-
Notifications
You must be signed in to change notification settings - Fork 10
/
Copy pathindex.php
153 lines (117 loc) · 4.41 KB
/
index.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
<?php
/* *
* This file is brought to you by Georg Großberger *
* (c) 2012 by Georg Großberger <[email protected]> *
* *
* It is free software; you can redistribute it and/or modify it under *
* the terms of the BSD 3-Clause License. *
* */
require_once '../vendor/autoload.php';
set_exception_handler(function(Exception $e) {
echo '<pre>';
echo (string) $e;
echo '</pre>';
exit;
});
session_start();
$decrypted=NULL;
if (empty($_SESSION['key']) || !empty($_GET['createNew'])) {
// If no key pair is found, or the generation of a new one is request
// create one and store it in the session -> this is unsecure and only meant for demonstration purposes !!!
$key = \RSA\KeyPair::createNew();
$_SESSION['key'] = serialize($key);
// redirect to the page if a createNew request was issued
if (!empty($_GET['createNew'])) {
header('Location: index.php');
exit;
}
} else {
// If we have a key pair, load it
$key = unserialize($_SESSION['key']);
// If an encrypted text was sent, use the key pair to decrypt it
if (!empty($_POST['encrypted'])) {
$decrypted = $key->decrypt($_POST['encrypted']);
$decrypted = '<h3>Server Side Decryption</h3>' .
'<p>Decrypted by PHP to:</p>' .
'<p><em>' . $decrypted . '</em></p>' .
'<p>This one simply runs<br><code>$key->decrypt($_POST[\'encrypted\']);</code></p>';
// Another security warning: Sending back the decrypted data makes the whole thing useless !!
// Here it is done to demonstrate the behaviour, on a real live app you will not want this!
// In case of an ajax request, output the data and exit
if (isset($_SERVER['HTTP_X_REQUESTED_WITH']) && $_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest') {
echo $decrypted;
exit;
}
}
}
?><!DOCTYPE html>
<html>
<head>
<title>RSA Demo</title>
<link rel="stylesheet" type="text/css" href="http://getbootstrap.com/2.3.2/assets/css/bootstrap.css">
</head>
<body>
<div class="container">
<div class="row">
<div class="span12">
<h1 class="page-header">RSA Demo</h1>
</div>
</div>
<div class="row">
<section class="span4">
<h3>Text to encrypt</h3>
<p>
<textarea cols="70" rows="10" id="plainText">Some sensitive data</textarea><br>
<button class="btn btn-primary" id="toggle" onclick="EncryptMessage();">Encrypt</button>
<button class="btn" onclick="location.href='index.php?createNew=1';return false;">Create New Key Pair</button>
</p>
<p>This one simply runs <code>rsaEncrypter.encrypt("theText");</code></p>
<p>The public key modulus used is:<br>
<code><?php echo $key->getPublicKey(); ?></code>
</p>
</section>
<section class="span4">
<h3>Encryption result <small>base64 encoded</small></h3>
<textarea cols="80" rows="10" id="result"></textarea>
<form action="index.php" method="post" id="decryptForm" style="display: none;">
<input type="hidden" name="encrypted" id="dataToDecrypt">
<button id="decrypter" class="btn btn-info">Decrypt on the server</button>
</form>
</section>
<section class="span4" id="decryptionResult">
<?php
// Output the decryption result
if (!empty($decrypted)) {
echo $decrypted;
}
?>
</section>
</div>
</div>
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js"></script>
<script type="text/javascript" src="<?= \RSA\JavascriptHelper::getFrontendUrl(__DIR__); ?>"></script>
<script type="text/javascript">
<?php
// We have loaded the rsa javascript before
// so we can use this helper to output a
// javascript snippet that creates a new RSAKey instance
echo $key->toJavascript();
?>
$(function() {
$("#decrypter").click(function(e) {
e.preventDefault();
$.post("index.php", {"encrypted": $("#dataToDecrypt").val()}, function(responseText) {
$("#decryptionResult").html(responseText);
})
});
});
function EncryptMessage() {
// The javascript function created previously creates the instance in the variable
// "rsaEncrypter" by default, so we can access it directly
var result = rsaEncrypter.encrypt( document.getElementById("plainText").value );
$("#result, #dataToDecrypt").val(result);
$("#decryptForm").show();
}
</script>
</body>
</html>