Home > Archive > PERL Modules > April 2007 > Crypt::RSA
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
|
|
| rjvennes@hotmail.com 2007-03-10, 6:59 pm |
| I'm creating a CGI application where customers enter information in a
secure form... the server takes the data and encrypts it using a
public key, then saves it to MySQL.
All works fine, when testing, I can then get the encrypted chunk out
of MySQL, apply the private key and see the data just fine.
Here's the problem. I don't want the private key to live anywhere on
the server, but only on local machines. The idea is to have the
private key uploaded into memory and used to decrypt the data so it
can be viewed over a secure web page.
Here's the snippet that loads the key into memory using CGI upload.
This seems to work fine... Printing the value of PrivateKey looks
like the key supposed to...
my $SUP_PrivateKey = $cgi->param( 'SUP_PrivateKey' );
my $PrivateKey = '';
my $size = 0;
my $bytes_read = 0;
my $buffer = '';
while ($bytes_read=read($SUP_PrivateKey,$buffe
r,4096))
{
$size += $bytes_read;
$PrivateKey .= $buffer;
}
Here's where the problem is... Crypt::RSA::Key::Private, wants a
local file name... won't take the CGI upload name and I don't want to
store the private key on disk, not even for a nanosecond.
my $key = new Crypt::RSA::Key::Private (
# Filename => $SUP_PrivateKey, # this doesn't work
Password => $SUP_PassCode,
);
So I tried to take the PrivateKey string and deserialize it... Cuz
it's the only function that I could find that would take the key as a
string... but obviously there is something wrong with it's format.
$key->deserialize(String => $PrivateKey);
But I get this error: "Can't use string (" bless( {
Vers") as an ARRAY ref while 'strict refs' in use at /usr/lib/perl5/
site_perl/5.8.5/Crypt/RSA/Key/Private.pm line 211."
I created a local decrypt PERL script and then debugged it... when
Crypt::RSA::Key::Private->read loads the data from the local file,
from inside the read function, it seems to look exactly like the value
that I have in $PrivateKey.
Can anyone help the clueless?
Thanks ahead of time...
| |
| rjvennes@hotmail.com 2007-03-10, 6:59 pm |
| Here's what the printed value of my private key looks like after the
while/read..
PrivateKey: $VAR1 = bless( {
'Version' => '1.91',
'Checked' => 0,
'private_encrypted' => bless( {
'_phi' => 'Blowfish
qBCdVmWWOfeDYmFme7m4xA
53616c7465645f5fe66d3595ca170e2353c17ff2
91b3891678ab4020cfe1cac8e79a31b48faab1a2
e739127455b1d5b20b9a569c6b58adb5dd99b335
653e81a9fa74a0b8922324cc0c0fe0b92454353a
054761922e2c114c3c596d1c53ff96155e2eab30
46e3fd231d104da2e39532cf9e647ac4c07b87b5
695dea36ad24263
9d797f344c2be2e62cd776f8bf7f8a1b658909a2
bc4fd5f9d68299e935279d1ce02907bc80c388a9
a235e6f80a89ab62450dd98c92c814790f123d87
56570bf9bb7d370407a0e5e3fbcc1fb1717053ba
14659e4b4b9ce29531a1b3dc92d2e0660112d41f
c5948a0cf8288ce6f7cf34ca8ce059448a2807ad
1e40df6a2f977b5
fa135c7c5656919949ce33cfd10ce4ebb70ee49b
8621ba17dcb53bff5066eeb6e58cbefaa20fc74b
f8de42b81aeb42e370b06acab63eb1cd3e3aa049
02f32630e45a8094aa3cc90a0e41c298d555b1a3
15a8776bef5c5b780e1d3b05e4a3a71bcad5467d
5160b071cb30792395f9dac866cc220d40650c1e
c6e4ac1ba09fb54
1b2e7d61fa228eeae22a0fbdbfaeec854c95a77c
7c6e7890b356923fd7d7337ff2ca17c24c1e177c
dae2da5dd12d1fdc3d82ed264f7de6744897aee9
0296ed6580c5604582fa3f476db5f40fb16fa02a
1973f1b46e2620394983dc28c5431f0b686a2ff6
eed71ea41f0628682d37077e4f2c2d31b751497d
2101c6b8935db79
51fd452fabe40fe3520bba104279835cfbf18bc0
6d5e2619a598d3ff8ddc05cad50f31ae3fa4312f
00f196aa91c79c1adcdfba85474b16ebcf5ce64e
f0c150a13adb5f1fe790664b0782ba7cbd892167
583ff85419425cc587d45180d4e929f4c3fc2b08
8570a1b91fd8f68b8611f5c9108f8c3c090b1407
25a960194196ca1
4c0d0',
'_n' => 'Blowfish
Lheeecnie/AP0xWY5zfVFQ
53616c7465645f5f8097f164a237a6c732eaa0c7
2e05801bd1624d0679acd604d0afef9e27ad01aa
d0ac60042bd5951786e8b221ec64e49dee762dd4
b98dc74cd9ef4b5d6109300ed9f957a1abbb8d80
8a4ebd59f9ea03a6ec3534ea26869406027ec617
b57f311bbe1d87b43f57d5e29e13f9de399dc203
a41ad8116ed8308
ac490487d7acb2411f424f3dd54729ff9a0964ea
8077abc994569ceebe07225c126d82b69ba5b454
bab3a1edfb962eac397ad9287b8fab7d01b52dd6
cbb4c85fbf0627225806dad70f9742fc7a7e693c
ef51d1f07a141e42d0d18a97b6c49f953c8f7783
c569bd293aad127cd0280bbf80a3177dd51305da
4711641a681d0e7
854ff257d512d859bc0aff9e32f561f9ba80d0af
5623f1bc7f97fb3dbb847dbffadd967aa5565a69
c6e41e48b3ed7d2029162ba4b006f1b56862c518
9f3728a5efb357aad24af9080d4b134b3c7197a3
6fe632e87c77f0c736e82b901d62e19001419c63
e1b2e8016e34a50fe6547d658f6ea46e5991e790
47858e02abd7ce2
d86fc6f26092a79ab755e2508d2c763d96ce539e
0076fa3c01bcb6f7eae6423e84e7aacde9785d67
931079d006cf272997a00d074288946c6bd11262
e109501b2690ca603351a5e2068e65ba1bc4d867
a5e32d20c5f209cb9c9f1b1247c4466a2a86a043
f3a2b7c624b1c923d58fc4eea79214106c2b0bc0
74792e167e7cda7
ff0ce3ac9e4da7573e893926312c889e84a1b5df
a56cdde86041516ea0012232f2d78e7c44d1dd11
975e4605bb3d39b68ba881449a32cef2e86447d2
59722abde5cfe55112a896be28a2ab6358179689
08a20a90b5a2fb43bca20ba5d8265214b5e64730
15842d0fb2b37038cad45e24866261de93e90c90
c970e67e30f36d7
94b08',
'_q' => 'Blowfish
rDzYg7pd6ch+vaZyAzeqJQ
53616c7465645f5f61685a02c1a25dfc4f201a7b
31de85b8d62651d5bcdedc27448c02f58d214b8a
eb1c703ea16e0cd19927f86e051327ea702cf426
4d8d795879dea042dc2bae33402c495217a6a5f5
fe117930feec1576e4ee17899526d5f4e0300c6b
3b81df45f610050fbdb8a747e3b66aa6bdaade3a
c18ff5eac640537
c7887b47f7b8b3cb0742a1d204c337e0cd483d1e
7647d800af7b42e8ed81d5d078dbfc84af9a09f6
ccf4dae622b31968038a66edc5fdf2485c202808
8068e8cc2777736e9b2ed5c97e2a334190cb5563
e8804ad9c4fb822da430dba0b8ed83d6f11f984d
955250164447525f6fa73bf874f7dfd9a9535964
458d29cda9f34c4
7e2b4afa63f2547aefd199cf4670d2adecb63b46
3ca1a9464150f8d2c0756e29277c8848a6469cc5
e3be70d42374da6061949fec2b340ebe65e067e8
be2b8e6dc262ef06f4a5475e0c',
'_p' => 'Blowfish
4woN9Mt7D1cjDMVYnI1fOg
53616c7465645f5f21e23435816db75f5402ae43
d820387568c684548947f45f5b6f4fc9b6de105a
2b091a879e5dd0b69a3714782c56d72044cf306d
f8c3316cc1c90c7e9bdb313639c33d978494c5c4
a9cfd4d9906279e51c9ddad3906b8a3cbf616f6b
7f7d5e7e8b468da54e0a48465290bd5c1cbea861
47c22c6c01ccd2a
62786e91a5c38efa7d1ea7cab4c75e5206fdb9de
afb15f5e228d2aa7bee764db21c56134a9e84f3c
de041fa07bb5264e121dd50042e592291829cda4
0d3a07f19ea39e8d66af336f33abf84988656686
5ea0cf78f1cd5d25011f719c09d7ca1fe175f845
0ec605e078a9b3fb226f785998f34a15eb634ff7
1a66cce95dbc01a
d10e4162e3f6255ddffcaa925fece5ca0c7ad9a4
2f898122c80e3ef5ee76b05903c3e76cdf9bf895
06346d17129d2d59996b2ce0a5b3b2ff218c1233
bed4135bb68e7945aaaaa1050d',
'_dp' => 'Blowfish
zHS4OPgNMN9uXd0jGa8DEg
53616c7465645f5f04bb6f5fcbc99ba4c254847c
3138310772432e4b5753926688d1199529a96241
701ef5670b3fcf158194463aef01c0ab7b3940ef
cef4ee78f4a8fafc65b994783fdbed9d16520391
db9c6f578c913212d5a96c3ccc073aab9619b643
76d025941350f665805e8972bb909ba23b6cdb84
ff4693ea4ef6343
25df7db692eef62cf13da64c41774c3b2dea0fde
1d7db6da7d2ff0e98d520093b2e5585b6deba996
4b3db4f70260ececd9052208e01474f3f75df81c
fda9c7e185a96404cbb707caf923cbaa04ef5ccf
50583958b82bae570917c9801071be845729c01e
891be18b32db120cb024ccdcc6cc1f9f326565ed
3799965047c30df
8c0059055947b033f069fd08e5d5a4b1001d4b91
331e7ade93be511976a95f378bd53ab26c06baad
66f85fa4aa3ec131b54a493a265019b2bc87e5a0
adb27b56f6471c73426baa90d4',
'_u' => 'Blowfish
aAcJZQ6ZIZoDENGBEINZXQ
53616c7465645f5ff2c86e4cf15fda712a164b73
86c85519880c50e99512dbfd123c6d756b75907b
169dce32c2dfb0c85b80fdf47f7db1231de919c7
3872a5919df450a14c9b56dbe114e2b4f9d75eb6
390e01aa0b490ac9631742c585dd32c8d974eb64
519648a40306e229b78dc9b6955a94a12954e23a
3667db4f0ca866e
c01f59d58568638be756a4909a0b9acdf9085bd9
ab871f69cee60dcf597d1c6cbeefe2acd9e660c4
ef50e49f037013854701a6707fc8173f5ccfb1ca
74b639bc0b6f05880af25b2871f2d6f86d1cd2ce
3124c8b0fec61a8a3c82d259fb5c6d7a9b9bff46
e73234e752c8cd4001658769cd4c1805ff224688
c1dff9a44018c0e
993bf17ac0a1ea51fae8721d256ef0661a6cddbf
e3c4bc44df97fb559889ea30e32ef22233ca34cc
c2c85c1696edf3d9b6c59a8aa70a282dcc559531
5e659982297111a042fed38905',
'_dq' => 'Blowfish /
jiqdDIqK+zq+7OyZGgEYA
53616c7465645f5f05b7b755f9ab12796e30c700
4d71328377853eec1515dda10c9f428cca3b609a
4d279c631fe5acdfb2dbfbb491544b8be455e9ec
990c194d58994972f537390e6e933b036e50cd7f
775ae2df61a1e18a563b8cb39a93c4a91d37463b
1636c728598ad09f9a1311abd3613b016a8ac61d
146083a0294bb8e
e99dba1ac8cba501998c842c38d349eb7de74a34
380f424a49206374772cc4302f0eb21e2b7a1ab4
dbde7df19e742cdc278ce70a5d49c6da8a3d11ed
8fdeb27244fd280fada266d638544c91655a7ddd
83e335fcc2dfddaf2307e6520268dcd4a2134b61
88f52d6751f0a6614cb8e76515a0173900ab6c89
0491fd3d72dd999
f051c954aabc1746d5ca1ed436f51277c2a3565d
2ae327406f8b23bb1e3bd05ac2f35aa2fe918987
2dc8842fd0d80150de845f7d5c2c9f9e987debee
ffa2056ac89ba66e0f0bcfc5d0',
'_d' => 'Blowfish
e2+Jzgo5n3+ny6oEyXaj9A
