-
-
Notifications
You must be signed in to change notification settings - Fork 877
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
RSA signing problem, when some components of private key are zero #980
Comments
phpseclib is designed to work with private keys that don't have those fields. None-the-less I tried to reproduce the issue and was unable to do so. eg. <?php
include('Crypt/RSA.php');
$rsa = new Crypt_RSA();
extract($rsa->createKey(512));
$rsa->loadKey($publickey);
//$rsa->setSignatureMode(CRYPT_RSA_SIGNATURE_PKCS1);
echo bin2hex($rsa->sign('zzz')); I don't get a "division by zero" error or anything. I tried it with PKCS1 and without PKCS1. I tried it in the 2.0 branch as well: <?php
include('autoloader.php');
$loader = new \Composer\Autoload\ClassLoader();
$loader->addPsr4('phpseclib\\', __DIR__ . '/phpseclib2.0');
$loader->register();
use \phpseclib\Crypt\RSA;
$rsa = new RSA();
extract($rsa->createKey(512));
//$rsa->setSignatureMode(RSA::SIGNATURE_PKCS1);
$rsa->loadKey($publickey);
echo bin2hex($rsa->sign('zzz')); No errors / warnings / anything. Well, except for the output hex encoded output. It's not an issue in master either: <?php
require __DIR__ . '/vendor/autoload.php';
use phpseclib\Crypt\RSA;
extract(RSA::createKey(512));
echo bin2hex($publickey->sign('z', RSA::PADDING_PKCS1)); So if you're getting errors you're gonna have to give me some sample code. (I'm using |
Hello! |
Python test (it works fine): import rsa pk = """-----BEGIN RSA PRIVATE KEY----- pkl = rsa.PrivateKey.load_pkcs1(keyfile=pk, format='PEM') |
Here's the asn1parse results of that key:
So the key has the fields defined - it just has them defined as 0. phpseclib supported the keys just fine if those fields weren't present at all but since they are... that's what's causing the problems. There are two approaches to this: That makes it so keys of this particular format are basically loaded as public keys. So if you do The other approach: This approach changes the conditions under which CRT-style exponentiation is done. With this approach |
The second one! It works! Man, i have no words to thank you! |
It's possible to simple extends Crypt_RSA by this:
And then, simply use new Crypt_RSA_ZC() instead new Crypt_RSA() |
You could do that for now. I'm gonna be merging the second branch into master as time permits but will hold off on doing a release for the time being. |
Hello!
I have 512 bit private key only with modulus and privateExponent filled.
All other fields (publicExponent, prime1, prime2, exponent1, exponent2, coef) are zero.
I can use this key in Java or Python (RSA lib) to signing something without any problem, but phpseclib fall into errors like "division by zero" etc - because it's tried to use zero components.
But by RFC on RSA - zero components is normal behavior.
The text was updated successfully, but these errors were encountered: