/**
  * Export this key into its string representation
  *
  * @param   string passphrase default NULL
  * @return  string
  * @throws  security.crypto.CryptoException if the operation fails
  */
 public function export($passphrase = null)
 {
     if (false === openssl_pkey_export($this->_hdl, $out, $passphrase)) {
         throw new CryptoException('Could not export private key', OpenSslUtil::getErrors());
     }
     return $out;
 }
Example #2
0
 /**
  * @return string
  */
 public function __toString()
 {
     $this->generate();
     $output = '';
     openssl_pkey_export($this->key, $output);
     return $output;
 }
Example #3
0
 /**
  * Creates a new public/private key pair using PHP OpenSSL extension.
  *
  * @return \TYPO3\CMS\Rsaauth\Keypair A new key pair or NULL in case of error
  * @see tx_rsaauth_abstract_backend::createNewKeyPair()
  */
 public function createNewKeyPair()
 {
     $result = NULL;
     $privateKey = @openssl_pkey_new();
     if ($privateKey) {
         // Create private key as string
         $privateKeyStr = '';
         openssl_pkey_export($privateKey, $privateKeyStr);
         // Prepare public key information
         $exportedData = '';
         $csr = openssl_csr_new(array(), $privateKey);
         openssl_csr_export($csr, $exportedData, FALSE);
         // Get public key (in fact modulus) and exponent
         $publicKey = $this->extractPublicKeyModulus($exportedData);
         $exponent = $this->extractExponent($exportedData);
         // Create result object
         $result = \TYPO3\CMS\Core\Utility\GeneralUtility::makeInstance('TYPO3\\CMS\\Rsaauth\\Keypair');
         /** @var $result \TYPO3\CMS\Rsaauth\Keypair */
         $result->setExponent($exponent);
         $result->setPrivateKey($privateKeyStr);
         $result->setPublicKey($publicKey);
         // Clean up all resources
         openssl_free_key($privateKey);
     }
     return $result;
 }
function gal_service_account_upgrade(&$option, $gal_option_name, &$existing_sa_options, $gal_sa_option_name)
{
    /* Convert ga_serviceemail ga_keyfilepath
     * into new separate sa options:
     * ga_sakey, ga_serviceemail, ga_pkey_print
     */
    if (count($existing_sa_options)) {
        return;
    }
    $existing_sa_options = array('ga_serviceemail' => isset($option['ga_serviceemail']) ? $option['ga_serviceemail'] : '', 'ga_sakey' => '', 'ga_pkey_print' => '<unspecified>');
    try {
        if (version_compare(PHP_VERSION, '5.3.0') >= 0 && function_exists('openssl_x509_read')) {
            if (isset($option['ga_keyfilepath']) && $option['ga_keyfilepath'] != '' && file_exists($option['ga_keyfilepath'])) {
                $p12key = @file_get_contents($option['ga_keyfilepath']);
                $certs = array();
                if (openssl_pkcs12_read($p12key, $certs, 'notasecret')) {
                    if (array_key_exists("pkey", $certs) && $certs["pkey"]) {
                        $privateKey = openssl_pkey_get_private($certs['pkey']);
                        $pemString = '';
                        if (openssl_pkey_export($privateKey, $pemString)) {
                            $existing_sa_options['ga_sakey'] = $pemString;
                        }
                        openssl_pkey_free($privateKey);
                        @unlink($options['ga_keyfilepath']);
                    }
                }
            }
        }
    } catch (Exception $e) {
        // Never mind
    }
    // Remove redundant parts of regular options
    unset($option['ga_serviceemail']);
    unset($option['ga_keyfilepath']);
}
Example #5
0
 /**
  * Generates a new key pair with the given length in bits.
