openssl_private_decrypt不返回任何PHP

openssl_error_string()給出：

error:0407106B:rsa routines:RSA_padding_check_PKCS1_type_2:block type is not 02 
error:04065072:rsa routines:RSA_EAY_PRIVATE_DECRYPT:padding check failed

我生成一對我的服務器上使用OpenSSL公鑰和私鑰：

$config = array(
     "private_key_bits" => 2048, 
     "private_key_type" => OPENSSL_KEYTYPE_RSA, 
    ); 

    $res = openssl_pkey_new($config);

我將Base64編碼模數和指數發送到我的Android客戶端。我的Android客戶端根據收到的模數和指數重建公鑰。我的Android客戶端使用這個密鑰對消息進行加密。最後，我的Android客戶端向服務器發回加密的消息，期望服務器能夠解密它。

我有一個簡單的PHP腳本我的服務器上，從我的Android客戶端測試加密消息的解密：

$sms_message = $argv[1]; 
$sender_no = $argv[2]; 

echo "Message received was: '$sms_message' \n"; 
echo "sender's no was: $sender_no \n"; 

$parts = array(); 
$parts = explode(" ", $sms_message); 
if (count($parts)==2) { 
    echo "code: $parts[0] \n"; 
    if (strcmp($parts[0], "smscode")==0) { 
     echo "measurement: $parts[1] \n"; 
     // retrieve the private key 
     $keyArr = array(); 
     $keyArr = getKeys(); 
     // 
     if ($keyArr) { 
      $privateKey = $keyArr["private"]; 
      echo "$privateKey \n"; 
      // use the private key to decrypt the message 
      echo openssl_private_decrypt(base64_decode($parts[1]), $decrypted, $privateKey); // this is supposed to return either TRUE or FALSE right? 

      echo $decrypted; 

      $decryptedMessages = "decrypted.txt"; 

      if (!$fh = fopen($decryptedMessages, 'a')) { 
       echo "cannot open file $decryptedMessages"; 
       exit; 
      } 

      // Write $somecontent to our opened file. 
      if (fwrite($fh, $decrypted) === FALSE) { 
           echo "Cannot write to file ($decryptedMessages)"; 
              exit; 
      }     
      //        
      fclose($fh); 
     } 
    } else { 
     echo "what received is not a measurement - $parts[1] \n"; 
    } 
} else { 
    echo "sms message malformed"; 
}

我跑了以下內容：

php SmsReceiver.php 'smscode adDmHJDFmI8bC9KRcA7nPbTc2NU0sY7iM5jDHt3qJVq/AAyl9thUB3zVH5/9Jr+pTM4V+dift6UD8uB3nEU53thrY7nx55PsackCYzmBoKYTE4tazsyF7tRfAIawxvmR4lcSfKL2+A0N9ZetISoqqZAHI141n47Wtd52n0pE9tdLRGzXQlfeDOC3ntnbOKcIIhbyJWekLg+58uCLm2nfWPA4EveAd7t6RQPX4E20wXXQ1RgkVPCQsW+9WDdrbxav6y0VN7uKoBqA4/G8zn3Ol41OPtFFllBgl1BGUFWK3xcxxxZqodTCc3pTdAIHgJ4td+pktUjfbAwITt/RMC+IcA==' +6511111111 
Message received was: 'smscode adDmHJDFmI8bC9KRcA7nPbTc2NU0sY7iM5jDHt3qJVq/AAyl9thUB3zVH5/9Jr+pTM4V+dift6UD8uB3nEU53thrY7nx55PsackCYzmBoKYTE4tazsyF7tRfAIawxvmR4lcSfKL2+A0N9ZetISoqqZAHI141n47Wtd52n0pE9tdLRGzXQlfeDOC3ntnbOKcIIhbyJWekLg+58uCLm2nfWPA4EveAd7t6RQPX4E20wXXQ1RgkVPCQsW+9WDdrbxav6y0VN7uKoBqA4/G8zn3Ol41OPtFFllBgl1BGUFWK3xcxxxZqodTCc3pTdAIHgJ4td+pktUjfbAwITt/RMC+IcA==' 
sender's no was: +6511111111 
code: smscode 
measurement: adDmHJDFmI8bC9KRcA7nPbTc2NU0sY7iM5jDHt3qJVq/AAyl9thUB3zVH5/9Jr+pTM4V+dift6UD8uB3nEU53thrY7nx55PsackCYzmBoKYTE4tazsyF7tRfAIawxvmR4lcSfKL2+A0N9ZetISoqqZAHI141n47Wtd52n0pE9tdLRGzXQlfeDOC3ntnbOKcIIhbyJWekLg+58uCLm2nfWPA4EveAd7t6RQPX4E20wXXQ1RgkVPCQsW+9WDdrbxav6y0VN7uKoBqA4/G8zn3Ol41OPtFFllBgl1BGUFWK3xcxxxZqodTCc3pTdAIHgJ4td+pktUjfbAwITt/RMC+IcA== 
private key found 
public key found 
-----BEGIN PRIVATE KEY----- 
MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQC7dArHUiEXpEwi 
... 
F/EaVVWEZLevTJEdMpkfvQVr/08AlSLR3Nm33CrvQ1SfFygK0F6G6o1pQtnHlCKh 
DK8/dT2CgsFuDbiAs4MRqQA36g== 
-----END PRIVATE KEY-----

