reorganized for hybrid encryption

2025-04-19 20:51:32 +02:00 · 2025-04-19 20:51:32 +02:00 · 74b5420aa9
commit 74b5420aa9
parent 53a52632a7
1 changed files with 32 additions and 34 deletions
--- a/send.php
+++ b/send.php
@ -63,7 +63,8 @@ function pushMetadata($messageId, $receiver, $color, $body_hash){

 }

-function pushInternal($messageId, $body){
+
+function pushData($messageId, $body, $internal_key, $external_key){
  global $dbservername;
 	global $dbusername;
 	global $dbpassword;
@ -73,31 +74,10 @@ function pushInternal($messageId, $body){
 		if ($conn->connect_error) {
 			die("Server Error");
 		}
-    $sql = "INSERT INTO smz_messages_internal (message_id, message_body) VALUES ('$messageId', '$body')";
+    $sql = "INSERT INTO smz_messages_data (message_id, message_body, internal_key, external_key) VALUES ('$messageId', '$body', '$internal_key', '$external_key')";

 		if ($conn->query($sql) === TRUE) {
-      echo "INTERNAL erfolgreich gespeichert";
-		} else {
-			echo "Error: " . $sql . "<br>" . $conn->error;
-		}
-
-		$conn->close();
-}
-
-function pushExternal($messageId, $body){
-  global $dbservername;
-	global $dbusername;
-	global $dbpassword;
-	global $dbname;
-
-  $conn = new mysqli($dbservername, $dbusername, $dbpassword, $dbname);
-		if ($conn->connect_error) {
-			die("Server Error");
-		}
-    $sql = "INSERT INTO smz_messages_external (message_id, message_body) VALUES ('$messageId', '$body')";
-
-		if ($conn->query($sql) === TRUE) {
-      echo "EXTERNAL erfolgreich gespeichert";
+      echo "DATA erfolgreich gespeichert";
 		} else {
 			echo "Error: " . $sql . "<br>" . $conn->error;
 		}
@ -108,20 +88,38 @@ function pushExternal($messageId, $body){
 include('keyGrab.php');
 $sender_key = grabPublicKey($uid);
 $receiver_key = grabPublicKey($receiver);
-$encryptedBodyINTERNAL = '';
-$encryptedBodyEXTERNAL = '';

-$encryptedINTERNAL = openssl_public_encrypt($body, $encryptedBodyINTERNAL, $sender_key, OPENSSL_PKCS1_PADDING);
-$encryptedEXTERNAL = openssl_public_encrypt($body, $encryptedBodyEXTERNAL, $receiver_key, OPENSSL_PKCS1_PADDING);
+$aesKey = openssl_random_pseudo_bytes(32);
+$iv = openssl_random_pseudo_bytes(openssl_cipher_iv_length('aes-256-cbc'));
+$encryptedBody = openssl_encrypt($body, 'aes-256-cbc', $aesKey, 0, $iv);

-if ($encryptedINTERNAL === false) {
-    die("Fehler beim Verschlüsseln (internal): " . openssl_error_string());
+
+$encryptedAesKey = '';
+$encryptionOkEXT = openssl_public_encrypt($aesKey, $encryptedAesKeyEXTERNAL, $receiver_key, OPENSSL_PKCS1_PADDING);
+$encryptionOkINT = openssl_public_encrypt($aesKey, $encryptedAesKeyINTERNAL, $sender_key, OPENSSL_PKCS1_PADDING);
+
+if ($encryptionOkEXT === false) {
+    die("Fehler beim Verschlüsseln des AES-Schlüssels (EXTERNAL): " . openssl_error_string());
 }
-if ($encryptedEXTERNAL === false) {
-    die("Fehler beim Verschlüsseln (external): " . openssl_error_string());
+if ($encryptionOkINT === false) {
+    die("Fehler beim Verschlüsseln des AES-Schlüssels (INTERNAL): " . openssl_error_string());
 }

-pushInternal($messageId, base64_encode($encryptedBodyINTERNAL));
-pushExternal($messageId, base64_encode($encryptedBodyEXTERNAL));
+$encryptedMessageBase64 = base64_encode($encryptedBody);
+$encryptedAesKeyBase64EXT = base64_encode($encryptedAesKeyEXTERNAL);
+$encryptedAesKeyBase64INT = base64_encode($encryptedAesKeyINTERNAL);
+$ivBase64 = base64_encode($iv);
+
+// $encryptedINTERNAL = openssl_public_encrypt($body, $encryptedBodyINTERNAL, $sender_key, OPENSSL_PKCS1_PADDING);
+// $encryptedEXTERNAL = openssl_public_encrypt($body, $encryptedBodyEXTERNAL, $receiver_key, OPENSSL_PKCS1_PADDING);
+
+// if ($encryptedINTERNAL === false) {
+//     die("Fehler beim Verschlüsseln (internal): " . openssl_error_string());
+// }
+// if ($encryptedEXTERNAL === false) {
+//     die("Fehler beim Verschlüsseln (external): " . openssl_error_string());
+// }
+
+pushData($messageId, $encryptedMessageBase64, $encryptedAesKeyBase64INT, $encryptedAesKeyBase64EXT);
 echo "<h1>ERFOLG</1>";
 ?>