I am working with an API that returns sensitive data. This data will need to be decrypted on the client side with the key pair that has been generated by the client.
Below is the JSON
Payload that will be sent to the server. This payload is used to encrypt the Sensitive Data. Note: I do not control the of API server.
{
"exponent": "010001"
"keyId": 0,
"identifier": "RSA Key Identifier",
"appName": "App name",
"modulus": "30820122300d06092a864886f70d01010105000382010f003082010a0282010100b88c1fe0246b1b34e76184e12a35fc68c45821c399482ed4ebf1c5f6ac79f8c10f331d65b000bc2b41b7e51303d4a2d5a685faf1e6069c30a3ddd25febdc02fa9758f7cbe31a6f464293754c441ec8a054543f15ec5af94a64da545056825963de18efa204889834bdaaeab65ec8497ee2f34c25c79b93272baee0a0f8ad4e0137959b01875f01d71c639e16ce1b894471e182f3322a500299b5366d798333eab5ee23e4662c4fd80a82d83ebc974c5196902c339003c43ca16bcbf9cfdf8ca2d507e94eac0909bef34c1277233337226b5e4ab797ea31ed89628353d3623ec34afaf8a267cf86bacc6dda059ded35d764ce6b1ebc5f328a9dacf8eeceb59a950203010001",
}
I do not have any prior knowledge of cryptography, but i researched on how to create a RSA key pair with openssl
Below the Config
used to create the RSA
key pair
$config = array(
"digest_alg" => "sha512",
"private_key_bits" => 2048,
"private_key_type" => OPENSSL_KEYTYPE_RSA,
);
//Continue to create the key PAIR//
$resource = openssl_pkey_new($config);
openssl_pkey_export($resource, $privateKey);
$pubKeyArr = openssl_pkey_get_details($resource);
$publicKey = $pubKeyArr["key"];
file_put_contents('publicKey',$publicKey);
file_put_contents('privateKey', $privateKey);
Below is a copy of my generated public & private keys respectively.
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuIwf4CRrGzTnYYThKjX8
aMRYIcOZSC7U6/HF9qx5+MEPMx1lsAC8K0G35RMD1KLVpoX68eYGnDCj3dJf69wC
+pdY98vjGm9GQpN1TEQeyKBUVD8V7Fr5SmTaVFBWgllj3hjvogSImDS9quq2XshJ
fuLzTCXHm5MnK67goPitTgE3lZsBh18B1xxjnhbOG4lEceGC8zIqUAKZtTZteYMz
6rXuI+RmLE/YCoLYPryXTFGWkCwzkAPEPKFry/nP34yi1QfpTqwJCb7zTBJ3IzM3
ImteSreX6jHtiWKDU9NiPsNK+viiZ8+Gusxt2gWd7TXXZM5rHrxfMoqdrPjuzrWa
lQIDAQAB
-----END PUBLIC KEY-----
-----BEGIN PRIVATE KEY-----
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC4jB/gJGsbNOdh
hOEqNfxoxFghw5lILtTr8cX2rHn4wQ8zHWWwALwrQbflEwPUotWmhfrx5gacMKPd
0l/r3AL6l1j3y+Mab0ZCk3VMRB7IoFRUPxXsWvlKZNpUUFaCWWPeGO+iBIiYNL2q
6rZeyEl+4vNMJcebkycrruCg+K1OATeVmwGHXwHXHGOeFs4biURx4YLzMipQApm1
Nm15gzPqte4j5GYsT9gKgtg+vJdMUZaQLDOQA8Q8oWvL+c/fjKLVB+lOrAkJvvNM
EncjMzcia15Kt5fqMe2JYoNT02I+w0r6+KJnz4a6zG3aBZ3tNddkzmsevF8yip2s
+O7OtZqVAgMBAAECggEAHDdee0qOLsF6vCQROj85WbplgDoUEl+Isg+MFVBfMMux
236b6Npf6tw4NfffjtAbywNysDAbpB9iupx7Coif0vk3guGjVkwbqbu6hD/pFgM/
iYcAvtvVAE0lvZzv8SuiM5fL8dFwIhd0RXDwE9NbO2GPUf33xD9uToVFNo93DfUq
qQ40KIMg9Y/DrpMFMOj/XDpRYRgVS76a+yAu9nZWO2Sz/ophR77zBIlSSNodphm7
