openssl_pkey_get_public - PHP code example

The php Function Openssl_Pkey_Get_Public

This article discusses the php function openssl_pkey_get_public. It covers the definition of the function, parameters, and example code. It also gives some tips on how to use the function.

openssl_pkey_get_public is an inbuilt function in PHP which helps developers to view and manage their private keys and public keys. It exports a key in PEM format. It takes four parameters. These include key, outputfilename, and passphrase. It also returns a resource identifier on successful execution of the function.

In order to use this function, you need to have the certificate file in any of the support formats. You need to have the private key as well as the public key. It is necessary to provide a value for the signature algorithm as well.

The function can be used for various purposes such as verifying a signature. It accepts a raw binary string and checks it against the signature that is provided with the public key that is associated with it. This function also has the option of enabling padding. The function supports OPENSSL_PKCS1_PADDING, OPENSSL_SSLV23_PADDING, and OPENSSL_PKCS1_OAEP_PADDING as padding options. It can be useful for applications that rely on user input.

openssl_pkey_get_public example

return $a;
    }

    /** * @return array */
    public static function castOpensslX509($h, array $a, Stub $stub, bool $isNested)
    {
        $stub->cut = -1;
        $info = openssl_x509_parse($h, false);

        $pin = openssl_pkey_get_public($h);
        $pin = openssl_pkey_get_details($pin)['key'];
        $pin = \array_slice(explode("\n", $pin), 1, -2);
        $pin = base64_decode(implode('', $pin));
        $pin = base64_encode(hash('sha256', $pin, true));

        $a += [
            'subject' => new EnumStub(array_intersect_key($info['subject'], ['organizationName' => true, 'commonName' => true])),
            'issuer' => new EnumStub(array_intersect_key($info['issuer'], ['organizationName' => true, 'commonName' => true])),
            'expiry' => new ConstStub(date(\DateTimeInterface::ISO8601, $info['validTo_time_t']), $info['validTo_time_t']),
            'fingerprint' => new EnumStub([
                'md5' => new ConstStub(wordwrap(strtoupper(openssl_x509_fingerprint($h, 'md5')), 2, ':', true)),

/** * @return resource */
    private function getKeyResource()
    {
        if ($this->keyResource) {
            return $this->keyResource;
        }

        $publicKey = trim((string) file_get_contents($this->publicKeyPath));

        $keyResource = openssl_pkey_get_public($publicKey);
        if ($keyResource === false) {
            while ($errors[] = openssl_error_string()) {
            }
            throw new RuntimeException(sprintf("Error during public key read: \n%s", implode("\n", $errors)));
        }

        $this->keyResource = $keyResource;

        return $this->keyResource;
    }
}

private function validateSignature(
        string $signature,
        string $timestamp,
        string $payload,
        string $secret,
    ): void {
        $timestampedPayload = $timestamp.$payload;

        // Sendgrid provides the verification key as base64-encoded DER data. Openssl wants a PEM format, which is a multiline version of the base64 data.         $pemKey = "-----BEGIN PUBLIC KEY-----\n".chunk_split($secret, 64, "\n")."-----END PUBLIC KEY-----\n";

        if (!$publicKey = openssl_pkey_get_public($pemKey)) {
            throw new RejectWebhookException(406, 'Public key is wrong.');
        }

        if (1 !== openssl_verify($timestampedPayload, base64_decode($signature), $publicKey, \OPENSSL_ALGO_SHA256)) {
            throw new RejectWebhookException(406, 'Signature is wrong.');
        }
    }
}

    private function getKey(): \OpenSSLAsymmetricKey
    {
        $errors = [];
        if ($this->keyResource !== null) {
            return $this->keyResource;
        }

        $publicKey = trim((string) file_get_contents($this->publicKeyPath));

        $key = openssl_pkey_get_public($publicKey);
        if ($key === false) {
            while ($errors[] = openssl_error_string()) {
            }

            throw new StoreSignatureValidationException(sprintf("Error during public key read: \n%s", implode("\n", $errors)));
        }

        $this->keyResource = $key;

        return $this->keyResource;
    }
}

$this->info['primary_ip'] = $host;
        $this->info['primary_port'] = $stream->getRemoteAddress()->getPort();
        $this->info['pretransfer_time'] = microtime(true) - $this->info['start_time'];
        $this->info['debug'] .= sprintf("* Connected to %s (%s) port %d\n", $request->getUri()->getHost(), $host, $this->info['primary_port']);

        if ((isset($this->info['peer_certificate_chain']) || $this->pinSha256) && null !== $tlsInfo = $stream->getTlsInfo()) {
            foreach ($tlsInfo->getPeerCertificates() as $cert) {
                $this->info['peer_certificate_chain'][] = openssl_x509_read($cert->toPem());
            }

            if ($this->pinSha256) {
                $pin = openssl_pkey_get_public($this->info['peer_certificate_chain'][0]);
                $pin = openssl_pkey_get_details($pin)['key'];
                $pin = \array_slice(explode("\n", $pin), 1, -2);
                $pin = base64_decode(implode('', $pin));
                $pin = base64_encode(hash('sha256', $pin, true));

                if (!\in_array($pin, $this->pinSha256, true)) {
                    throw new TransportException(sprintf('SSL public key does not match pinned public key for "%s".', $this->info['url']));
                }
            }
        }
        ($this->onProgress)();