openssl_sign - PHP code example

The php Function Openssl_Sign

The php function openssl_sign allows you to sign data with a private key using the public key from a certificate. The signed data can then be verified with the openssl_verify() function to ensure that the signature is valid for the given data.

A function is a block of code that can be called repeatedly within a program to perform a specific task. Functions execute the same each time they are called and cannot be changed after the call is made. A function can accept several arguments, which are usually passed by value. The argument values are placed after the function name in the parentheses, separated by commas. The information contained in the arguments is passed to the function by value and can only be modified inside the function.

pkey_new() creates a new private/public key pair based on the configuration parameters. The return is a resource identifier for the newly created key.

crypt() returns a hashed string using the DES, Blowfish, or MD5 algorithms. The salt parameter is optional, but it helps prevent the same string from being rehashed over and over again, which can compromise security. The crypt() function will throw an error if you use a salt that is not strong enough.

openssl_sign example

static::assertFileIsReadable($this->privatePath);
        static::assertFileIsReadable($this->publicPath);

        $data = 'test data';

        /** @var string $privateCertificate */
        $privateCertificate = file_get_contents($this->privatePath);
        /** @var \OpenSSLAsymmetricKey $privateKey */
        $privateKey = openssl_pkey_get_private($privateCertificate, $passphrase);

        openssl_sign($data, $signature, $privateKey);

        /** @var string $publicCertificate */
        $publicCertificate = file_get_contents($this->publicPath);

        static::assertEquals(
            1,
            openssl_verify($data, $signature, $publicCertificate)
        );
    }

    public function testGenerateWithoutPassphrase(): void
    {

if ($options['signature_expiration_delay']) {
            $params['x'] = $params['t'] + $options['signature_expiration_delay'];
        }
        $value = '';
        foreach ($params as $k => $v) {
            $value .= $k.'='.$v.'; ';
        }
        $value = trim($value);
        $header = new UnstructuredHeader('DKIM-Signature', $value);
        $headerCanonData .= rtrim($this->canonicalizeHeader($header->toString()."\r\n b=", $options['header_canon']));
        if (self::ALGO_SHA256 === $options['algorithm']) {
            if (!openssl_sign($headerCanonData, $signature, $this->key, \OPENSSL_ALGO_SHA256)) {
                throw new RuntimeException('Unable to sign DKIM hash: '.openssl_error_string());
            }
        } else {
            throw new \RuntimeException(sprintf('The "%s" DKIM signing algorithm is not supported yet.', self::ALGO_ED25519));
        }
        $header->setValue($value.' b='.trim(chunk_split(base64_encode($signature), 73, ' ')));
        $headers->add($header);

        return new Message($headers, $message->getBody());
    }

return '';
        }
        $privKeyStr = !empty($this->DKIM_private_string) ?
            $this->DKIM_private_string :
            file_get_contents($this->DKIM_private);
        if ('' !== $this->DKIM_passphrase) {
            $privKey = openssl_pkey_get_private($privKeyStr, $this->DKIM_passphrase);
        } else {
            $privKey = openssl_pkey_get_private($privKeyStr);
        }
        if (openssl_sign($signHeader, $signature, $privKey, 'sha256WithRSAEncryption')) {
            if (\PHP_MAJOR_VERSION < 8) {
                openssl_pkey_free($privKey);
            }

            return base64_encode($signature);
        }
        if (\PHP_MAJOR_VERSION < 8) {
            openssl_pkey_free($privKey);
        }

        return '';
    }