问题
Here's how I'd do it with phpseclib (which works):
<?php
include('Crypt/RSA.php');
$rsa = new Crypt_RSA();
$rsa->setPassword('password');
$result = $rsa->loadKey('-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,E3B1C06E0D0C2633
gvmXzl6W7eV1a3N5rQNwBWKY9on3IgxZudS33cip5f88FotsPSDJMvqj6LVw2RxobDjhlOOzqmTb
VrlTnoQ6CogXFZSfiPmixiyyptCUEKJkSiEhYGM5GQm0OoGcLeLbgBb9tRpWh5IlXulKD6XFhx8q
/eGg5a+mSkX1i7kv2+Ih3jHmEKwrnfzhcA29pBF3OQJo+Ks9IYneuk676pHtsIs7CpFKq1tDvD8Q
O7URxnVnHLltaFvIxshqyZu92xbUYZR7YzjXl5+3w4TVgeAHUogEV+H9iZTosD/copUsbQO+78w2
E1D3iDS94wRgx0Tjv4xlwrTpOV38FS5rdL32492DcCRlCYM4VtuwjYeWi5shJg69jCb0EwGRqfAo
xko+lbKWELTuFKwD7n1rc/2fTarbGuf8S2AEggBLZyfXHC/9N84mXLFO2XKq+0WdiEFhQj2Cze+a
9qcSK6tPSrjK1LPlnOOppFgDElZaZ0rxsgjtiWSIAEw/Ad+SIM5u+vqwzF8J317JlsdKoBFDw8mS
MxCMuMksKJ23mgvY+THRIVgH3E7lEDZQzCi1Uy6ldLJcran/6wHwP88pVM2odiHkpnrJGcEBbbIk
qsxJZhFT8aUt/cUEBj3fnP7cxoNLQfTHMPqUTqKBWaVufFzGU9YB1R+XWFULLddwJHnV7gPheBlk
MDapowb+Is77+a9Y2VDsOXEvNpqTY0giiSrckG05IZnrhJ24JnSCwyNd99lm7XKdEGGrjBCMqIyI
Fqox8Ahkv3KWAJPYK1eOCc5d/KwZHlnlFJq7ZYy9u3fEnxQCjOEmeXLkLangKA==
-----END RSA PRIVATE KEY-----');
echo $result ? 'true' : 'false';
?>
For comparison purposes, however, I'm trying to do it with OpenSSL. Here's my code:
<?php
$pkey = openssl_pkey_get_private('-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,E3B1C06E0D0C2633
gvmXzl6W7eV1a3N5rQNwBWKY9on3IgxZudS33cip5f88FotsPSDJMvqj6LVw2RxobDjhlOOzqmTb
VrlTnoQ6CogXFZSfiPmixiyyptCUEKJkSiEhYGM5GQm0OoGcLeLbgBb9tRpWh5IlXulKD6XFhx8q
/eGg5a+mSkX1i7kv2+Ih3jHmEKwrnfzhcA29pBF3OQJo+Ks9IYneuk676pHtsIs7CpFKq1tDvD8Q
O7URxnVnHLltaFvIxshqyZu92xbUYZR7YzjXl5+3w4TVgeAHUogEV+H9iZTosD/copUsbQO+78w2
E1D3iDS94wRgx0Tjv4xlwrTpOV38FS5rdL32492DcCRlCYM4VtuwjYeWi5shJg69jCb0EwGRqfAo
xko+lbKWELTuFKwD7n1rc/2fTarbGuf8S2AEggBLZyfXHC/9N84mXLFO2XKq+0WdiEFhQj2Cze+a
9qcSK6tPSrjK1LPlnOOppFgDElZaZ0rxsgjtiWSIAEw/Ad+SIM5u+vqwzF8J317JlsdKoBFDw8mS
MxCMuMksKJ23mgvY+THRIVgH3E7lEDZQzCi1Uy6ldLJcran/6wHwP88pVM2odiHkpnrJGcEBbbIk
qsxJZhFT8aUt/cUEBj3fnP7cxoNLQfTHMPqUTqKBWaVufFzGU9YB1R+XWFULLddwJHnV7gPheBlk
MDapowb+Is77+a9Y2VDsOXEvNpqTY0giiSrckG05IZnrhJ24JnSCwyNd99lm7XKdEGGrjBCMqIyI
Fqox8Ahkv3KWAJPYK1eOCc5d/KwZHlnlFJq7ZYy9u3fEnxQCjOEmeXLkLangKA==
-----END RSA PRIVATE KEY-----', 'password');
if ($pkey === false) exit('FAILURE');
openssl_pkey_export($pkey, $out_key_file);
echo $out_key_file;
?>
Only problem: the code dies prematurely, echo'ing out FAILURE. ie. openssl_pkey_get_private() isn't loading the key. openssl_error_string says "error:0906D066:PEM routines:PEM_read_bio:bad end line".
Any ideas?
回答1:
I'm not sure what's going on here; I've tried your code and it gives the same issue, so I've generated a key myself:
openssl genrsa -des3 -out des3.rsa
Then copied the contents into this script:
$out_key_file = 'des3nopass.rsa';
$key = <<<EOS
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,5F2FDB4C8F710F92
pkaBIMCdnvrejw6egagg/lGrrGJWLsceDkC0KSdouRfR8LhQS/XjSJ/Wqrj7fa36
xXRd/USBebgy2hLAi9RMPofOjlcUyUVvZZgh0+JDQ79pH5q1FsRMcsJ+J8GO0edw
kh8zdZoCbbtJgQjTx0JheJMDdZymw4cfK5hoZbnxX6HZ1wNhtPb7Z/noNcxpK6Zl
CCzPgLd9hCGLBD2XqoRjOM1U2vpZwpCTdYgAtFIPMVXQQpzgIyw06CHcHvYZgnAc
oxiVx7Z7N9r0J1vDnlrW/OU1l07D0pBr1yPRTDMI5tBMo8KDsL2tkBxqtYyOJdZr
as/5zQDPRlbW7Jve1JuXmsnja+gN7jZ+3LpUzfRFo/wWnvOzhHQxLz+RaUpVDYTl
F4m9zjo9dgOhlZzigOhYTB+5aq5f92Yf6K0daCwTDpU=
-----END RSA PRIVATE KEY-----
EOS;
$pkey = openssl_pkey_get_private($key, 'password');
if ($pkey === false) {
die(openssl_error_string());
}
openssl_pkey_export($pkey, $out_key_file);
echo "Wrote to $out_key_file\n";
And that works fine for me.
Update
I've tried to perform this using openssl command line as well, using your key:
openssl rsa -in des3big.rsa -out des3bignopass.rsa
unable to load Private Key
14179:error:0906D066:PEM routines:PEM_read_bio:bad end line:pem_lib.c:746:
It seems that OpenSSL has an issue with it as well, so it's not PHP.
Update 2
Turns out that your lines are too long (they should be 64 characters wide):
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,E3B1C06E0D0C2633
gvmXzl6W7eV1a3N5rQNwBWKY9on3IgxZudS33cip5f88FotsPSDJMvqj6LVw2Rxo
bDjhlOOzqmTbVrlTnoQ6CogXFZSfiPmixiyyptCUEKJkSiEhYGM5GQm0OoGcLeLb
gBb9tRpWh5IlXulKD6XFhx8q/eGg5a+mSkX1i7kv2+Ih3jHmEKwrnfzhcA29pBF3
OQJo+Ks9IYneuk676pHtsIs7CpFKq1tDvD8QO7URxnVnHLltaFvIxshqyZu92xbU
YZR7YzjXl5+3w4TVgeAHUogEV+H9iZTosD/copUsbQO+78w2E1D3iDS94wRgx0Tj
v4xlwrTpOV38FS5rdL32492DcCRlCYM4VtuwjYeWi5shJg69jCb0EwGRqfAoxko+
lbKWELTuFKwD7n1rc/2fTarbGuf8S2AEggBLZyfXHC/9N84mXLFO2XKq+0WdiEFh
Qj2Cze+a9qcSK6tPSrjK1LPlnOOppFgDElZaZ0rxsgjtiWSIAEw/Ad+SIM5u+vqw
zF8J317JlsdKoBFDw8mSMxCMuMksKJ23mgvY+THRIVgH3E7lEDZQzCi1Uy6ldLJc
ran/6wHwP88pVM2odiHkpnrJGcEBbbIkqsxJZhFT8aUt/cUEBj3fnP7cxoNLQfTH
MPqUTqKBWaVufFzGU9YB1R+XWFULLddwJHnV7gPheBlkMDapowb+Is77+a9Y2VDs
OXEvNpqTY0giiSrckG05IZnrhJ24JnSCwyNd99lm7XKdEGGrjBCMqIyIFqox8Ahk
v3KWAJPYK1eOCc5d/KwZHlnlFJq7ZYy9u3fEnxQCjOEmeXLkLangKA==
-----END RSA PRIVATE KEY-----
回答2:
Might find further info by looking into the cause of the error:
if ($pkey === false) {
echo openssl_error_string();
exit('FAILURE');
}
Edit: Given the error "PEM_read_bio:bad end line" here is the portion of OpenSSL source which triggers:
[...]
if ((strncmp(buf,"-----END ",9) != 0) ||
(strncmp(nameB->data,&(buf[9]),i) != 0) ||
(strncmp(&(buf[9+i]),"-----\n",6) != 0)) {
PEMerr(PEM_F_PEM_READ_BIO,PEM_R_BAD_END_LINE);
goto err;
}
[...]
Looking at your code I suspect you'll need a newline char appended to the end of the private key string.
来源:https://stackoverflow.com/questions/13908284/removing-password-from-rsa-private-key