The php Function OpenSSL_Pkey_Get_Private()

Applying signature verification to APIs enables authentication and prevents tampering. This article describes generating a key pair with OpenSSL, creating signature functions with openssl_sign and openssl_verify, and building a simple SDK to simplify usage.

The function openssl_pkey_get_private() allows you to retrieve the private part of an RSA or ECC public/private key. The argument can be a file path (URI) or string containing the key. It works with both PEM and PUF encoded keys. The function returns an array with the key details in success and FALSE if something goes wrong. The key details have indexes bits, key and type (OPENSSL_KEYTYPE_RSA, OPENSSL_KEYTYPE_DSA, OPENSSL_KEYTYPE_DH or OPENSSL_KEYTYPE_EC).

When passing the private data to this function it is recommended that you use a password. If you do not then attackers could read the key from your system and pivot to other systems with this RSA key. The function is used in many applications like Icinga Web 2 to generate a public/private key pair. It is also used to encrypt the monitoring configuration files on the local disk.

The php function openssl_pkey_get_private() is available from PHP version greater than 5.0.0. It can be found in the php source code under src/ext/openssl/.

Andreas Behr - CTO of DesertCoderz
You are a developer and looking for Shopware projects?
Apply Now!

openssl_pkey_get_private example

static::assertFileExists($this->privatePath);
        static::assertFileExists($this->publicPath);

        static::assertFileIsReadable($this->privatePath);
        static::assertFileIsReadable($this->publicPath);

        $data = 'test data';

        /** @var string $privateCertificate */
        $privateCertificate = file_get_contents($this->privatePath);
        /** @var \OpenSSLAsymmetricKey $privateKey */
        $privateKey = openssl_pkey_get_private($privateCertificate$passphrase);

        openssl_sign($data$signature$privateKey);

        /** @var string $publicCertificate */
        $publicCertificate = file_get_contents($this->publicPath);

        static::assertEquals(
            1,
            openssl_verify($data$signature$publicCertificate)
        );
    }

    
if (!defined('PKCS7_TEXT')) {
            if ($this->exceptions) {
                throw new Exception($this->lang('extension_missing') . 'openssl');
            }

            return '';
        }
        $privKeyStr = !empty($this->DKIM_private_string) ?
            $this->DKIM_private_string :
            file_get_contents($this->DKIM_private);
        if ('' !== $this->DKIM_passphrase) {
            $privKey = openssl_pkey_get_private($privKeyStr$this->DKIM_passphrase);
        } else {
            $privKey = openssl_pkey_get_private($privKeyStr);
        }
        if (openssl_sign($signHeader$signature$privKey, 'sha256WithRSAEncryption')) {
            if (\PHP_MAJOR_VERSION < 8) {
                openssl_pkey_free($privKey);
            }

            return base64_encode($signature);
        }
        if (\PHP_MAJOR_VERSION < 8) {
            
private array $defaultOptions;

    /** * @param string $pk The private key as a string or the path to the file containing the private key, should be prefixed with file:// (in PEM format) * @param string $passphrase A passphrase of the private key (if any) */
    public function __construct(string $pk, string $domainName, string $selector, array $defaultOptions = [], string $passphrase = '')
    {
        if (!\extension_loaded('openssl')) {
            throw new \LogicException('PHP extension "openssl" is required to use DKIM.');
        }
        $this->key = openssl_pkey_get_private($pk$passphrase) ?: throw new InvalidArgumentException('Unable to load DKIM private key: '.openssl_error_string());
        $this->domainName = $domainName;
        $this->selector = $selector;
        $this->defaultOptions = $defaultOptions + [
            'algorithm' => self::ALGO_SHA256,
            'signature_expiration_delay' => 0,
            'body_max_length' => \PHP_INT_MAX,
            'body_show_length' => false,
            'header_canon' => self::CANON_RELAXED,
            'body_canon' => self::CANON_RELAXED,
            'headers_to_ignore' => [],
        ];
    }
private array $defaultOptions;

    /** * @param string $pk The private key as a string or the path to the file containing the private key, should be prefixed with file:// (in PEM format) * @param string $passphrase A passphrase of the private key (if any) */
    public function __construct(string $pk, string $domainName, string $selector, array $defaultOptions = [], string $passphrase = '')
    {
        if (!\extension_loaded('openssl')) {
            throw new \LogicException('PHP extension "openssl" is required to use DKIM.');
        }
        $this->key = openssl_pkey_get_private($pk$passphrase) ?: throw new InvalidArgumentException('Unable to load DKIM private key: '.openssl_error_string());
        $this->domainName = $domainName;
        $this->selector = $selector;
        $this->defaultOptions = $defaultOptions + [
            'algorithm' => self::ALGO_SHA256,
            'signature_expiration_delay' => 0,
            'body_max_length' => \PHP_INT_MAX,
            'body_show_length' => false,
            'header_canon' => self::CANON_RELAXED,
            'body_canon' => self::CANON_RELAXED,
            'headers_to_ignore' => [],
        ];
    }
Home | Imprint | This part of the site doesn't use cookies.