peter1967
asked on
Using PHP phpseclib RSA encryption does not produce same string each time
Hello Experts,
I am attempting to use PHP phpseclib RSA encryption to encrypt a string but each time I pass the same string it produces a different output. I am hoping someone can point where I am going wrong
Here is the code:
I will be appending to the URL the encrypted string in form of "accountLoginType|username |password" in order to connect a user to a 3rd party site that has provided me with the publickey.
I am attempting to use PHP phpseclib RSA encryption to encrypt a string but each time I pass the same string it produces a different output. I am hoping someone can point where I am going wrong
Here is the code:
I will be appending to the URL the encrypted string in form of "accountLoginType|username
<?php
require_once('Crypt/RSA.php');
function EncryptQueryString($accountLoginType, $username, $password) {
return RSAEncrypt($accountLoginType . "|" . $username . "|" . $password);
}
function RSAEncrypt($dataToEncrypt) {
$publicKey = '<RSAKeyValue>
<Modulus>uno9DsYcaZ1yAqY20nIM+YjYjjFsGx0DYm7lBGxbmVLLZTYc9MaI0Br+
8ElcuZVVNRmGeVBlkcHT3JpMDf/fiWSho6o0pRhQZmnG4RZtCWnGjFTV+
QWBYcuTGoQFKOtsrGqG16XwL2hPxqYW/7nzBVgAGe6myG3hMou8P4DSpjk=</Modulus>
<Exponent>AQAB</Exponent>
</RSAKeyValue>';
$xml = new DOMDocument();
$xml->loadXML($publicKey);
$modulus = new Math_BigInteger(base64_decode($xml->getElementsByTagName('Modulus')->item(0)->nodeValue), 256);
$exponent = new Math_BigInteger(base64_decode($xml->getElementsByTagName('Exponent')->item(0)->nodeValue), 256);
$key = array('modulus' => $modulus, 'publicExponent' => $exponent);
$rsa = new Crypt_RSA();
$rsa->loadkey($key, CRYPT_RSA_PUBLIC_FORMAT_RAW);
$rsa->setEncryptionMode(CRYPT_RSA_ENCRYPTION_PKCS1);
$plainbytes = mb_convert_encoding($dataToEncrypt,"UTF-16LE", "auto");
$res = $rsa->encrypt($plainbytes);
return base64_encode ( $res );
}
echo EncryptQueryString('accountLoginType', 'username', 'password');
?>
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
@Slick812
Since I am posting this string as a login credential to a 3rd party website I would assume it would expect some sort of consistency. I do not have access to the private key to perform a decrypt function.
When posting to their processing page of the 3rd party I receive an invalid token dispaly which leads me to believe I am doing something incorrectly.
Since I am posting this string as a login credential to a 3rd party website I would assume it would expect some sort of consistency. I do not have access to the private key to perform a decrypt function.
When posting to their processing page of the 3rd party I receive an invalid token dispaly which leads me to believe I am doing something incorrectly.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
@GaryC123 & Slick812,
Thank you, I was not aware of that. It seems i will need some further cooperation with this 3rd part provider to provide me with a decrypt testing mechanism to more accurately determine the issue.
Thank you, I was not aware of that. It seems i will need some further cooperation with this 3rd part provider to provide me with a decrypt testing mechanism to more accurately determine the issue.
To make the encryption harder padding is added, this padding is then used to decrypt the rest of the string.