encryption - RSA Private and Public Keys have the same cipher text when encrypted with AES 256? -
is normal keypair of rsa (private , public) have same ciphertext when encrypt them aes 256?
in fact i'm using php:
<?php $key="abc"; $config = array( "digest_alg" => "sha512", "private_key_bits" => 4096, "private_key_type" => openssl_keytype_rsa, ); // create private , public key $res = openssl_pkey_new($config); // extract private key $res $privkey openssl_pkey_export($res, $privkey); // extract public key $res $pubkey $pubkey = openssl_pkey_get_details($res); $pubkey= $pubkey["key"]; aes256key = hash("sha256", $password, true); // entropy (for mcrypt_rand) srand((double) microtime() * 1000000); // generate random iv $iv = mcrypt_create_iv(mcrypt_get_iv_size(mcrypt_rijndael_256, mcrypt_mode_cbc), mcrypt_rand); $crypted_priv= rtrim(base64_encode(mcrypt_encrypt(mcrypt_rijndael_256, $key, $privkey, mcrypt_mode_cbc, $iv)), "\0\3"); $crypted_pub= rtrim(base64_encode(mcrypt_encrypt(mcrypt_rijndael_256, $key, $pubkey, mcrypt_mode_cbc, $iv)), "\0\3"); ?>
update: replaced ecb cbc , hope correct...
you not getting public key openssl_pkey_get_details()
. structure contains both public exponent e
, private exponent d
. normal private key contains public exponent. of time static value (such 65537, fourth number of fermat).
according documentation of openssl_pkey_new
can public key using method openssl_pkey_new()
:
openssl_pkey_new() generates new private , public key pair. public component of key can obtained using openssl_pkey_get_public().
that's not thing goes wrong though:
- you not using aes. rijndael block size of 256 not aes. aes has block size of 128 bits.
- although
mcrypt
expects iv, ecb mode not - read on. - ecb mode not secure other random data, should using cbc mode encrypt asymmetric keys (as contain structure may leak information); cbc mode require random iv.
- you using ascii representation of string instead of aes key; should use password based key derivation function such pbkdf2, bcrypt or scrypt instead. php
mcrypt
far forgiving regarding insecure keys.
note in general advise padding mode such pkcs#7. mcrypt not implement sane padding method, have implement yourself.
Comments
Post a Comment