PHP Unconference Europe 2015

openssl_pkey_new

(PHP 4 >= 4.2.0, PHP 5)

openssl_pkey_newGenera una clave privada nueva

Descripción

resource openssl_pkey_new ([ array $configargs ] )

openssl_pkey_new() genera un nuevo par calve privada y clave pública. El componente público de la clave se puede obtener usando openssl_pkey_get_public().

Nota: Necesita tener instalado un openssl.cnf válido para que esta función opere correctamente. Vea las notas sobre la sección de instalación para más información.

Parámetros

configargs

Se puede ajustar la generación de la clave (tal como especificando el número de bits) usando configargs. Véase openssl_csr_new() para más información acerca de configargs.

Valores devueltos

Devuelve un identificador de recurso para la clave privada si se tuvo éxito, o FALSE si se produjo un error.

add a note add a note

User Contributed Notes 5 notes

up
5
dirt at awoms dot com
1 year ago
Working example:

$config = array(
    "digest_alg" => "sha512",
    "private_key_bits" => 4096,
    "private_key_type" => OPENSSL_KEYTYPE_RSA,
);
   
// Create the private and public key
$res = openssl_pkey_new($config);

// Extract the private key from $res to $privKey
openssl_pkey_export($res, $privKey);

// Extract the public key from $res to $pubKey
$pubKey = openssl_pkey_get_details($res);
$pubKey = $pubKey["key"];

$data = 'plaintext data goes here';

// Encrypt the data to $encrypted using the public key
openssl_public_encrypt($data, $encrypted, $pubKey);

// Decrypt the data using the private key and store the results in $decrypted
openssl_private_decrypt($encrypted, $decrypted, $privKey);

echo $decrypted;
up
1
NOSPAM dot alchaemist at hiperlinux dot com dot ar
10 years ago
As you probably found, getting the public key is not as direct as you might think with this documentation.

You can easily get into messages like:

Warning: openssl_pkey_get_public(): Don't know how to get public key from this private key (the documentation lied) in D:\www\keys.php on line 4

The correct steps to get the whole thing seem to be these:

<?
$dn
= array("countryName" => 'XX', "stateOrProvinceName" => 'State', "localityName" => 'SomewhereCity', "organizationName" => 'MySelf', "organizationalUnitName" => 'Whatever', "commonName" => 'mySelf', "emailAddress" => 'user@domain.com');
$privkeypass = '1234';
$numberofdays = 365;

$privkey = openssl_pkey_new();
$csr = openssl_csr_new($dn, $privkey);
$sscert = openssl_csr_sign($csr, null, $privkey, $numberofdays);
openssl_x509_export($sscert, $publickey);
openssl_pkey_export($privkey, $privatekey, $privkeypass);
openssl_csr_export($csr, $csrStr);

echo
$privatekey; // Will hold the exported PriKey
echo $publickey// Will hold the exported PubKey
echo $csrStr;     // Will hold the exported Certificate
?>

Now all you need to do is to make some research on each individual function.
up
0
jthijssen at notloxic dot nl
3 years ago
If you want to change the default private key size (1024) too something else you can use the following code:

<?php
$config
= array('private_key_bits' => 512);
$privKey = openssl_pkey_new($config);

?>

Mind though that the minimum number of bits is 384. Any lower will trigger an error.
up
0
Brad
6 years ago
It's easier than all that, if you just want the keys:

<?php
// Create the keypair
$res=openssl_pkey_new();

// Get private key
openssl_pkey_export($res, $privkey);

// Get public key
$pubkey=openssl_pkey_get_details($res);
$pubkey=$pubkey["key"];
?>
up
-2
zelnaga at gmail dot com
2 years ago
Getting the public key corresponding to a particular private key, through the methods provided for by OpenSSL, is a bit cumbersome. An easier way to do it is to use phpseclib, a pure PHP RSA implementation:

<?php
include('Crypt/RSA.php');

$rsa = new Crypt_RSA();
$rsa->loadKey('...');

$privatekey = $rsa->getPrivateKey();
$publickey = $rsa->getPublicKey();
?>

Doesn't require any extensions be installed.  It'll use bcmath or gmp if they're available, for speed, but doesn't even require those.
To Top