I am using the openssl seal and open functions to store some encrypted data for later retrieval.
After the data is sealed, I store the envelope and envelope key on the server along with the public and encrypted private key. Later, a user will enter the password which decrypts the private key. Then the private key, public key, envelope, and envelope key are passed to the open function. Ideally I would then output the unencrypted data to the user, but the openssl_open functions always returns false.
Any suggestions?
I did add some print statements to compare the values of envelopeFile and envelopeFileKey in the submission to the values read from disk during retrieval; they appeared to be the same. So I assume, I don't really understand something about how openssl seal and open are supposed to be used.
submission:
$output = "our data";
$pubKey = openssl_pkey_get_public( "file://public.pem" );
$result = openssl_seal($output, $envelope, $eKeys, array($pubKey));
if(!$result){ print "Encryption failed"; return;}
$envelopeFile = fopen("0.env", 'x') or die("can't open file");
$envelopeKeysFile = fopen("0.ekey", 'x') or die("can't open file");
fwrite($envelopeFile, $envelope);
fclose($envelopeFile);
fwrite($envelopeKeysFile, $eKeys[0]);
fclose($envelopeKeysFile)
retrieval:
$password = "private key password from POST";
$privateKey = openssl_pkey_get_private("file://private.pem", $password);
if(!$privateKey){ print "private key could not be unencrypted"; return; }
$currentEnvelope = file_get_contents("0.env");
$currentEnvelopeKey = file_get_contents("0.ekey");
if (openssl_open($currentEvelope, $plainText, $currentEvelopeKey, $privateKey)) {
echo $plainText;
} else {
echo "failed to open data";
}