so you can test quickly
Marco GasiFreelancerAuthor Commented:
I'm italian too :-)... but we have to speak english :-(

In your server all works fine but in mine... My first trying was to use  my own server http://localhost but I received error I shown before. Then I put script in my server on web but I received a 403 forbidden error. Finally I put it in httpsdocs and  I received a 'IOHandler value is not valid' message. I'm a real newbie on encryption so I'm sorry to make you waste your time but if you can help. Anyway, your script is very interesting. Maybe I have to speak with my provider, right?

Ciao Marco --
I'm coming back to you tomorrow, I'll be glad to help you.
today I'm busy with a customer --
hold on
- L -
Marco GasiFreelancerAuthor Commented:
Ciao, Lorenzo.
Hope you have a good day with your customer. I've fixed the problem on localhost and I'll give you the points: your code is very interesting. I only pray you for two things;

1. Suggest me some manual or resource (I prefer books but I'll agree online resources also) to learn something about your Delphi code: what is BIO*? Always I wish to learn and this argument is very interesting and so complex! All this efforts are to provide an anticrack protection to the new version of my software Clone Delphi Wizard: none never will try to crack it, probably, but I think it is a useful tool for Delphi programmers and the new version will increase very mutch its usefulness, so I would protect itas well as I can. It'strue, cracker always find the way to crack, but for me is an occasion to learn something about complex programming tecniques...

2. Don't stop to monitor this question, so I'll can contact you to inform if I'm going to post some other related question, do you agree?

Ciao e grazie mille.
Marco GasiFreelancerAuthor Commented:
Thanks so mutch! Please, Lorenzo, read my last post. Bye
briefly, my knowledge on the subject comes mainly from documents found on the internet and from personal experimentation.
I can't remember useful links right now but I'll send them to you as soon as I gain access to my workstation --
What about contacting me, so we can stay in touch and speak italian :-)
You can click on the hire me button on my page if you want --
bye - L -
ok --

here are some resources

the openssl website, particularly function reference is a must if you want to use openssl

if I find more I'll send to you --

now about BIO... docs say "BIO is an I/O abstraction" - in other words it is something similar to a stream...
you create BIO's, connect them together, read or write through them, and so on
read here

oh, I realized my use of BIO's wasn't very clear... maybe this is clearer:
      //create a base64 BIO                      
      b64 := BIO_new(BIO_f_base64);
      mem := BIO_new(BIO_s_mem);
      BIO_push(b64, mem);
        //encode data to base64
        BIO_write(b64, buf, len);



Open in new window

data written to b64 is base64 encoded, then written to mem.
then I get a pointer to mem's data, where I find base64 encoded data that I transfer into a string.
ciao, - Lorenzo -
Marco GasiFreelancerAuthor Commented:
Thank you very mutch, Lorenzo, I'll study carefully the resources you have provided. Thank you for having explained your code also: yes, now it's clearer.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.