PHP Function OpenSSL_Pkey_New and OpenSSL_Sign()

php function openssl_pkey_new is an inbuilt php cryptography extension that allows you to generate a new private/public key pair using the OpenSSL library. This function takes a single parameter called $options, which can be used to set various options for the key generation process such as encrypt_type, private_key_length and the digest algorithm. It then returns a resource identifier that represents both the private and public key components of this new key pair.

This is a pretty useful function to use for generating Ethereum addresses in PHP. However, there is a drawback to this method which is that the output of this function is base64 encoded and needs to be parsed as ASN.1 to get the actual key bytes, which is a little bit annoying when trying to use this in Java libraries such as JCE (Java Cryptographic Extension).

In PHP 8.0 and later, this function will no longer return OpenSSL X.509 Certificate Signing Request (CSR) resources like it did in earlier versions of PHP. The is_resource function can still be used to check if the returned value is valid, but it will need to check against the class names of the returned object rather than the raw resource itself.

The openssl_sign() function is similar to this function, but instead of the private portion of the key it uses the public portion of the key to generate a signature on the specified data. This function takes four parameters, which are the encrypted data, signature, priv_key_id and padding (OPENSSL_PKCS1_PADDING, OPENSSL_SSLV23_PADDING, OPENSSL_PKCS1_OAEP_PADDING, or OPENSSL_NO_PADDING). It will return TRUE on success or FALSE on failure.