RSA Crypto to Open SSL via PHP

I need my app to interface with a PHP based web service so am trying to use the new public/private key encryption to secure the data.

Has anyone had any luck encrypting content with the new RSA Crypto functions and then decrypting it using Open SSL via PHP?

I have a Public and Private key that I have generated via the command line which I can use to encrypt and decrypt using PHP, however when I try to use these keys in Xojo I get the following error:

Exception Message: BER decode error
Exception Error Number: 1

I then tried generating the Public and Private keys using Xojo and converted them into PEM format using the example in the following thread:

When I try to use the Xojo generated public key in Open SSL via PHP I get the follow error:

openssl_public_encrypt(): key parameter is not a valid public key

The private key doesn’t throw an error but does not actually decrypt data that decrypts fine using Xojo.

So I am stuck! I can’t seem to generate a set of keys that I can use in both Xojo and Open SSL via PHP.

Any ideas appreciated!

Isn’t data sent via SSL already encrypted?

Well yes, SSL is encrypted, but the traffic between my app and the web service may not be over HTTPS. Also I want to prevent anyone sniffing the data coming in and out of the App so I want it encrypted.

The new RSA Public/Private key encryption functions allow you to basically use the same encryption methods used in HTTPS in your own apps. Open SSL is a library that can interface with PHP and allow you to do this. So I want to encrypt using the web service’s RSA public key in my Xojo app and be able to decrypt using the private key within my PHP based web service.

So what I’m trying to do is this process:

  1. My Xojo app generates a new Public and Private key pair that will be used for the duration of the communication.
  2. It encrypts the new Public key with the web service’s Public key and sends it to the web service.
  3. The web service uses PHP and OpenSSL to decrypt the new Xojo Public key using its own Private key.
  4. Now both the Xojo app and the PHP web service know each others’ Public keys all communication can be encrypted.

I can do this fine if both ends of the conversation are PHP or if both ends are Xojo. I’m just having difficulties creating and sharing keys that both can use.

It appears the PHP functions expect X.509 Keys in PEM Format. So either adopt the Xojo-Function I mentioned in to export Private Keys to PEM as well (should be straight forward), or convert the DER you get by the Crypto.DEREncodePrivateKey using openssl from the command line to PEM (from my head: openssl rsa -in my_priv_key_file -inform DER -outform PEM -out my_priv_key_in_pem )
PHP seems to be unable to read a RSA Public Key (PKCS#1 encoding) even if in a PEM format. So either convert that to a X.509 openssl rsa -in my_pub_key_file -inform DER -RSAPublicKey_in -outform PEM -pubout -out my_pub_key_in_pem , or export this from private key you got before: openssl rsa -in my_priv_key_file -inform DER -outform PEM -pubout -out my_pub_key_in_pem

Further readings: