OpenSSL key-pair generation

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
User avatar
Chris Corbyn
Breakbeat Nuttzer
Posts: 13098
Joined: Wed Mar 24, 2004 7:57 am
Location: Melbourne, Australia

OpenSSL key-pair generation

Post by Chris Corbyn »

Re openssl_pkcs7_sign().

I'm completely useless with anything to do with encryption. I get really confused when I start reading about it and everything seems to assume you know the very very basics such as how to generate keys and what the keys actually contain. References keep shpowing how to *use* your .pem files but not how to create them. I'm not sure how I generate a "private" key and a "public" key. All I've been able to find is information on how to generate a RSA key which I'm 80% sure is what I need after a quick skip over the RFCs.

I'm running the following commands:

Code: Select all

openssl genrsa -des3 -out mykey.pem 1024
....
Passpharse: <Here I type 'swiftmailer' for testing>
Confirm: ....
I do indeed get the file mykey.pem in the current working directory by when I run this PHP code I get an error:

Code: Select all

openssl_pkcs7_sign("signing/unsigned.txt", "signing/signed.txt", "mykey.pem", array("file://mykey.pem", "swiftmailer"), array());
Warning: openssl_pkcs7_sign() [function.openssl-pkcs7-sign]: error getting cert in /Users/d11wtq/public_html/swiftmailer/trunk/php5/signtest.php on line 29
I tried doing it without the passphrase requirement and I get an error about being unable to get private key. I'm totally lost. Can anyone point me in the right direction for resources explaining how RSA keys work, or why my code is not working? :(
User avatar
stereofrog
Forum Contributor
Posts: 386
Joined: Mon Dec 04, 2006 6:10 am

Post by stereofrog »

Hi

the third param is expected to be certificate i.e. the file you create with 'openssl req'

openssl_pkcs7_sign("signing/unsigned.txt", "signing/signed.txt", "file://whatever.cert" etc

note the "file://" part, it's mandatory
User avatar
Chris Corbyn
Breakbeat Nuttzer
Posts: 13098
Joined: Wed Mar 24, 2004 7:57 am
Location: Melbourne, Australia

Post by Chris Corbyn »

Aha, got it thanks :)
Post Reply