Open DUQIA opened 3 weeks ago
PHP 8.1.29
Note that for PHP 8.1 there is only security support, so it's unlikely that the bug (if there is any) would be fixed.
I suggest you try a newer version, and also to provide a SSCCE.
PHP 8.1.29
Note that for PHP 8.1 there is only security support, so it's unlikely that the bug (if there is any) would be fixed.-----------Deepl翻译-----------请注意,PHP 8.1 只提供安全支持,因此不太可能修复漏洞(如果有的话)。
I suggest you try a newer version, 和 also to provide a SSCCE。-----------Deepl翻译-----------我建议您尝试更新的版本,并提供 SSCCE。
It's the same code.
Fatal error: Uncaught Exception: 解密失败: error:02000079:rsa routines::oaep decoding error in /usr/home/06xinika/domains/vtrab.us.kg/public_html/login.php:44 Stack trace: #0 /usr/home/06xinika/domains/vtrab.us.kg/public_html/login.php(57): decryptWithPrivateKey('lTqECMoIl4OAzaY...', '-----BEGIN PRIV...') #1 {main} thrown in /usr/home/06xinika/domains/vtrab.us.kg/public_html/login.php on line 44
If you want someone to have a look at this issue, I suggest you provide a simple reproduce case, i.e. without the JavaScript code, but only a simple PHP script, and all the required data (e.g. the keys).
If you want someone to have a look at this issue, I suggest you provide a simple reproduce case, i.e. without the JavaScript code, but only a simple PHP script, and all the required data (e.g. the keys).
It can be used normally in PHP
<?php
session_start();
if (!isset($_SESSION['private_key']) || !isset($_SESSION['public_key'])) {
$config = array(
'digest_alg' => 'sha256',
'private_key_bits' => 2048,
'private_key_type' => OPENSSL_KEYTYPE_RSA,
);
$res = openssl_pkey_new($config);
openssl_pkey_export($res, $privateKey);
$publicKey = openssl_pkey_get_details($res)['key'];
$_SESSION['private_key'] = $privateKey;
$_SESSION['public_key'] = $publicKey;
}
$privateKey = $_SESSION['private_key'];
$publicKey = $_SESSION['public_key'];
$key = openssl_random_pseudo_bytes(32);
echo 'key:' . bin2hex($key) . PHP_EOL;
openssl_public_encrypt($key, $encryptedData, $publicKey, OPENSSL_PKCS1_OAEP_PADDING);
$privateKeyPem = openssl_pkey_get_private($privateKey);
openssl_private_decrypt($encryptedData, $decryptedKey, $privateKeyPem, OPENSSL_PKCS1_OAEP_PADDING);
echo "decryption AES-GCM: " . bin2hex($decryptedKey) . PHP_EOL;
?>
key:
533a64cbcfb7be6dde676a748c2ce38b228c8954c5ecead8ac2f7a16b5f9b933
decryption AES-GCM:
533a64cbcfb7be6dde676a748c2ce38b228c8954c5ecead8ac2f7a16b5f9b933
Description
It has been confirmed that:
js:
PHP:
error: