All geek questions in one place

Openssl and php

I am trying to download the private key generated by the openssl cli tool with PHP. I used the following command and PHP code:

openssl genrsa -des3 4096 -out private.key

if (!($key = openssl_pkey_get_private("file://private.key", "password"))); { return false; }

I am sure that the password is correct and the file is also formatted by PEM, but it continues to return false. What am I doing wrong?

Thanks in advance, Jory.

+5
source share
3 answers

Please note that file://path/to/file.pem in the documentation means the file protocol + file path. On UNIX, such as the OS, this is something like file:///rsa_private_key.pem . There is a THREE line in the path line, not TWO. And file:// cannot be omitted.

+6
source

It is much easier to just put the key in var:

 $public = "-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDfmlc2EgrdhvakQApmLCDOgP0n NERInBheMh7J/r5aU8PUAIpGXET/8+kOGI1dSYjoux80AuHvkWp1EeHfMwC/SZ9t 6rF4sYqV5Lj9t32ELbh2VNbE/7QEVZnXRi5GdhozBZtS1gJHM2/Q+iToyh5dfTaA U8bTnLEPMNC1h3qcUQIDAQAB -----END PUBLIC KEY-----"; $private = "-----BEGIN RSA PRIVATE KEY----- MIICXAIBAAKBgQDfmlc2EgrdhvakQApmLCDOgP0nNERInBheMh7J/r5aU8PUAIpG XET/8+kOGI1dSYjoux80AuHvkWp1EeHfMwC/SZ9t6rF4sYqV5Lj9t32ELbh2VNbE /7QEVZnXRi5GdhozBZtS1gJHM2/Q+iToyh5dfTaAU8bTnLEPMNC1h3qcUQIDAQAB AoGAcbh6UFqewgnpGKIlZ89bpAsANVckv1T8I7QT6qGvyBrABut7Z8t3oEE5r1yX UPGcOtkoRniM1h276ex9VtoGr09sUn7duoLiEsp8aip7p7SB3X6XXWJ9K733co6C dpXotfO0zMnv8l3O9h4pHrrBkmWDBEKbUeuE9Zz7uy6mFAECQQDygylLjzX+2rvm FYd5ejSaLEeK17AiuT29LNPRHWLu6a0zl923299FCyHLasFgbeuLRCW0LMCs2SKE Y+cIWMSRAkEA7AnzWjby8j8efjvUwIWh/L5YJyWlSgYKlR0zdgKxxUy9+i1MGRkn m81NLYza4JLvb8/qjUtvw92Zcppxb7E7wQJAIuQWC+X12c30nLzaOfMIIGpgfKxd jhFivZX2f66frkn2fmbKIorCy7c3TIH2gn4uFmJenlaV/ghbe/q3oa7L0QJAFP19 ipRAXpKGX6tqbAR2N0emBzUt0btfzYrfPKtYq7b7XfgRQFogT5aeOmLARCBM8qCG tzHyKnTWZH6ff9M/AQJBAIToUPachXPhDyOpDBcBliRNsowZcw4Yln8CnLqgS9H5 Ya8iBJilFm2UlcXfpUOk9bhBTbgFp+Bv6BZ2Alag7pY= -----END RSA PRIVATE KEY-----"; if (!$privateKey = openssl_pkey_get_private($private)) die('Loading Private Key failed'); if (!$publicKey = openssl_pkey_get_public($public)) die('Loading Public Key failed');

I will also include a small encoding / decoding example:

 $encrypted = ''; $decrypted = ''; $plaintext = 'This is just some text to encrypt'; echo '<p>$plaintext = ' . $plaintext . '<p>'; if (!openssl_public_encrypt($plaintext, $encrypted, $publicKey)) die('Failed to encrypt data'); echo '<p>$encrypted = ' . $encrypted . '<p>'; if (!openssl_private_decrypt($encrypted, $decrypted, $privateKey)) die('Failed to decrypt data'); echo '<p>$decrypted = ' . $decrypted . '<p>';

Or just in case, you can generate the key using php:

 $NEW_KEY = openssl_pkey_new(array( 'private_key_bits' => 1024, 'private_key_type' => OPENSSL_KEYTYPE_RSA, )); openssl_pkey_export_to_file($NEW_KEY, 'private.key'); $NEW_KEY_DETAILS = openssl_pkey_get_details($NEW_KEY); file_put_contents('public.key', $NEW_KEY_DETAILS['key']); openssl_free_key($NEW_KEY);
+4
source

Please refer to the following URL.

https://www.php.net/manual/en/function.openssl-pkey-get-private.php

To narrow down the problem, use the same directory for your php file and key file and try this working code.

Working code

 $keyfile="file://".__DIR__.DIRECTORY_SEPARATOR."key.pem"; //absolute path $key = openssl_pkey_get_private($keyfile); if ($key === false) { var_dump(openssl_error_string()); }else{ var_dump($key); }

The following may be a problem.

  1. Way

The following path styles should work.

 $keyfile="file:///home/john/php/key.pem"; // unix absoulute path $keyfile="file://C:\\users\\john\\php\\key.pem"; // windows absoulute path $keyfile="file://".__DIR__.DIRECTORY_SEPARATOR."key.pem"; //absoulute path for unix, windows $keyfile="file://key.pem"; // relative path, unix, windows, (php,key files in same directory) $key = openssl_pkey_get_private($keyfile);

If the path does not exist, the error will look like

"error: 02001002: system library: fopen: there is no such file or directory"

  1. Web environment

    Check your web root and web user access rights to the folder and key file.

    To reduce the number of problems, test it on the env of the php embedded web server, and not on wamp.

 >php -S localhost:80
  1. Corrupted key file

stored as a specific type, which includes spaces. This error may occur, as in the following.

"error: 0906D06C: PEM routines: PEM_read_bio: no start line"

 in my case, key file was saved as UTF-8 with BOM(whitespaces)

Debug Key File 1 - READ FROM VARIABLE

This code should work. I got the key file from http://micmap.org/php-by-example/en/function/openssl_pkey_get_private

Please replace $ str with yours.

 $str = <<<EOF -----BEGIN RSA PRIVATE KEY----- MIIEogIBAAKCAQEA0llCeBjy18RylTdBih9GMUSZIC3GzeN0vQ9W8E3nwy2jdeUn H3GBXWpMo3F43V68zM2Qz5epRNmlLSkY/PJUfJIC8Yc1VEokT52q87hH/XJ5eS8h eZnjuSlPAGi8oZ3ImVbruzV7XmlD+QsCSxJW7tBv0dqJ71e1gAAisCXK2m7iyf/u l6rT0Zz0ptYH4IZfwc/hQ9JcMg69uM+3bb4oBFsixMmEQwxKZsXk3YmO/YRjRbay +6+79bSV/frW+lWhknyGSIJp2CJArYcOdbK1bXx1dRWpbNSExo7dWwuPC0Y7a5AE eoZofieQPPBhXlp1hPgLYGat71pDqBjKLvF5GwIDAQABAoIBACPItYsSy3UzYT7L OKYTrfBBuD8GKpTqBfkHvAWDa1MD15P92Mr7l0NaCxGfAy29qSa6LdFy/oPM9tGY 9TxKyV6rxD5sfwEI3+Z/bw6pIe4W5F1eTDaQnHHqehsatkRUQET9yXp+na8w/zRF 0C0PQKS95tfvcpm59RGCdGQ8+aZw+cIy/xez75W8IS/hagMxe7xYPjpkOkSCCEJU zmbVq6AyWodASV0p4H9p8I+c0vO2hJ/ELJ167w6T+2/GlZg979rlyHoTW8jK2BbG IRGaPo+c2GANXa686tdpbkPd6oJliXwBSNolxmXShvlveBbPFAJJACzCmbXNj9kH 6/K+SWkCgYEA7FNudcTkRPV8TzKhJ1AzDjw3VcnraYhY8IlNxbk7RVHLdkoUtwk/ mImeBlEfCoz9V+S/gRgeQ+1Vb/BCbS24+bN/+IGoNRFMRcOieFt6lQUpj7a9NeSo IEclGgUiU7QR3xH73SB4GC3rgSPeHJhJZC5EJq5TzYjXTPGPpBD3zicCgYEA49wz zfMDYIH8h4L65r/eJYIbLwpvgktgaYvhijO3qfZSWW+Y19jCBn55f65YOhPGQBHA my0f+tVxFNZ/OupbrAIIzogxlCIYHNBawDhoHN/sB3/lSBAjifySNLyRlA62oA0w wXvXVLVWMa3aXim3c9AlnLF1fHwcvwpOKSfdye0CgYBb1mBKq+T5V1yjek1d9bCh i40FbZ5qOG43q2Ppvn3mBk9G/KroJlPsdy5NziB9/SRGj8JL7I92Xjihc4Cc5PPJ NZQ5gklXtg0p30i39PTCDGuGScFlvCIJyRwF7JDWblezlE2INSH2Y4HtgX7DJfr/ T2t0jLJMYS0p3YWwgFeMaQKBgHUIe/8y6zAdc5QynSX5tGL1gXrW1FFK39k2RICU cag1YTSYkhuDNJzbRxJifORPlcsAkzngooVWLb+zMCQVjUI6xUU3RKe+Hz5lccc6 8ZarGHL9qMkrqOVNudamZ+tw5zIrtDgcoIvcm8nmbrtgl94/MaJar2ph4O3qoByZ Ylw9AoGAIdS79s0VKkj4VVXqK47ZcI7jGL4V4C8ujU8YcMNV88xwCoDg9ZIFprWA P5p/cnvj6aHnqL58XiH0+bE0Lt3J+U6N6JelQQevgBHooMFh4FpDXcVda7xB3rK3 woqbi8fNhr827H2maxIZPtVG95/mvR4k5z1Jrdnr34ZUmtC6U5Q= -----END RSA PRIVATE KEY----- EOF; $key = openssl_pkey_get_private($str); if ($key === false) { var_dump(openssl_error_string()); }else{ var_dump($key); }

OUTPUT

resource (4) of type (OpenSSL key)

Debug Key File 2 - READ FROM FILE

copy the key strings ($ str) into the key file, for example, "key.pem".

 $str = <<<EOF -----BEGIN RSA PRIVATE KEY----- ...YOUR KEY STINGS HERE... -----END RSA PRIVATE KEY----- EOF; $str2 = file_get_contents("key.pem"); $len1 = strlen ($str); $len2 = strlen ($str2); if($len1 !== $len2) echo "File has been corrupted."; $key = openssl_pkey_get_private($str2); if ($key === false) { var_dump(openssl_error_string()); }else{ var_dump($key); }
0
source

Source: https://habr.com/ru/post/1414592/

More articles:


All Articles