Encrypting in Javascript, decrypting PHP using PKCS#1

Question

I have trying to do encryption/decryption in Javascript/PHP using PKCS#1. I have the following variables:

e: Public exponent (for encryption)
d: Private exponent (for decryption)
n: modulus

I am using this javascript library to decrypt: http://www-cs-students.stanford.edu/~tjw/jsbn/rsa.js like this:

    var rsa = new RSAKey();

    rsa.setPublic(n, e);

    var cipherText = rsa.encrypt(plainText);

To decrypt in PHP I use PHPSec library:

Question1: How do I convert from d and n to a private key to be used in phpseclib?

Question2: How do I convert the output from the Javascript code to a form that can be used with phpseclib?

Answer 1

I guess that you've already found a solution for your problem since, but here is a little examle to use RSA between Javascript and PHP for those who are still looking for a solution (example):

<?php
$path = 'phpseclib';
set_include_path(get_include_path() . PATH_SEPARATOR . $path);
include_once('Crypt/RSA.php');

$rsa = new Crypt_RSA();
$rsa->setPublicKeyFormat(CRYPT_RSA_PUBLIC_FORMAT_RAW);
$key = $rsa->createKey(512);
$e = new Math_BigInteger($key['publickey']['e'], 10);
$e = $e->toHex();
$n = new Math_BigInteger($key['publickey']['n'], 10);
$n = $n->toHex();
function decrypt($msg, $key) {
    $rsa = new Crypt_RSA();
    $rsa->setEncryptionMode(CRYPT_RSA_ENCRYPTION_PKCS1);
    $rsa->loadKey($key, CRYPT_RSA_PRIVATE_FORMAT_PKCS1);
    $s = new Math_BigInteger($msg, 16);
    return $rsa->decrypt($s->toBytes());
}
?>
<script type="text/javascript" src="javascript/jsbn.js"></script>
<script type="text/javascript" src="javascript/prng4.js"></script>
<script type="text/javascript" src="javascript/rng.js"></script>
<script type="text/javascript" src="javascript/rsa.js"></script>
<script>
<?php
echo "var n='".$n."';";
echo "var e='".$e."';";
?>
function encrypt() {
    var rsa = new RSAKey();
    rsa.setPublic(n, e);
    document.getElementById('enc_text').value = rsa.encrypt(document.getElementById('plaintext').value);
}
</script>

Plain Text:<br/>
<input id='plaintext' name='plaintext' type="text" size="40"/><br/>
<input type="button" onclick="encrypt()" value="Encrypt"/><br/>
Encrypted Text:<br/>
<form action="" method="post">
<input id="enc_text" name='enc_text' type="text" size="40"/><br/>
<?php
echo '<input id="key" name="key" type="hidden" size="40" value="'.urlencode($key['privatekey']).'"/><br/>';
?>
<input name="submit" type="submit" value="Submit" size="10"/>
</form>
<?php
if(isset($_POST['submit']) && ($_POST['enc_text'] != 0)) {
echo decrypt($_POST['enc_text'], urldecode($_POST['key']));
}
?>

If you need more examples, visit the official website for documentation at : http://phpseclib.sourceforge.net/new/rsa/examples.html

or

http://bestmike007.com/2011/08/secure-data-transmission-between-pure-php-and-javascript-using-rsa/

Answer 2

For javascript / PHP interoperability check out this:

http://area51.phpbb.com/phpBB/viewtopic.php?f=84&t=33024&start=0

It does PKCS#1 v2.1 RSAES-OAEP (which is supposed to offer better security than PKCS#1 v2.1 RSASSA-PKCS1-v1_5).

$rsa->loadKey( array( 'e' => new Math_BigInteger('...', 256), 'n' => new Math_BigInteger('...', 256) ) );

If that doesn't work let me know.

Alternatively, you could try this:

http://www.frostjedi.com/phpbb3/viewtopic.php?p=331621#p331621

(see the second code block)

For converting the js output to a format PHP could use... the proof of concept I linked to is passing the output to char2hex():

function char2hex(source)
{
   var hex = "";
   for (var i = 0; i < source.length; i+=1)
   {
      temp = source[i].toString(16);
      switch (temp.length)
      {
         case 1:
            temp = "0" + temp;
            break;
         case 0:
           temp = "00";
      }
      hex+= temp;
   }
   return hex;
} 

Good luck!