Comments (13)
The MDC packet contains only a sha1 hash in its body. So the whole packet is always "\xD3\x14" . $sha1_in_binary
In our code I use
$prefix = Random::string($key_block_bytes);
$prefix .= substr($prefix, -2);
$to_encrypt = $prefix . $message->to_bytes();
hash('sha1', $to_encrypt . "\xD3\x14", true) // to produce the sha1
For full implementation, see https://github.com/singpolyma/openpgp-php/blob/master/lib/openpgp_crypt_symmetric.php
from openpgp-php.
But what to do then? I already saw this code and se it in a current test. Append it to the plaintext and encrypt the whole or encrypt plaintext as always and then append the MDC packet?
from openpgp-php.
encrypt $to_encrypt . $mdc_packet->to_bytes()
from openpgp-php.
It is a bit more complicated. I think I have to rewrite many parts and do it in some other way as we use directly the plaintext (not as bytes).
It seems to_bytes
appends some more data depending on the hash algorithm and other parameters so this is not directly portable for us.
And this is where it is a bit unclear to me how the resulting structure and bytes look like.
The body is this (if I am right)?
[\xD3] [\x14] [bytes of the sha1 hash of the plaintext message]
And what does the header look like (what is done in the to_bytes function), or is this not needed?
from openpgp-php.
[\xD3] [\x14] is the header for the MDC packet (you can see that done in the ModificationDetectionCode class body method)
from openpgp-php.
But what is the result of $mdc_packet->to_bytes()
? I am a bit confused now because [\xD3] [\x14] is already the header of the MDC packet. But wich to_bytes implementation is used?
Isn't this unnecessary?
return array('header' => $tag.$size, 'body' => $body);
}
function to_bytes() {
$data = $this->header_and_body();
return $data['header'].$data['body'];
}
It gives just the header and body but the value of $mdc_packet is already header + body?
from openpgp-php.
Line 526 in d37e91e
so to_bytes is just $header . $body
for mdc those are: array('header' => "\xD3\x14", 'body' => $body);
where $body
is the binary sha1 result
from openpgp-php.
Right. So the to_bytes function call isn't really necessary here like I mentioned? I see no change before and after calling to_bytes here.
from openpgp-php.
No change where? I don't know how your code works. In my code, to_bytes just returns the full bytes for a packet (header and body both).
from openpgp-php.
So it is just
[ header ] [ body ]
[\xD3] [\x14] [binary sha1 hash(prefix + plaintext message + \xD3 \x14)]
?
I think I understand it now.
But I don't see a viable reason why we have to recalculate the width of the body, which is a SHA-1 hash (always 20 chars / bytes long).
So far I have this:
private function gpg_data($key, $text)
{
$key_block_bytes=4096/8;
$prefix = GPG_Utility::s_random($key_block_bytes,0);
$prefix .= substr($prefix, -2);
$text_bytes = $text; // what to do here?
$mdc="\xD3\x14".sha1($prefix.$text_bytes." \xD3 \x14", true);
$enc = $this->gpg_encrypt($key, $this->gpg_literal($text).$mdc);
return $this->gpg_header(0xa4, strlen($enc)) . $enc;
}
The result of --list-packets
is
:encrypted data packet:
length: 67
:literal data packet:
mode t (74), created 0, name="file",
raw data: 15 bytes
:mdc packet: length=20
gpg: WARNUNG: Botschaft wurde nicht integritätsgeschützt (integrity protected)
Compared to a message generated with GPA:
:encrypted data packet:
length: 74
mdc_method: 2
:compressed packet: algo=2
:literal data packet:
mode b (62), created 1449226013, name="",
raw data: 15 bytes
from openpgp-php.
$mdc="\xD3\x14".sha1($prefix.$text_bytes." \xD3 \x14", true);
this line has an extra space in the trailer literal. Also make sure you are using an integrityprotectedatapacket to wrap the encrypted result and not the normal encrypteddatapacket.
from openpgp-php.
