Openssl and PHP
Im trying to load a private key generated by the openssl cli tool with PHP. I used the following command and PHP code:
openssl genrsa -des3 4096 -out
-
It is a lot easier to just put the key in a var:
$public = "-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDfmlc2EgrdhvakQApmLCDOgP0n NERInBheMh7J/r5aU8PUAIpGXET/8+kOGI1dSYjoux80AuHvkWp1EeHfMwC/SZ9t 6rF4sYqV5Lj9t32ELbh2VNbE/7QEVZnXRi5GdhozBZtS1gJHM2/Q+iToyh5dfTaA U8bTnLEPMNC1h3qcUQIDAQAB -----END PUBLIC KEY-----"; $private = "-----BEGIN RSA PRIVATE KEY----- MIICXAIBAAKBgQDfmlc2EgrdhvakQApmLCDOgP0nNERInBheMh7J/r5aU8PUAIpG XET/8+kOGI1dSYjoux80AuHvkWp1EeHfMwC/SZ9t6rF4sYqV5Lj9t32ELbh2VNbE /7QEVZnXRi5GdhozBZtS1gJHM2/Q+iToyh5dfTaAU8bTnLEPMNC1h3qcUQIDAQAB AoGAcbh6UFqewgnpGKIlZ89bpAsANVckv1T8I7QT6qGvyBrABut7Z8t3oEE5r1yX UPGcOtkoRniM1h276ex9VtoGr09sUn7duoLiEsp8aip7p7SB3X6XXWJ9K733co6C dpXotfO0zMnv8l3O9h4pHrrBkmWDBEKbUeuE9Zz7uy6mFAECQQDygylLjzX+2rvm FYd5ejSaLEeK17AiuT29LNPRHWLu6a0zl923299FCyHLasFgbeuLRCW0LMCs2SKE Y+cIWMSRAkEA7AnzWjby8j8efjvUwIWh/L5YJyWlSgYKlR0zdgKxxUy9+i1MGRkn m81NLYza4JLvb8/qjUtvw92Zcppxb7E7wQJAIuQWC+X12c30nLzaOfMIIGpgfKxd jhFivZX2f66frkn2fmbKIorCy7c3TIH2gn4uFmJenlaV/ghbe/q3oa7L0QJAFP19 ipRAXpKGX6tqbAR2N0emBzUt0btfzYrfPKtYq7b7XfgRQFogT5aeOmLARCBM8qCG tzHyKnTWZH6ff9M/AQJBAIToUPachXPhDyOpDBcBliRNsowZcw4Yln8CnLqgS9H5 Ya8iBJilFm2UlcXfpUOk9bhBTbgFp+Bv6BZ2Alag7pY= -----END RSA PRIVATE KEY-----"; if (!$privateKey = openssl_pkey_get_private($private)) die('Loading Private Key failed'); if (!$publicKey = openssl_pkey_get_public($public)) die('Loading Public Key failed');I'll also include a small encode / decode example:
$encrypted = ''; $decrypted = ''; $plaintext = 'This is just some text to encrypt'; echo '<p>$plaintext = ' . $plaintext . '<p>'; if (!openssl_public_encrypt($plaintext, $encrypted, $publicKey)) die('Failed to encrypt data'); echo '<p>$encrypted = ' . $encrypted . '<p>'; if (!openssl_private_decrypt($encrypted, $decrypted, $privateKey)) die('Failed to decrypt data'); echo '<p>$decrypted = ' . $decrypted . '<p>';Or just in case you could generate a key with php:
$NEW_KEY = openssl_pkey_new(array( 'private_key_bits' => 1024, 'private_key_type' => OPENSSL_KEYTYPE_RSA, )); openssl_pkey_export_to_file($NEW_KEY, 'private.key'); $NEW_KEY_DETAILS = openssl_pkey_get_details($NEW_KEY); file_put_contents('public.key', $NEW_KEY_DETAILS['key']); openssl_free_key($NEW_KEY);讨论(0) -
Please note that
file://path/to/file.pemin documentation means file protocol + file path. In UNIX like OS, that is something likefile:///rsa_private_key.pem. There is THREE slashes in the path string, not TWO. Andfile://cannot be omitted.讨论(0) -
Please refer to next URL.
https://www.php.net/manual/en/function.openssl-pkey-get-private.php
To narrow down your issue, please use same directory for your php file and key file and try this working code.
Working code
$keyfile="file://".__DIR__.DIRECTORY_SEPARATOR."key.pem"; //absolute path $key = openssl_pkey_get_private($keyfile); if ($key === false) { var_dump(openssl_error_string()); }else{ var_dump($key); }The following might be an issue.
- Path
Following path styles should work.
$keyfile="file:///home/john/php/key.pem"; // unix absoulute path $keyfile="file://C:\\users\\john\\php\\key.pem"; // windows absoulute path $keyfile="file://".__DIR__.DIRECTORY_SEPARATOR."key.pem"; //absoulute path for unix, windows $keyfile="file://key.pem"; // relative path, unix, windows, (php,key files in same directory) $key = openssl_pkey_get_private($keyfile);If path does not exist, error will be like
"error:02001002:system library:fopen:No such file or directory"
Web environment
Check your web root and web user access permission to the folder and key file.