正如你所看到的， openssl_private_decrypt()不返回任何內容，爲什麼？
即使我的加密/解密過程出了什麼問題，至少給我一個false我期望。

Based64編碼的公鑰模量：

u3QKx1IhF6RMIvncMADBhGqhdlSWnuuUz0dXr9NUzXJtgfPgvX/07w1IKTls6uj48eZ4J3s5me4xUzoRwIsxjk6Ondke2vGVJgzBZh3KQSml0dQoK/0a3Bc/bHwue3jroCCAaC/4lF6GQS5gB1gDQntkKBM+RaHaEqGldKHmF1T8Sg1zSLAU9IGBc+xDSCqgo2RepntB0npctBGmAYF8gdzN1PnAwgVfOLU/xi08ssQL1ppkrMncgPegaOOkyUZm4BXSyEY9ikYynLfoiQqEAFb9mU40yNM7LQusgqF0YhUgUIg+4fuQNscZJCJ6pS9UTQ64MHWCqrpXCeRAZ4rWeQ==

Based64編碼的公鑰指數：

AQAB

私鑰：

的Android logcat的：

I/SmsReceiver(15814): message received is keyx u3QKx1IhF6RMIvncMADBhGqhdlSWnuuUz0dXr9NUzXJtgfPgvX/07w1IKTls6uj48eZ4J3s5me4xUzoRwIsxjk6Ondke2vGVJgzBZh3KQSml0dQoK/0a3Bc/bHwue3jroCCAaC/4lF6GQS5gB1gDQntkKBM+RaHaEqGldKHmF1T8Sg1zSLAU9IGBc+xDSCqgo2RepntB0npctBGmAYF8gdzN1PnAwgVfOLU/xi08ssQL1ppkrMncgPegaOOkyUZm4BXSyEY9ikYynLfoiQqEAFb9mU40yNM7LQusgqF0YhUgUIg+4fuQNscZJCJ6pS9UTQ64MHWCqrpXCeRAZ4rWeQ== AQAB 
I/SmsReceiver(15814): message received is a key exchange message 
I/SmsReceiver(15814): the recipient's public key modulus is 23663785522794809498963221782819553495813344590754203802091214078741934630870755737273483338578650343553350487999568641527155675069988138202941338180146715141856273325699348180697949807604837968252319802254132361756796150729526732643616381939360742823851037800072915016799286519177887771453765989612342846498554824903381084855033387403868553674907286294016751397407403976788809972626838594376008433688839811350345997686592001128890405964489889151586297624459113817319199310865303723716614014342885058854916172119790960266134365108047747227357851477353947042531226823494283658181608350838513970607286067323054395676281 and exponent is 65537 
I/SmsReceiver(15814): successfully remembered the contact +6500000000 and its public key module u3QKx1IhF6RMIvncMADBhGqhdlSWnuuUz0dXr9NUzXJtgfPgvX/07w1IKTls6uj48eZ4J3s5me4xUzoRwIsxjk6Ondke2vGVJgzBZh3KQSml0dQoK/0a3Bc/bHwue3jroCCAaC/4lF6GQS5gB1gDQntkKBM+RaHaEqGldKHmF1T8Sg1zSLAU9IGBc+xDSCqgo2RepntB0npctBGmAYF8gdzN1PnAwgVfOLU/xi08ssQL1ppkrMncgPegaOOkyUZm4BXSyEY9ikYynLfoiQqEAFb9mU40yNM7LQusgqF0YhUgUIg+4fuQNscZJCJ6pS9UTQ64MHWCqrpXCeRAZ4rWeQ== and exponent AQAB

來源

2013-10-01 ericn

除非使用S/MIME，否則OpenSSL非對稱密碼術不適用於加密大文件。實際上，這是我試過的：

解碼base64編碼的'measurement：'字段。解碼後的消息長度爲256字節。
試圖解密此256個字節，你粘貼使用下面的OpenSSL命令私鑰：

openssl rsautl -decrypt -in x.in -out plaintext -inkey private.key

但是，我得到了一個錯誤，而不是：

RSA operation error

139982152128160:error:0407106B:rsa routines:RSA_padding_check_PKCS1_type_2:block type is not 02:rsa_pk1.c:190:

139982152128160:error:04065072:rsa routines:RSA_EAY_PRIVATE_DECRYPT:padding check failed:rsa_eay.c:616:

事實上，我嘗試過使用PHP本身。但是，我沒有使用的echo，而是使用openssl_error_string，它給了我確切的上述錯誤。

此外，我還無法使用公鑰加密256字節的數據。我從openssl得到錯誤，指示139870762710688:error:0406D06E:rsa routines:RSA_padding_add_PKCS1_type_2:data too large for key size:rsa_pk1.c:151:。

所有這些似乎表明OpenSSL的非對稱加密不是用於加密大數據（在這種情況下，256字節足夠大）。我不確定Android客戶端如何能夠加密它。它也使用OpenSSL嗎？

但是，有關於如何處理這個問題的相關帖子。看一看：

來源

2013-10-01 17:57:19 Karthik

RSA的限制是，你不能比加密密鑰長度較長的數據。如果您需要使用RSA加密大量數據，則應使用AES（或其他對稱密碼）對實際數據進行加密，然後使用RSA加密AES密鑰。 – shanet

openssl_private_decrypt不返回任何PHP

回答

相關問題