PHP 5.6.0beta1 released

openssl_pkey_new

(PHP 4 >= 4.2.0, PHP 5)

openssl_pkey_newErzeugt einen neuen privaten Schlüssel

Beschreibung

resource openssl_pkey_new ([ array $configargs ] )

openssl_pkey_new() erzeugt ein neues privates und öffentliches Schlüsselpaar. Den öffentlichen Teil des Schlüssels können Sie mit openssl_pkey_get_public() erhalten.

Hinweis: Die ordnungsgemäße Ausführung dieser Funktion setzt die Installation einer gültigen openssl.cnf-Datei voraus. Mehr Information hierzu finden sie im Installationsabschnitt.

Parameter-Liste

configargs

Die Schlüsselerzeugung können Sie mit configargs feiner abstimmen (z.B. die Angabe der verwendeten Bits). Weitere Informationen zu configargs entnehmen Sie bitte der Dokumentation zu openssl_csr_new().

Rückgabewerte

Gibt eine Resource für den privaten Schlüssel im Erfolgsfall zurück, andernfalls FALSE

add a note add a note

User Contributed Notes 5 notes

up
3
dirt at awoms dot com
1 year ago
Working example:

$config = array(
    "digest_alg" => "sha512",
    "private_key_bits" => 4096,
    "private_key_type" => OPENSSL_KEYTYPE_RSA,
);
   
// Create the private and public key
$res = openssl_pkey_new($config);

// Extract the private key from $res to $privKey
openssl_pkey_export($res, $privKey);

// Extract the public key from $res to $pubKey
$pubKey = openssl_pkey_get_details($res);
$pubKey = $pubKey["key"];

$data = 'plaintext data goes here';

// Encrypt the data to $encrypted using the public key
openssl_public_encrypt($data, $encrypted, $pubKey);

// Decrypt the data using the private key and store the results in $decrypted
openssl_private_decrypt($encrypted, $decrypted, $privKey);

echo $decrypted;
up
0
zelnaga at gmail dot com
1 year ago
Getting the public key corresponding to a particular private key, through the methods provided for by OpenSSL, is a bit cumbersome. An easier way to do it is to use phpseclib, a pure PHP RSA implementation:

<?php
include('Crypt/RSA.php');

$rsa = new Crypt_RSA();
$rsa->loadKey('...');

$privatekey = $rsa->getPrivateKey();
$publickey = $rsa->getPublicKey();
?>

Doesn't require any extensions be installed.  It'll use bcmath or gmp if they're available, for speed, but doesn't even require those.
up
0
jthijssen at notloxic dot nl
3 years ago
If you want to change the default private key size (1024) too something else you can use the following code:
 
<?php
$config
= array('private_key_bits' => 512);
$privKey = openssl_pkey_new($config);

?>

Mind though that the minimum number of bits is 384. Any lower will trigger an error.
up
0
Brad
6 years ago
It's easier than all that, if you just want the keys:

<?php
// Create the keypair
$res=openssl_pkey_new();

// Get private key
openssl_pkey_export($res, $privkey);

// Get public key
$pubkey=openssl_pkey_get_details($res);
$pubkey=$pubkey["key"];
?>
up
0
NOSPAM dot alchaemist at hiperlinux dot com dot ar
9 years ago
As you probably found, getting the public key is not as direct as you might think with this documentation.

You can easily get into messages like:

Warning: openssl_pkey_get_public(): Don't know how to get public key from this private key (the documentation lied) in D:\www\keys.php on line 4

The correct steps to get the whole thing seem to be these:

<?
$dn
= array("countryName" => 'XX', "stateOrProvinceName" => 'State', "localityName" => 'SomewhereCity', "organizationName" => 'MySelf', "organizationalUnitName" => 'Whatever', "commonName" => 'mySelf', "emailAddress" => 'user@domain.com');
$privkeypass = '1234';
$numberofdays = 365;

$privkey = openssl_pkey_new();
$csr = openssl_csr_new($dn, $privkey);
$sscert = openssl_csr_sign($csr, null, $privkey, $numberofdays);
openssl_x509_export($sscert, $publickey);
openssl_pkey_export($privkey, $privatekey, $privkeypass);
openssl_csr_export($csr, $csrStr);

echo
$privatekey; // Will hold the exported PriKey
echo $publickey// Will hold the exported PubKey
echo $csrStr;     // Will hold the exported Certificate
?>

Now all you need to do is to make some research on each individual function.
To Top