• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1262
  • Last Modified:

Using PHP phpseclib RSA encryption does not produce same string each time

Hello Experts,

I am attempting to use PHP phpseclib RSA encryption to encrypt a string but each time I pass the same string it produces a different output. I am hoping someone can point where I am going wrong

Here is the code:
I will be appending to the URL the encrypted string in form of "accountLoginType|username|password" in order to connect a user to a 3rd party site that has provided me with the publickey.


function EncryptQueryString($accountLoginType, $username, $password) {
	return RSAEncrypt($accountLoginType . "|" . $username . "|" . $password);
function RSAEncrypt($dataToEncrypt) {
	$publicKey = '<RSAKeyValue>
       $xml = new DOMDocument();

       $modulus = new Math_BigInteger(base64_decode($xml->getElementsByTagName('Modulus')->item(0)->nodeValue), 256);
       $exponent = new Math_BigInteger(base64_decode($xml->getElementsByTagName('Exponent')->item(0)->nodeValue), 256);
       $key = array('modulus' => $modulus, 'publicExponent' => $exponent);

       $rsa = new Crypt_RSA();

       $rsa->loadkey($key, CRYPT_RSA_PUBLIC_FORMAT_RAW);

       $plainbytes = mb_convert_encoding($dataToEncrypt,"UTF-16LE", "auto");
       $res = $rsa->encrypt($plainbytes);

       return  base64_encode ( $res );

echo EncryptQueryString('accountLoginType', 'username', 'password');

Open in new window

  • 2
  • 2
2 Solutions
To make the encryption harder padding is added, this padding is then used to decrypt the rest of the string.
greetings peter1967, , you should ask yourself - "Why am I expecting the encrypted "string" to be the "Same" each time?" -(actually NOT a string but a Binary byte "block" with NO relation to any human language). To make this public-private-KEY encryption be harder to hack, there are Many complex Mixing for the out-put encryption, I guess you could in a more simple way, say it's got some form of randomization to further mix-up the out-put encryption, so you get different out-puts each time. When dealing with any encryption, a person can not ever determine if the out-put is correct or incorrect by looking at it, You must always "Test" encryption by sending it to the "Decryption" program or service, to see if it gets you the "Allowed" return, or service, OR it rejects you with ERRORS.
peter1967Author Commented:
Since I am posting this string as a login credential to a 3rd party website I would assume it would expect some sort of consistency. I do not have access to the private key to perform a decrypt function.
When posting to their processing page of the 3rd party I receive an invalid token dispaly which leads me to believe I am doing something incorrectly.
It shouldn't matter that's it different it will always decrypt back to the same original string.
That it is invalid suggests a problem with the public/private key.
peter1967Author Commented:
@GaryC123 & Slick812,

Thank you, I was not aware of that. It seems i will need some further cooperation with this 3rd part provider to provide me with a decrypt testing mechanism to more accurately determine the issue.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now