Frost Jedi

[mdileep]

I'm building an application which is client[C#] & Server[PHP] based application. I want to sign the data on server using RSA-SHA1 and send to client. On Server i.e. PHP I' using PHPSecLib.Signing with Private Key] On client i.e. C# I'm using RSACryptoServiceProvider. Sign Hash rom Server is not matching with the client.I'm providing both c#,php codes.
PHP #Output

Code: Select all

BLkgXU6t6IYNdlrgTaJgaGzZtSc9NjY9q67PbidGo0e79SyQ7b18uKSg1a215r583atzIlFYkAyxDCjvQJIBATdeOKpWuzdtRkZqDX7TQAw5jLHdsFjL3lQWABERFUdEs9XuCykb3I8UNVT2UgmMRZ3pyKknCMdc5AlE9mKXOYI=

PHP Code

Code: Select all

$plaintext = 'O'; $rsa = new Crypt_RSA();
$rsa->loadKey("<RSAKeyValue><Modulus>3BqiIB3ouyXHDMpW43TlZrx8fkts2FVVARJKNXFRQ/WIlsthDzL2jY2KEJVN6BKE4A51X+8LMzAI+2z3vIgAQT3bRSfOwygpGBjdhhnXJwFlQ6Gf/+z0ffQfVx/DHw3+QWphcwGDBst+KIA6u6ayy+RDE+jEityyyWDiWqkR9J8=</Modulus><Exponent>AQAB</Exponent><P>8a8nuVhIANh7J2TLn4wWTXhZY1tvlyFKaslOeAOVr+wgEWLQpLZ0Jpjm8aUyyOYPXlk7xrA5BOebtz41diu4RQ==</P><Q>6SQ9y3sEMjrf/c4bHGVlhOj4LUVykradWWUNC0ya7llnR8y1djJ1uUut+EoAa1JQCGukuv4K8NvN1Ieo72Fhkw==</Q><DP>cg0VMusNN5DxNRrk2IrUL4TesfuBQpGMO6554DrY1acZTvsRuNj9IQXA3kH2IEYo9H4prk6U6dKeci/iLLze/Q==</DP><DQ>m/pZNXeZ+RkWnrFzxe24m9FZqMAbxThT0Wkf7v1Tcj9yL8EvbmKYDF4riD/KRAMP9HJABbLNExObg6M3TOAz7Q==</DQ><InverseQ>w8PvW8srrPCuOcphBKXSyoZxCZn81+rovBxuE8AB95m5X+URE8SunK7f+g7hBBin6nUOaVGohBP8jzkQEsdx1Q==</InverseQ>  <D>AsVPDypxOJHkLJQLffeFv8JVqt1WNG72j/nj90JC7KEVpBhRU3inw+ZpO4Y1odtB0vQ7pAaFVJKhOlEH2Va48hNUEQujML8rE+LZXgI3lu0TlqOCIqTHIljeJry0ca30XFtFDp9kh0Kr/0CgGMqgIed+hDUjAad8ke9D2YicDok=</D></RSAKeyValue>",2);
//2 for Pivate Key XML
$signature = $rsa->sign($plaintext); 
echo base64_encode($signature);

C# Output

Code: Select all

aCqhRe/lj99Yv0cLVxZD9v0M29qiEhlNOTIGuVuUbw58sp/9lLQEoMqKQrIfyTA7O2OIw5QWV9eZXlAlOlvvBPR1IOahk3mr8N8xaT5+T2fG5cEldeOWwKKxSNHqEBzIVT/4FQqlpvrmtoHJIL6n6KjDb/HQD2kgmMLmQffVYGo=

C# Code

Code: Select all

string private_xml = @"<RSAKeyValue><Modulus>3BqiIB3ouyXHDMpW43TlZrx8fkts2FVVARJKNXFRQ/WIlsthDzL2jY2KEJVN6BKE4A51X+8LMzAI+2z3vIgAQT3bRSfOwygpGBjdhhnXJwFlQ6Gf/+z0ffQfVx/DHw3+QWphcwGDBst+KIA6u6ayy+RDE+jEityyyWDiWqkR9J8=</Modulus><Exponent>AQAB</Exponent><P>8a8nuVhIANh7J2TLn4wWTXhZY1tvlyFKaslOeAOVr+wgEWLQpLZ0Jpjm8aUyyOYPXlk7xrA5BOebtz41diu4RQ==</P><Q>6SQ9y3sEMjrf/c4bHGVlhOj4LUVykradWWUNC0ya7llnR8y1djJ1uUut+EoAa1JQCGukuv4K8NvN1Ieo72Fhkw==</Q><DP>cg0VMusNN5DxNRrk2IrUL4TesfuBQpGMO6554DrY1acZTvsRuNj9IQXA3kH2IEYo9H4prk6U6dKeci/iLLze/Q==</DP><DQ>m/pZNXeZ+RkWnrFzxe24m9FZqMAbxThT0Wkf7v1Tcj9yL8EvbmKYDF4riD/KRAMP9HJABbLNExObg6M3TOAz7Q==</DQ><InverseQ>w8PvW8srrPCuOcphBKXSyoZxCZn81+rovBxuE8AB95m5X+URE8SunK7f+g7hBBin6nUOaVGohBP8jzkQEsdx1Q==</InverseQ>  <D>AsVPDypxOJHkLJQLffeFv8JVqt1WNG72j/nj90JC7KEVpBhRU3inw+ZpO4Y1odtB0vQ7pAaFVJKhOlEH2Va48hNUEQujML8rE+LZXgI3lu0TlqOCIqTHIljeJry0ca30XFtFDp9kh0Kr/0CgGMqgIed+hDUjAad8ke9D2YicDok=</D></RSAKeyValue>";               

