I have a strange problem I don't understand. I am trying to use openssl_public_encrypt() and openssl_private_decrypt() to secure text being stored in a database. It more or less works, but I have found that I can actually decrypt encrypted text with a wrong Private Key. If I change a character in my Private Key it still works. How can that be? Is that normal?
This is how I encrypt some larger plain text, which works:
function funcTextEncrypt($sText) {
global $sPublicKey;
$publicKey = openssl_pkey_get_public($sPublicKey);
$a_key = openssl_pkey_get_details($publicKey);
$chunkSize = ceil($a_key['bits'] / 8) - 11;
$sEncryptedText = '';
while ($sText)
{
$chunk = substr($sText, 0, $chunkSize);
$sText = substr($sText, $chunkSize);
$sEncryptedTextTemp = '';
if (!openssl_public_encrypt($chunk, $sEncryptedTextTemp, $publicKey)) { $sEncryptedText = ""; }
$sEncryptedText .= $sEncryptedTextTemp;
}
openssl_free_key($publicKey);
return(base64_encode($sEncryptedText));
}
Added [code] tags ~ Mod.