From 74b5420aa92ac777fcbd83f72ee2a9d8d4daf446 Mon Sep 17 00:00:00 2001 From: vincent Date: Sat, 19 Apr 2025 20:51:32 +0200 Subject: [PATCH] reorganized for hybrid encryption --- send.php | 66 +++++++++++++++++++++++++++----------------------------- 1 file changed, 32 insertions(+), 34 deletions(-) diff --git a/send.php b/send.php index 81b8b2c..a895af3 100644 --- a/send.php +++ b/send.php @@ -63,7 +63,8 @@ function pushMetadata($messageId, $receiver, $color, $body_hash){ } -function pushInternal($messageId, $body){ + +function pushData($messageId, $body, $internal_key, $external_key){ global $dbservername; global $dbusername; global $dbpassword; @@ -73,31 +74,10 @@ function pushInternal($messageId, $body){ if ($conn->connect_error) { die("Server Error"); } - $sql = "INSERT INTO smz_messages_internal (message_id, message_body) VALUES ('$messageId', '$body')"; + $sql = "INSERT INTO smz_messages_data (message_id, message_body, internal_key, external_key) VALUES ('$messageId', '$body', '$internal_key', '$external_key')"; if ($conn->query($sql) === TRUE) { - echo "INTERNAL erfolgreich gespeichert"; - } else { - echo "Error: " . $sql . "
" . $conn->error; - } - - $conn->close(); -} - -function pushExternal($messageId, $body){ - global $dbservername; - global $dbusername; - global $dbpassword; - global $dbname; - - $conn = new mysqli($dbservername, $dbusername, $dbpassword, $dbname); - if ($conn->connect_error) { - die("Server Error"); - } - $sql = "INSERT INTO smz_messages_external (message_id, message_body) VALUES ('$messageId', '$body')"; - - if ($conn->query($sql) === TRUE) { - echo "EXTERNAL erfolgreich gespeichert"; + echo "DATA erfolgreich gespeichert"; } else { echo "Error: " . $sql . "
" . $conn->error; } @@ -108,20 +88,38 @@ function pushExternal($messageId, $body){ include('keyGrab.php'); $sender_key = grabPublicKey($uid); $receiver_key = grabPublicKey($receiver); -$encryptedBodyINTERNAL = ''; -$encryptedBodyEXTERNAL = ''; -$encryptedINTERNAL = openssl_public_encrypt($body, $encryptedBodyINTERNAL, $sender_key, OPENSSL_PKCS1_PADDING); -$encryptedEXTERNAL = openssl_public_encrypt($body, $encryptedBodyEXTERNAL, $receiver_key, OPENSSL_PKCS1_PADDING); +$aesKey = openssl_random_pseudo_bytes(32); +$iv = openssl_random_pseudo_bytes(openssl_cipher_iv_length('aes-256-cbc')); +$encryptedBody = openssl_encrypt($body, 'aes-256-cbc', $aesKey, 0, $iv); -if ($encryptedINTERNAL === false) { - die("Fehler beim Verschlüsseln (internal): " . openssl_error_string()); + +$encryptedAesKey = ''; +$encryptionOkEXT = openssl_public_encrypt($aesKey, $encryptedAesKeyEXTERNAL, $receiver_key, OPENSSL_PKCS1_PADDING); +$encryptionOkINT = openssl_public_encrypt($aesKey, $encryptedAesKeyINTERNAL, $sender_key, OPENSSL_PKCS1_PADDING); + +if ($encryptionOkEXT === false) { + die("Fehler beim Verschlüsseln des AES-Schlüssels (EXTERNAL): " . openssl_error_string()); } -if ($encryptedEXTERNAL === false) { - die("Fehler beim Verschlüsseln (external): " . openssl_error_string()); +if ($encryptionOkINT === false) { + die("Fehler beim Verschlüsseln des AES-Schlüssels (INTERNAL): " . openssl_error_string()); } -pushInternal($messageId, base64_encode($encryptedBodyINTERNAL)); -pushExternal($messageId, base64_encode($encryptedBodyEXTERNAL)); +$encryptedMessageBase64 = base64_encode($encryptedBody); +$encryptedAesKeyBase64EXT = base64_encode($encryptedAesKeyEXTERNAL); +$encryptedAesKeyBase64INT = base64_encode($encryptedAesKeyINTERNAL); +$ivBase64 = base64_encode($iv); + +// $encryptedINTERNAL = openssl_public_encrypt($body, $encryptedBodyINTERNAL, $sender_key, OPENSSL_PKCS1_PADDING); +// $encryptedEXTERNAL = openssl_public_encrypt($body, $encryptedBodyEXTERNAL, $receiver_key, OPENSSL_PKCS1_PADDING); + +// if ($encryptedINTERNAL === false) { +// die("Fehler beim Verschlüsseln (internal): " . openssl_error_string()); +// } +// if ($encryptedEXTERNAL === false) { +// die("Fehler beim Verschlüsseln (external): " . openssl_error_string()); +// } + +pushData($messageId, $encryptedMessageBase64, $encryptedAesKeyBase64INT, $encryptedAesKeyBase64EXT); echo "

ERFOLG"; ?>