53616c7465645f5fc6eacd058e7a124741f436a7
e546b817add112892b2d37c18f0516f0a76efaea
c01f1d59bcf3bc743a352ecd3ed009715d1f6911
05c79814bc736a370e70fdd495bd2e113d94f3a9
ebf2fd377cf3914a75e0541ce6c44bd37a4b3308
f75f10b4535ec78b3857b4931cf29c51d16faf0b
24e1e52539848b5
4aa5915a10172adb18dab000c9ad11bae7f60b8a
e0cb9aea4386cf4a749c42bc6be895f908ebebb3
d31ef4086b8411b5ae3aceb8cd281ddf92fd24ed
9c8b4f182619f8c07a18502a502bb6b609f74542
65e80de8d5323d5f2a99ee3cd04c7d6e815dd72a
73705658ab5601757ee65dbfcf1e33e960c3e705
0c5a9cf542068ff
0f3083e8416d4610e36a992d2d4302358fce839d
b12a28c8b11f33984f44b2caed93e5bce5055145
ba3a01af37ad921d32ef99c736c8dedd981aee66
b4dee24b67bba2a0378305571e99c5dd6249d1a6
011684dbe565a03610aab23063d731a3d36145af
33b9b46b4a4f4d4c45b250bd7cd1f2dda87c0a43
e03f1b4da0af56a
8336374c08c75d1af72d66a6418e463ebfa11ea5
2dc327c2ddfe0fe5e696c871ad19ed177fb1140e
83d4c62cbe0665a7457765a9598ccdd9ba19b694
bf318fcec0d1d6f4d251ddcd2d5db50501f171ac
b6c70b896a845018b1dce48498f9658bb0e688ac
bb34dc1e7e83fde4b47e9a9b703732aaf97db203
577bfdb30519cf8
a0eae890fe159678895990dda00726549911d41a
0cbc02bb9d8f7a4a34e022e383ea847665c7dff9
a0f4f1b082de60240e7879e86283a2f0239b7b31
935993f41c9604c2784fc673cb070106273f6bcc
975cab2f38f8bd274536d327ca710304b2e54455
2f469ea7c67901593ef39570920d2a1815b77a79
5f933a8cb4298ac
60067',
'_e' => 'Blowfish
EzK9HcfPA2zj4wouO9lMww
53616c7465645f5f8530bd4e995bc2354b5ab0e9
0d5eb91b'
},
'Tie::EncryptedHash' ),
'Cipher' => 'Blowfish'
}, 'Crypt::RSA::Key::Private' );
And yes, before moving this project to production, I plan on changing
the keys... ; - )
| |
| Mumia W. 2007-03-11, 6:59 pm |
| On 03/10/2007 05:43 PM, rjvennes@hotmail.com wrote:
> I'm creating a CGI application [...]
>
> Here's where the problem is... Crypt::RSA::Key::Private, wants a
> local file name... won't take the CGI upload name and I don't want to
> store the private key on disk, not even for a nanosecond.
> [...]
>
> $key->deserialize(String => $PrivateKey);
>
> But I get this error: "Can't use string (" bless( {
> Vers") as an ARRAY ref while 'strict refs' in use at /usr/lib/perl5/
> site_perl/5.8.5/Crypt/RSA/Key/Private.pm line 211."
>
> [...]
A quick look at the documentation at
<http://search.cpan.org/~vipul/Crypt.../Key/Private.pm>
suggests this to me:
use Data::Dumper;
$key->deserialize(String => Dumper($PrivateKey));
Another possible, non-Perl option would be to use a ramdisk to store the
private key (momentarily).
| |
| Peter J. Holzer 2007-03-11, 6:59 pm |
| On 2007-03-10 23:43, rjvennes@hotmail.com <rjvennes@hotmail.com> wrote:
> I'm creating a CGI application where customers enter information in a
^^^^^^^^^^^^^^^^^
> Here's the problem. I don't want the private key to live anywhere on
> the server, but only on local machines. The idea is to have the
> private key uploaded into memory and used to decrypt the data so it
> can be viewed over a secure web page.