JzhtqLFsvvWGld22kL657FpAXxLibgWKTthhOcO9EsPj6eWS8Q2cOCa29puMcIXb
j7PRWUOva4QV3i9teCs1o3crmDHGsqqig0+nMVyh6QKBgQDQoi48j2LNMtMJJLGE
t0w/IpAJSi4hSeYBrLGfG0WK8e9j3Wz7PsZ16eOasIZNKvAkSiAesWaZNFQ1+jLX
jAfRo1qJw+CCqBni4hB/9attL+UvhX93goUO+t99+qQdqnzSbGGl4L7Xa9mbrVsz
2qQ15A7lBKMcX5MwSW5W2gB6nQKBgQDicg1L5XY0qZUDx8De1N6UwE6rJ+VSmdPx
DoMUUMg0DPd7D7nkeHSzntC+qmaWqt8oEeauk97PPZATRknx6IcrcPf2SAmJb9TK
6bf52A2gqUjbHJT0NanIqVoYlZl/EfPOr18NuC/ul7qfyVBO3HWfQ1J9GySgWfLb
IFukZCDCWQKBgBHfMrLBXadSST2pRQOnaAKohUombpkvaWKPVo/YmDZ0zxrw5tsG
351OMc8YfAi0OuoA54t5it5o2yXcjupj9m+A3MqcWukWWVFUKDGt68doqOtPNkIY
jilgWDDEfbaE2jh0TFEXVYHCnVt2mC9y9UoghR4dLZPKpCMoxyjtd8kJAoGAc0in
Vk1i6ZqwX7VRjuCG1Oo24tIz4OKp0R6XQz+BPWaglAlElXlxyISBN6CfC/PAGrFK
ZPSpSY7JC9cMDFlaf5ZK1xqDqHHDvu5QGKWTAolMqyiY+N9dKeh2EvAOrm+gVUhZ
Ny3fUTPz8idWeF+qjkOC+mhYND628jI+FapYNzkCgYEAw8UpkbgdYGZTmbl1hsDT
g0jDyYFTiDOArqd/WQGBg6vO882/CZmdnn6ffUYEadWc74yfLqDtcQxsUevLoGnu
VbgT8n45PQ4tci3Da/LgzhpYryxpVGCQKhl5t8s6W3CWhf+DpT7eVzsMHE4seJso
CiGA3Ugc3EJQnhafcgF9yRA=
-----END PRIVATE KEY-----
Here are the challenges I faced.
Modulus
Exponent
for my keysidentifier
for the RSA keys i generated earlier.Here is what i tried so far.
Response from the API server (Base64 Encoded)
$extendedDetails = '{"ExtendedDetails": {
"CardNumber": "{base64encryptedString}",
"ExpiryDate": "{base64encryptedString}",
"CVV2": "{base64encryptedString}",
"CardLimits": []
}}';
$cDetails = json_decode($extendedDetails, true);
$pan = base64_decode($cDetails['ExtendedDetails']['CardNumber']);
$exp = base64_decode($cDetails['ExtendedDetails']['ExpiryDate']);
$cv2 = base64_decode($cDetails['ExtendedDetails']['CVV2']);
$decryption_result = openssl_private_decrypt($pan, $decryptedPan, file_get_contents('privateKey'));
var_dump($decryption_result); // Returns bool(false)//
var_dump($decryptedPan); // Empty String//
openssl_private_decrypt
returns false, my data is not decrypted.
As pointed out by Topaco, your modulus
field does not contain just the modulus, it contains the entire public key including the exponent, in SubjectPublicKeyInfo (or SPKI) format. To get just the modulus, you need to do something like:
$pem_pub = "-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuIwf4CRrGzTnYYThKjX8
aMRYIcOZSC7U6/HF9qx5+MEPMx1lsAC8K0G35RMD1KLVpoX68eYGnDCj3dJf69wC
+pdY98vjGm9GQpN1TEQeyKBUVD8V7Fr5SmTaVFBWgllj3hjvogSImDS9quq2XshJ
fuLzTCXHm5MnK67goPitTgE3lZsBh18B1xxjnhbOG4lEceGC8zIqUAKZtTZteYMz
6rXuI+RmLE/YCoLYPryXTFGWkCwzkAPEPKFry/nP34yi1QfpTqwJCb7zTBJ3IzM3
ImteSreX6jHtiWKDU9NiPsNK+viiZ8+Gusxt2gWd7TXXZM5rHrxfMoqdrPjuzrWa
lQIDAQAB
-----END PUBLIC KEY-----";
$rsa_pub = openssl_pkey_get_public($pem_pub);
$pub_key_details = openssl_pkey_get_details($rsa_pub);
$modulus = $pub_key_details["rsa"]["n"];
$modulus_hex = bin2hex($modulus);