Still unsure what we have to do in our php-gpg library to get this working. I'm confused and do not see the revelant parts where I have to change something and the RFC gives me not any helpful details.
private function gpg_data($key, $text)
{
$key_block_bytes=4096/8;
$prefix = GPG_Utility::s_random($key_block_bytes,0);
$prefix .= substr($prefix, -2);
$text_bytes = $text; // what to do here?
$mdc="\xD3\x14".sha1($prefix.$text_bytes."\xD3\x14", true);
var_dump($mdc);
$enc = $this->gpg_encrypt($key, $this->gpg_literal($text).$mdc);
return $this->gpg_header(0xa4, strlen($enc)) . $enc;
}
private function gpg_literal($text)
{
if (strpos($text, "\r\n") === false)
$text = str_replace("\n", "\r\n", $text);
return
$this->gpg_header(0xac, strlen($text) + 10) . "t" .
chr(4) . "file\0\0\0\0" . $text;
}
private function gpg_encrypt($key, $text) {
$i = 0;
$len = strlen($text);
$iblock = array_fill(0, $this->width, 0);
$rblock = array_fill(0, $this->width, 0);
$ct = array_fill(0, $this->width + 2, 0);
$cipher = "";
if($len % $this->width) {
for($i = ($len % $this->width); $i < $this->width; $i++) $text .= "\0";
}
$ekey = new Expanded_Key($key);
for($i = 0; $i < $this->width; $i++) {
$iblock[$i] = 0;
$rblock[$i] = GPG_Utility::c_random();
}
$iblock = GPG_AES::encrypt($iblock, $ekey);
for($i = 0; $i < $this->width; $i++) {
$ct[$i] = ($iblock[$i] ^= $rblock[$i]);
}
$iblock = GPG_AES::encrypt($iblock, $ekey);
$ct[$this->width] = ($iblock[0] ^ $rblock[$this->width - 2]);
$ct[$this->width + 1] = ($iblock[1] ^ $rblock[$this->width - 1]);
for($i = 0; $i < $this->width + 2; $i++) $cipher .= chr($ct[$i]);
$iblock = array_slice($ct, 2, $this->width + 2);
for($n = 0; $n < strlen($text); $n += $this->width) {
$iblock = GPG_AES::encrypt($iblock, $ekey);
for($i = 0; $i < $this->width; $i++) {
$iblock[$i] ^= ord($text[$n + $i]);
$cipher .= chr($iblock[$i]);
}
}
return substr($cipher, 0, $len + $this->width + 2);
}
private function gpg_header($tag, $len)
{
$h = "";
if ($len < 0x100) {
$h .= chr($tag);
$h .= chr($len);
} else if ($len < 0x10000) {
$tag+=1;
$h .= chr($tag);
$h .= $this->writeNumber($len, 2);
} else {
$tag+=2;
$h .= chr($tag);
$h .= $this->writeNumber($len, 4);
}
return $h;
}
from openpgp-php.
from openpgp-php.
Related Issues (20)
- Can't decrypt pgp ciphers from other clients HOT 1
- Encryption HOT 1
- PHP8 and thoughts on minimum PHP version HOT 2
- New tagged release version HOT 3
- Cant decrypt on CLI HOT 1
- Encrypt stream or chunks
- Not an asymmetrically encrypted message when trying to decrypt
- Support for phpseclib3 HOT 4
- Bump version to php 7.3? HOT 1
- Generated public keys cannot be imported into Thunderbird OpenPGP Key Manager HOT 6
- Need help with decrypting a file HOT 1
- getCipher algo number 1 HOT 1
- Please implement a "sop" (Stateless OpenPGP Command Line) interface HOT 2
- Multiple recipients when should be single HOT 3
- Error: Ciphertext representative out of range HOT 1
- Does this work out-the-box with laravel? HOT 9
- OpenPGP_PublicSubkeyPacket in SubKey exemple? HOT 1
- Documentation? HOT 1
- Cannot decrypt messages encoded with GPG
- encrypt and sign HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from openpgp-php.