To reduce issues, test it on php build-in web server env rather than WAMP env.
>php -S localhost:80- Corrupted key file
saved as certain type which include whitespaces. This can occur error like next.
"error:0906D06C:PEM routines:PEM_read_bio:no start line"
in my case, key file was saved as UTF-8 with BOM(whitespaces)DEBUG key file 1 - READ FROM VARIABLE
This code should work. I got key file from http://micmap.org/php-by-example/en/function/openssl_pkey_get_private
Please replace $str to yours.
$str = <<<EOF -----BEGIN RSA PRIVATE KEY----- MIIEogIBAAKCAQEA0llCeBjy18RylTdBih9GMUSZIC3GzeN0vQ9W8E3nwy2jdeUn H3GBXWpMo3F43V68zM2Qz5epRNmlLSkY/PJUfJIC8Yc1VEokT52q87hH/XJ5eS8h eZnjuSlPAGi8oZ3ImVbruzV7XmlD+QsCSxJW7tBv0dqJ71e1gAAisCXK2m7iyf/u l6rT0Zz0ptYH4IZfwc/hQ9JcMg69uM+3bb4oBFsixMmEQwxKZsXk3YmO/YRjRbay +6+79bSV/frW+lWhknyGSIJp2CJArYcOdbK1bXx1dRWpbNSExo7dWwuPC0Y7a5AE eoZofieQPPBhXlp1hPgLYGat71pDqBjKLvF5GwIDAQABAoIBACPItYsSy3UzYT7L OKYTrfBBuD8GKpTqBfkHvAWDa1MD15P92Mr7l0NaCxGfAy29qSa6LdFy/oPM9tGY 9TxKyV6rxD5sfwEI3+Z/bw6pIe4W5F1eTDaQnHHqehsatkRUQET9yXp+na8w/zRF 0C0PQKS95tfvcpm59RGCdGQ8+aZw+cIy/xez75W8IS/hagMxe7xYPjpkOkSCCEJU zmbVq6AyWodASV0p4H9p8I+c0vO2hJ/ELJ167w6T+2/GlZg979rlyHoTW8jK2BbG IRGaPo+c2GANXa686tdpbkPd6oJliXwBSNolxmXShvlveBbPFAJJACzCmbXNj9kH 6/K+SWkCgYEA7FNudcTkRPV8TzKhJ1AzDjw3VcnraYhY8IlNxbk7RVHLdkoUtwk/ mImeBlEfCoz9V+S/gRgeQ+1Vb/BCbS24+bN/+IGoNRFMRcOieFt6lQUpj7a9NeSo IEclGgUiU7QR3xH73SB4GC3rgSPeHJhJZC5EJq5TzYjXTPGPpBD3zicCgYEA49wz zfMDYIH8h4L65r/eJYIbLwpvgktgaYvhijO3qfZSWW+Y19jCBn55f65YOhPGQBHA my0f+tVxFNZ/OupbrAIIzogxlCIYHNBawDhoHN/sB3/lSBAjifySNLyRlA62oA0w wXvXVLVWMa3aXim3c9AlnLF1fHwcvwpOKSfdye0CgYBb1mBKq+T5V1yjek1d9bCh i40FbZ5qOG43q2Ppvn3mBk9G/KroJlPsdy5NziB9/SRGj8JL7I92Xjihc4Cc5PPJ NZQ5gklXtg0p30i39PTCDGuGScFlvCIJyRwF7JDWblezlE2INSH2Y4HtgX7DJfr/ T2t0jLJMYS0p3YWwgFeMaQKBgHUIe/8y6zAdc5QynSX5tGL1gXrW1FFK39k2RICU cag1YTSYkhuDNJzbRxJifORPlcsAkzngooVWLb+zMCQVjUI6xUU3RKe+Hz5lccc6 8ZarGHL9qMkrqOVNudamZ+tw5zIrtDgcoIvcm8nmbrtgl94/MaJar2ph4O3qoByZ Ylw9AoGAIdS79s0VKkj4VVXqK47ZcI7jGL4V4C8ujU8YcMNV88xwCoDg9ZIFprWA P5p/cnvj6aHnqL58XiH0+bE0Lt3J+U6N6JelQQevgBHooMFh4FpDXcVda7xB3rK3 woqbi8fNhr827H2maxIZPtVG95/mvR4k5z1Jrdnr34ZUmtC6U5Q= -----END RSA PRIVATE KEY----- EOF; $key = openssl_pkey_get_private($str); if ($key === false) { var_dump(openssl_error_string()); }else{ var_dump($key); }OUTPUT
resource(4) of type (OpenSSL key)
DEBUG key file 2 - READ FROM FILE
copy your key strings($str) to key file like "key.pem".
$str = <<<EOF -----BEGIN RSA PRIVATE KEY----- ...YOUR KEY STINGS HERE... -----END RSA PRIVATE KEY----- EOF; $str2 = file_get_contents("key.pem"); $len1 = strlen ($str); $len2 = strlen ($str2); if($len1 !== $len2) echo "File has been corrupted."; $key = openssl_pkey_get_private($str2); if ($key === false) { var_dump(openssl_error_string()); }else{ var_dump($key); }讨论(0)
加载中...
- 热议问题