php[tek] 2018 : Call for Speakers

openssl_open

(PHP 4 >= 4.0.4, PHP 5, PHP 7)

openssl_openOpen sealed data

Descrição

bool openssl_open ( string $sealed_data , string &$open_data , string $env_key , mixed $priv_key_id [, string $method = "RC4" [, string &$iv ]] )

openssl_open() opens (decrypts) sealed_data using the private key associated with the key identifier priv_key_id and the envelope key env_key, and fills open_data with the decrypted data. The envelope key is generated when the data are sealed and can only be used by one specific private key. See openssl_seal() for more information.

Parâmetros

sealed_data

open_data

If the call is successful the opened data is returned in this parameter.

env_key

priv_key_id

method

The cipher method.

iv

The initialization vector.

Valor Retornado

Retorna TRUE em caso de sucesso ou FALSE em caso de falha.

Changelog

Versão Descrição
7.0.0 The iv has been added.
5.3.0 The method has been added.

Exemplos

Exemplo #1 openssl_open() example

<?php
// $sealed and $env_key are assumed to contain the sealed data
// and our envelope key, both given to us by the sealer.

// fetch private key from file and ready it
$fp fopen("/src/openssl-0.9.6/demos/sign/key.pem""r");
$priv_key fread($fp8192);
fclose($fp);
$pkeyid openssl_get_privatekey($priv_key);

// decrypt the data and store it in $open
if (openssl_open($sealed$open$env_key$pkeyid)) {
    echo 
"here is the opened data: "$open;
} else {
    echo 
"failed to open data";
}

// free the private key from memory
openssl_free_key($pkeyid);
?>

Veja Também

add a note add a note

User Contributed Notes 2 notes

up
3
sdc
6 years ago
PHP compiled without OpenSSL support? Here's how you can call the openssl command-line utility to achieve the same goal:

<?php
// $sealed and $env_key are assumed to contain the sealed data
// and our envelope key, both given to us by the sealer.

// specify private key file and passphrase
$pkey_file='key.pem';
$pkey_pp='netsvc';

// call openssl to decrypt envelope key
$ph=proc_open('openssl rsautl -decrypt -inkey '.
escapeshellarg($pkey_file).' -passin fd:3',array(
 
0 => array('pipe','r'), // stdin < envelope key
 
1 => array('pipe','w'), // stdout > decoded envelope key
 
2 => STDERR,
 
3 => array('pipe','r'), // < passphrase
),$pipes);
// write envelope key
fwrite($pipes[0],$env_key);
fclose($pipes[0]);
// write private key passphrase
fwrite($pipes[3],$pkey_pp);
fclose($pipes[3]);
// read decoded key, convert to hexadecimal
$env_key='';
while(!
feof($pipes[1])){
 
$env_key.=sprintf("%02x",ord(fgetc($pipes[1])));
}
fclose($pipes[1]);
if(
$xc=proc_close($ph)){
  echo
"Exit code: $xc\n";
}

// call openssl to decryp
$ph=proc_open('openssl rc4 -d -iv 0 -K '.$env_key,array(
 
0 => array('pipe','r'), // stdin < sealed data
 
1 => array('pipe','w'), // stdout > opened data
 
2 => STDERR,
),
$pipes);
// write sealed data
fwrite($pipes[0],$sealed);
fclose($pipes[0]);
// read opened data
//$open=stream_get_contents($pipes[1]);
$open='';
while(!
feof($pipes[1])){
 
$open.=fgets($pipes[1]);
}
fclose($pipes[1]);
if(
$xc=proc_close($ph)){
  echo
"Exit code: $xc\n";
}

// display the decrypted data
echo $open;

?>
up
-2
Gareth Owen
8 years ago
Example code, assume mycert.pem is a certificate containing both private and public key.

$cert = file_get_contents("mycert.pem");

$public = openssl_get_publickey($cert);
$private = openssl_get_privatekey($cert);

$data = "I'm a lumberjack and I'm okay.";

echo "Data before: {$data}\n";
openssl_seal($data, $cipher, $e, array($public));

echo "Ciphertext: {$cipher}\n";

openssl_open($cipher, $open, $e[0], $private);
echo "Decrypted: {$open}\n";
To Top