문제
My problem is I cannot use the simplexml routines to load a string that was decrypted with PHPSECLIB. You can view the problem page here http://orwellmail.com/concrete.php
I made a class RSA that wraps the Crypto_RSA class in PHPSECLIB from http://phpseclib.sourceforge.net/. I am able to to decrypt a string and display it to the browser. This string contains xml that I would like to load using simplxml but when I load the string I get these errors
https://stackoverflow.com/questions/20941991
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianWarning: simplexml_load_string() [function.simplexml-load-string]: Entity: line 1: parser error : Char 0x0 out of allowed range in /home1/dlmorris/public_html/orwellmail/concrete.php on line 37
In wireshark with the raw decoding I can see that the data looks like this when the decrypted string is echoed to the browser. I'm no expert but the periods everywhere does not look correct to me.
<.h.e.a.d.e.r.>.
.
. . .<.a.e.s._.k.e.y.>.7.W.W.q.S.Y.O.r.5.Z.i.I.w.m.V.f.D.V.c.l.K.6.m.e.G.U.V./.x.Y.e.h.G.c.l.M. J.n.L.v.C.R.U.=.<./.a.e.s._.k.e.y.>.
.
. . .<.a.e.s._.i.v.>.z.V.6.t.m.x.m.a.i.X.B.X.i.R.Q.0.b.i.n.D.t.g.=.=.<./.a.e.s._.i.v.>.
.
.<./.h.e.a.d.e.r.>.
Using mb_detect_encoding I am able to see that the string is UTF-8. If I hard code the decrypted string and load that string with simplexml it works. Using the string returned from Crypt_RSA->decrypt
My code
$xml = simplexml_load_string($data);
$rsa = new RSA();
$rsa->LoadKeysFromXML($private,$public);
$decrypted_header = $rsa->DecryptString(base64_decode($xml->header));
echo $decrypted_header;
echo mb_detect_encoding($decrypted_header, 'UTF-8', TRUE); //RETURNS UTF-8
$decrypted_header_xml = simplexml_load_string($decrypted_header);
echo $decrypted_header_xml->aes_key;
xml that is contained in $decrypted_header
<header>
<aes_key>m75DRFG7uFo8usu3JrA9SUQs0QtR3hm/DmDufhc4ugI=</aes_key>
<aes_iv>xhQrKMVkN0+vWqYooY4dxg==</aes_iv>
</header>
relevant code in my Crypt_RSA wrapper class
public function DecryptString($message)
{
$this->_rsa_engine = new Crypt_RSA();
$this->_rsa_engine->setEncryptionMode(CRYPT_RSA_ENCRYPTION_PKCS1);
$this->_rsa_engine->loadKey($this->_private_key,CRYPT_RSA_PRIVATE_FORMAT_XML);
return $this->_rsa_engine->decrypt($message);
}
해결책
My guess: those .'s are actually null bytes. ie "\00", a non-printable character that's often rendered as .
ie. the decrypted data is UTF-16 encoded (despite what mb_detect_encoding says).
Maybe you could try adding a BOM before the data. That might be why mb_detect_encoding is saying it's UTF-8 even though it really looks like UTF-16.
Or maybe you could try something like mb_convert_encoding and set the third optional parameter to 'utf-16'.
