Using PHP phpseclib RSA encryption does not produce same string each time

Hello Experts,

I am attempting to use PHP phpseclib RSA encryption to encrypt a string but each time I pass the same string it produces a different output. I am hoping someone can point where I am going wrong

Here is the code:
I will be appending to the URL the encrypted string in form of "accountLoginType|username|password" in order to connect a user to a 3rd party site that has provided me with the publickey.

<?php
 
require_once('Crypt/RSA.php');

function EncryptQueryString($accountLoginType, $username, $password) {
	return RSAEncrypt($accountLoginType . "|" . $username . "|" . $password);
}
function RSAEncrypt($dataToEncrypt) {
	$publicKey = '<RSAKeyValue>
                      <Modulus>uno9DsYcaZ1yAqY20nIM+YjYjjFsGx0DYm7lBGxbmVLLZTYc9MaI0Br+
                      8ElcuZVVNRmGeVBlkcHT3JpMDf/fiWSho6o0pRhQZmnG4RZtCWnGjFTV+
                      QWBYcuTGoQFKOtsrGqG16XwL2hPxqYW/7nzBVgAGe6myG3hMou8P4DSpjk=</Modulus>
                      <Exponent>AQAB</Exponent>
                      </RSAKeyValue>';
       $xml = new DOMDocument();
       $xml->loadXML($publicKey);

       $modulus = new Math_BigInteger(base64_decode($xml->getElementsByTagName('Modulus')->item(0)->nodeValue), 256);
       $exponent = new Math_BigInteger(base64_decode($xml->getElementsByTagName('Exponent')->item(0)->nodeValue), 256);
       $key = array('modulus' => $modulus, 'publicExponent' => $exponent);

       $rsa = new Crypt_RSA();

       $rsa->loadkey($key, CRYPT_RSA_PUBLIC_FORMAT_RAW);
       $rsa->setEncryptionMode(CRYPT_RSA_ENCRYPTION_PKCS1);

       $plainbytes = mb_convert_encoding($dataToEncrypt,"UTF-16LE", "auto");
       $res = $rsa->encrypt($plainbytes);

       return  base64_encode ( $res );
}

echo EncryptQueryString('accountLoginType', 'username', 'password');
?>

Open in new window

peter1967Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

GaryCommented:
http://scienceblogs.com/goodmath/2009/01/08/cryptographic-padding-in-rsa/
To make the encryption harder padding is added, this padding is then used to decrypt the rest of the string.
0
Slick812Commented:
greetings peter1967, , you should ask yourself - "Why am I expecting the encrypted "string" to be the "Same" each time?" -(actually NOT a string but a Binary byte "block" with NO relation to any human language). To make this public-private-KEY encryption be harder to hack, there are Many complex Mixing for the out-put encryption, I guess you could in a more simple way, say it's got some form of randomization to further mix-up the out-put encryption, so you get different out-puts each time. When dealing with any encryption, a person can not ever determine if the out-put is correct or incorrect by looking at it, You must always "Test" encryption by sending it to the "Decryption" program or service, to see if it gets you the "Allowed" return, or service, OR it rejects you with ERRORS.
0
peter1967Author Commented:
@Slick812
Since I am posting this string as a login credential to a 3rd party website I would assume it would expect some sort of consistency. I do not have access to the private key to perform a decrypt function.
When posting to their processing page of the 3rd party I receive an invalid token dispaly which leads me to believe I am doing something incorrectly.
0
GaryCommented:
It shouldn't matter that's it different it will always decrypt back to the same original string.
That it is invalid suggests a problem with the public/private key.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
peter1967Author Commented:
@GaryC123 & Slick812,

Thank you, I was not aware of that. It seems i will need some further cooperation with this 3rd part provider to provide me with a decrypt testing mechanism to more accurately determine the issue.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
PHP

From novice to tech pro — start learning today.