Page 1 of 1

OpenSSL key-pair generation

Posted: Sat May 26, 2007 5:48 am
by Chris Corbyn
Re openssl_pkcs7_sign().

I'm completely useless with anything to do with encryption. I get really confused when I start reading about it and everything seems to assume you know the very very basics such as how to generate keys and what the keys actually contain. References keep shpowing how to *use* your .pem files but not how to create them. I'm not sure how I generate a "private" key and a "public" key. All I've been able to find is information on how to generate a RSA key which I'm 80% sure is what I need after a quick skip over the RFCs.

I'm running the following commands:

Code: Select all

openssl genrsa -des3 -out mykey.pem 1024
....
Passpharse: <Here I type 'swiftmailer' for testing>
Confirm: ....
I do indeed get the file mykey.pem in the current working directory by when I run this PHP code I get an error:

Code: Select all

openssl_pkcs7_sign("signing/unsigned.txt", "signing/signed.txt", "mykey.pem", array("file://mykey.pem", "swiftmailer"), array());
Warning: openssl_pkcs7_sign() [function.openssl-pkcs7-sign]: error getting cert in /Users/d11wtq/public_html/swiftmailer/trunk/php5/signtest.php on line 29
I tried doing it without the passphrase requirement and I get an error about being unable to get private key. I'm totally lost. Can anyone point me in the right direction for resources explaining how RSA keys work, or why my code is not working? :(

Posted: Sat May 26, 2007 7:17 am
by stereofrog
Hi

the third param is expected to be certificate i.e. the file you create with 'openssl req'

openssl_pkcs7_sign("signing/unsigned.txt", "signing/signed.txt", "file://whatever.cert" etc

note the "file://" part, it's mandatory

Posted: Sat May 26, 2007 8:58 am
by Chris Corbyn
Aha, got it thanks :)