Nothing Special   »   [go: up one dir, main page]
Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Load ASN.1 private key to generate an RSA signature #1994

Closed
PlanetIrata opened this issue Apr 25, 2024 · 7 comments
Closed

Load ASN.1 private key to generate an RSA signature #1994

PlanetIrata opened this issue Apr 25, 2024 · 7 comments

Comments

@PlanetIrata
Copy link
PlanetIrata commented Apr 25, 2024
edited
Loading

Hi,

I'm using phpseclib 1.0.23 because I can't achieve to make version 3 work without using composer to install it, I want a zip file

I'd like to load a private key saved in a ASN.1 binary file but it doesn't work. Here is my code so far...

$priv_key = file_get_contents('./my.rsa.private.key.txt');
$asn1 = new File_ASN1();
$decoded = $asn1->decodeBER(base64_encode($priv_key));
print_r($decoded);   // <-- THIS OUTPUT SEEMS OK : Array ( [0] => Array ( [type] => 1 [constant] => 13 [content] => EGA.....Om9jx [length] => 75 ) )
$rsa->loadKey($decoded[0]);  // <-- DON'T WORK RETURN FALSE

Any help ?
@terrafrost
Copy link
Member

You can make phpseclib 3.0 work "without" Composer using the instructions at https://phpseclib.com/docs/install#without-composer .

That said, for 1.0... why can't you just do this?:

$rsa = new Crypt_RSA();
$rsa->loadKey($priv_key);

If you're gonna go the $asn1->decodeBER(base64_encode($priv_key)); route then you'd also need to call asn1map as well and doing so is a fair amount more complicated in the 1.0 branch.;

@PlanetIrata
Copy link
Author

Hi @terrafrost

I tried this at first attempt:

$rsa = new Crypt_RSA();
$priv_key = file_get_contents('./my.rsa.private.key.txt');
$rsa->loadKey($priv_key);  // <-- return false

But loadKey returns false and RSA sign doesn't do anything after that...

Will try with phpseclib 3.0 ...

@PlanetIrata
Copy link
Author
PlanetIrata commented Apr 26, 2024
edited
Loading

Do not work better with phpseclib 3...

Tried to load my key as exponent and modulus, but I have a 30 seconds timeout while trying to sign anything:

$rsa = PublicKeyLoader::load([
        // Modulus
        'n' => new BigInteger('5BDD6AFB1E1AFB50D1B2989F70B549B8D44AE3712B444F2C5D862C46C99526E998B79BF0B4F1461524E39D263F3130B9E08F3B17C2070785EFB0EDEC1E75C6C2B8185FA9596886D5DAF8B68E92FCF5F1B33E7CD772845555B086D2A2466B6398A04DFE1C727BB020ED2BF3F03D2826F89616D0846C18B1D87064616FAD394462', 16),

        // Exponent
        'e' => new BigInteger('6FE4F5D0AFCC16E8A5CC68955D4EF28255A546D06F34DD103540B9A7D202AEC96353072DB65D9C360E9030F413971142EE6A28974767CCF3ABFA4E7ADDAEAD81D3F8AE5FF1B8241CA9EF51C10941FFFA74482A636CBD909D29CF7A0346653D3C286EA1F392F4968AEF1489EC4B4BCEA4F248F3931B1C9BE2808DBD33B049731A', 16)
    ]
)
->withPadding(RSA::SIGNATURE_PKCS1)
->withHash('md5')
->withMGFHash('md5')
->asPrivateKey()
;

echo $rsa->sign("toto");   // <-- Fatal error: Maximum execution time of 30 seconds exceeded

Note that my private key was generated with an external app with these parameters:

  • Prime test iterations = 100
  • key size = 1024

Do I need to pass these parameters to the PublicKeyLoader::load array ?

@terrafrost
Copy link
Member 
$rsa = new Crypt_RSA();
$priv_key = file_get_contents('./my.rsa.private.key.txt');
$rsa->loadKey($priv_key);  // <-- return false

Would be helpful to see the key - or at least a key that reproduces the problem. As is I can only speculate as to why that doesn't work.

$rsa = $key->asPrivateKey();
echo $key->sign("toto");   // <-- Fatal error: Maximum execution time of 30 seconds exceeded

You'd need to do $rsa->sign("toto") vs $key->sign("toto"), as public key objects don't implement the sign() method.

That said, when I did it with $rsa->sign("toto") took me 0.164s to run it and that was with the PHP64 engine. Like the GMP engine is waaaaaay faster but 0.164s is still plenty fast. This was on PHP 8.3

So if echo $key->sign("toto"); wasn't a typo then it's not clear why you're not getting this error:

Fatal error: Uncaught Error: Call to undefined method phpseclib3\Crypt\RSA\PublicKey::sign() in \path\to\whatever.php

If echo $key->sign("toto"); was a typo then I'd need to see your php.ini to have at least recommendations as to how to speed it up. But even with that, tbh, even PHP 5.6 / 32-bit mode should still be plenty fast. xdebug could slow thing down but idk how by much off hand.

@PlanetIrata
Copy link
Author

@terrafrost I fixed the code from my previous comment and changes Modulus and Exponent to a key that timout on my computer. The previous one was working for unknown reason...

@terrafrost
Copy link
Member

Apologies for the delay - I've been traveling / vacationing.

Anyway, I was able to reproduce the issue and 2689c72 fixed it for me. Does it fix it for you?

terrafrost referenced this issue May 1, 2024
@terrafrost
BigInteger: EvalBarrett / Barrett could sometimes slow to a crawl
2689c72
@PlanetIrata
Copy link
Author

Apologies for the delay - I've been traveling / vacationing.

Anyway, I was able to reproduce the issue and 2689c72 fixed it for me. Does it fix it for you?

@terrafrost Yes it fixes the timeout, thanks !

terrafrost added a commit to terrafrost/phpseclib that referenced this issue Sep 24, 2024
@terrafrost
BigInteger: speed up Barrett reductions
c3cd458 
the changes for phpseclib#1994 (commit 2689c72) slowed things down
unnecessarily.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@terrafrost @PlanetIrata