RSACryptoServiceProvider rsa = new RSACryptoServiceProvider();           
  rsa.FromXmlString(private_xml);           
  string Text = "O";         
   byte[] Data = Encoding.ASCII.GetBytes(Text);       
      byte[] signature = rsa.SignData(Data, new SHA1CryptoServiceProvider());     
        string o = Convert.ToBase64String(signature);

[TerraFrost]

You probably need to do $rsa->setEncryptionMode(CRYPT_RSA_PUBLIC_FORMAT_PKCS1);

Also, instead of doing $rsa->loadKey('...', 2) the latest SVN version will auto-detect the format. If you want to tell phpseclib which format to use I'd use CRYPT_RSA_PRIVATE_FORMAT_XML instead of 2.

[mdileep]

No change in the output. Even after setting encryption mode. Can anyone help me

[mdileep]

It seems phpseclib Sign() is not compatible with C# RSA SignData.Where as Encrypton & Decryption are Cross compatible.
http://www.dustinhorne.com/post/Asymmet ... light.aspx
I solved my issueby using above link by Public Decryption on client using above & PHPSecLib for encryption on Server.

[TerraFrost]

Sign Hash rom Server is not matching with the client.

Rereading your post... they're never going to match. OAEP padding and PKCS1 use a random element when generating their hashes. Try running phpseclib again. phpseclib won't even match with itself nor will your C# program, assuming it's utilizing the PKCS#1 standards. You don't verify a signature by doing $mysig == $filesig - you verify a signature, in phpseclib, using the Crypt_RSA::verify() function. If you want to do == do sha1() or something.

I also don't see anything in the link you provided that indicates that they're incompatible. Maybe I read it too quickly though. If so maybe you could post the relevant section.

[dustinhorne]

mdileep -

Thanks for the link to my blog. FrostJedi is correct, you're attempting to sign the data twice and compare the signed value which will not work. In fact, Signing uses a different PKCS padding scheme than the encryption itself. PHPSecLib is actually perfectly compatible with both my implementation and RSACryptoServiceProvider (which should be since my implementation is compatible with RSACP). While I duplicated a lot of RSACP, one thing I did differently was allow you to provide a hashing provider. Microsoft uses a magic string in their implementation which I don't like.

If you want to use RSACP to verify your data, you need to have the public key loaded on the C# side (since the data is encrypted with the private key during signing, only the public key is needed for verification). And you need to use the VerifyData method, padding in the byte array of your encrypted data, the hashing algorithm that was used, and the text you want to compare it to. For example:

Code: Select all

var str1 = "My original string.";

objRs.VerifyData(str1SignedBytes, "SHA1", str1);

What VerifyData actually does is uses the public key to decrypt your byte array and removes the padding, then it uses the specified hashing algorithm, in this case "SHA1", and hashes the string you passed in the last parameter. Finally, it compares the values of the hashed string and the decrypted hash and if the hashed values match, then the verification passes.

In the case of Signing and Encrypting, you can encrypt the same data with the same key over and over and will get different results (depending on the padding scheme). The padding schemes generate cryptographically strong random padding and add it to your data to force your data to match the lenghth of your key. Doing this accomplishes two things:
1. A hacker cannot tell how long your original string is because it is padded to always match the length of your key
2. A hacker doesn't know what the padding is since it's random (which is why OAEP is strong than PKCS 1.5) and can't decipher any of your original text.

I hope this was helpful. If you have any questions, feel free to contact me through my blog:
http://www.dustinhorne.com/contact.aspx

Or if you're interested in diving deeper into how RSA works, the Scrypt project (the one I developed and was writing about in my blog post) is open source on codeplex.
http://scrypt.codeplex.com

Thanks,

Dustin