ZF-8846: Incomplete Public Key assumption for PEM in Rsa.php

Issue Type: Bug Created: 2010-01-17T04:47:26.000+0000 Last Updated: 2010-04-28T12:33:12.000+0000 Status: Resolved Fix version(s): - 1.10.5 (26/May/10)

Reporter: Cristian Sandescu (csandescu) Assignee: Pádraic Brady (padraic) Tags: - Zend_Crypt

Related issues: Attachments:


ZF currently assumes the public key should be derived automatically from the Zend_Crypt_Rsa_Key_Private in function setPemString from Rsa.php. This assumption may deny valid usage when using PEM formatted keys, and using an operation such as verifySignature which does not necesarily need the private key.

For example, usage such as: $rsa = new Zend_Crypt_Rsa(array('pemPath'=>'smth.pem')); $resp = $rsa->verifySignature($dataToCheck, $token, Zend_Crypt_Rsa::BASE64); where smth.pem contains only the public key will throw an exception in ZF 1.9.7 (tested starting with 1.8.0)

One possible solution would be to try to import the public key, in case generation from private key failed. public function setPemString($value) { $this->_pemString = $value; try { $this->_privateKey = new Zend_Crypt_Rsa_Key_Private($this->_pemString, $this->_passPhrase); $this->_publicKey = $this->_privateKey->getPublicKey(); } catch (Zend_Crypt_Exception $ex){ $this->_privateKey = null; $this->_publicKey = new Zend_Crypt_Rsa_Key_Public($this->_pemString); }



Posted by Pádraic Brady (padraic) on 2010-04-28T12:33:12.000+0000

Fixed in r22041

Have you found an issue?

See the Overview section for more details.


© 2006-2018 by Zend, a Rogue Wave Company. Made with by awesome contributors.

This website is built using zend-expressive and it runs on PHP 7.