If you are really writing a CGI application (as opposed to, e.g., a
mod_perl or FastCGI application) that can't work. Every invokation of a
CGI script is a separate process, so you can't keep any information "in
memory" between them, you have to use some kind of storage which is
accessible to multiple processes. You could use shared memory or a RAM
disk, but for a server which typically runs many months between reboots
that's about the same as a hard disk from a security point of view.
hp
--
_ | Peter J. Holzer | Blaming Perl for the inability of programmers
|_|_) | Sy min WSR | to write clearly is like blaming English for
| | | hjp@hjp.at | the circumlocutions of bureaucrats.
__/ | http://www.hjp.at/ | -- Charlton Wilbur in clpm
| |
| rjvennes@hotmail.com 2007-03-12, 6:58 pm |
| The CGI script only need to exist for a single process... nothing
needs to be passed to another process.
Using Mumia suggestion of:
use Data::Dumper;
$key->deserialize(String => Dumper($PrivateKey));
didn't seem to work either. But I included it in the test program
below... Much easier to debug this than a CGI...
#!/usr/bin/perl
use strict;
use warnings;
use Data::Dumper;
use Crypt::RSA;
use Crypt::RSA::Key::Private;
my $passphrase = "my secret passphrase";
my $DIR_PrivateKey = "/develop/Projects/Decrypt/key.private";
# Load the cyphertext
my $infile = $ARGV[0];
if (! -r $infile)
{
die "Can't read input $infile\n";
}
open(INPUT,"<$infile") ||
die "Can't input $infile $!";
my $cypher = join(qq{}, <INPUT> );
close INPUT;
print "The cyphertext is:\n$cypher\n\n";
# Load the private key into memory
my $PrivateKey = '';
open (INPUT, $DIR_PrivateKey) || die "can't open $DIR_PrivateKey:
$!";
while (<INPUT> )
{
chomp;
$PrivateKey .= $_;
}
close(INPUT) || die "can't close $DIR_PrivateKey: $!";
print "Key loaded... Read size " . length($PrivateKey) . "\n";
print "$PrivateKey\n\n";
# set private key object (passphrase)
my $key = new Crypt::RSA::Key::Private (
Password => $passphrase,
);
# set private key object (key)
$key->deserialize(String => Dumper($PrivateKey));
# decrypt message
my $rsa = Crypt::RSA->new();
my $message =
$rsa->decrypt(
Cyphertext => $cypher,
Key => $key,
Armour => 1,
)
or die "Unable to decrypt cypher! - ".$rsa->errstr();
print "The message reads:\n$message\n";
| |
| Mumia W. 2007-03-13, 8:01 am |
| On 03/12/2007 11:28 AM, rjvennes@hotmail.com wrote:
> The CGI script only need to exist for a single process... nothing
> needs to be passed to another process.
>
> Using Mumia suggestion of:
>
> use Data::Dumper;
> $key->deserialize(String => Dumper($PrivateKey));
>
> didn't seem to work either. [...]
After looking at the source, I see that the deserialize method *returns*
a new key object that contains the required data:
my $newkey = $key->deserialize(String => [ $PrivateKey ] );
# use $newkey to decrypt the message.
The code above assumes that $PrivateKey is a string created with
$key->write(). Notice that the $PrivateKey must be enclosed within an
anonymous array. Notice that the documentation does not say this.
Here is a program that doesn't demonstrate using
Crypt::RSA::Key::Private very well. I get an error, "n is not a number,"
from this program, but I still hope it helps you some:
#!/usr/bin/perl
use strict;
use warnings;
use Data::Dumper;
use Crypt::RSA;
use Crypt::RSA::Key::Private;
use File::Slurp;
my $PrivateKey = read_file('key.private');
my $message = read_file('cypher.data');
my $rsa = new Crypt::RSA;
my $nokey = Crypt::RSA::Key::Private->new;
my $privkey = $nokey->deserialize(String => [$PrivateKey]);
my $plaintext;
$plaintext = $rsa->decrypt(
Cyphertext => $message,
Key => $privkey,
Armour => 1,
) or die $rsa->errstr;
print $plaintext;
__END__
| |
|
|
|
|
|