  *
  * @api
  * @param int $bits length of the key
  * @return KeyPair generated key pair
  */
 public function generate($bits = 2048)
 {
     if (!is_int($bits)) {
         throw new \InvalidArgumentException(sprintf("\$bits must be of type int, %s given", gettype($bits)));
     }
     if ($bits < 2048) {
         throw new \InvalidArgumentException("Keys with fewer than 2048 bits are not allowed!");
     }
     $configFile = $defaultConfigFile = __DIR__ . "/../res/openssl.cnf";
     if (class_exists("Phar") && !empty(Phar::running(true))) {
         $configContent = file_get_contents($configFile);
         $configFile = tempnam(sys_get_temp_dir(), "acme_openssl_");
         file_put_contents($configFile, $configContent);
         register_shutdown_function(function () use($configFile) {
             @unlink($configFile);
         });
     }
     $res = openssl_pkey_new(["private_key_type" => OPENSSL_KEYTYPE_RSA, "private_key_bits" => $bits, "config" => $configFile]);
     $success = openssl_pkey_export($res, $privateKey, null, ["config" => $configFile]);
     if ($configFile !== $defaultConfigFile) {
         @unlink($configFile);
     }
     if (!$success) {
         openssl_pkey_free($res);
         throw new \RuntimeException("Key export failed!");
     }
     $publicKey = openssl_pkey_get_details($res)["key"];
     openssl_pkey_free($res);
     // clear error buffer, because of minimalistic openssl.cnf
     while (openssl_error_string() !== false) {
     }
     return new KeyPair($privateKey, $publicKey);
 }
Example #6
0
 /**
  * Get the private key
  * @param string $password optionall password can be used to protect the key
  * @return string
  */
 public function getPrivateKey($password = '')
 {
     $key = '';
     // Extract private key
     openssl_pkey_export($this->openSSL, $key, $password);
     return $key;
 }
Example #7
0
 public function createToken($sKey)
 {
     if (!Phpfox::getParam('apps.enable_api_support')) {
         $this->error('api.enable_api_support', 'API support for this community is currently disabled.');
         return $this->_sendResponse();
     }
     if (empty($sKey)) {
         $this->error('api.unable_to_find_api_key', 'Unable to find API key.');
         return $this->_sendResponse();
     }
     $aApp = $this->database()->select('a.*, ai.user_id AS installed_user_id')->from(Phpfox::getT('app_key'), 'ak')->join($this->_sTable, 'a', 'a.app_id = ak.app_id')->join(Phpfox::getT('app_installed'), 'ai', 'ai.app_id = a.app_id AND ai.user_id = ak.user_id')->where('ak.key_check = \'' . $this->database()->escape($sKey) . '\'')->execute('getSlaveRow');
     if (!isset($aApp['app_id'])) {
         $this->error('api.unable_to_find_api_key', 'Unable to find API key.');
         return $this->_sendResponse();
     }
     $res = openssl_pkey_new($this->_aOpenSSLConfig);
     openssl_pkey_export($res, $privKey, $aApp['private_key'], $this->_aOpenSSLConfig);
     $pubKey = openssl_pkey_get_details($res);
     if ($sPlugin = Phpfox_Plugin::get('api.service_api_createtoken_1')) {
         eval($sPlugin);
     }
     $this->database()->delete(Phpfox::getT('app_access'), 'app_id = ' . $aApp['app_id'] . ' AND user_id = ' . $aApp['installed_user_id']);
     $this->database()->insert(Phpfox::getT('app_access'), array('app_id' => $aApp['app_id'], 'user_id' => $aApp['installed_user_id'], 'token' => md5($pubKey['key']), 'token_key' => $pubKey['key'], 'token_private' => $privKey, 'time_stamp' => PHPFOX_TIME));
     return json_encode(array('token' => base64_encode($pubKey['key'])));
 }
Example #8
0
function generateSslKeypair($commonName, $mail, $keyLength)
{
    $key = openssl_pkey_new(array("private_key_bits" => $keyLength));
    $certConf = parse_ini_file("cert.conf", true);
    $dn = $certConf["dn"];
    $dn["commonName"] = $commonName;
    $dn["emailAddress"] = $mail;
    $cert = openssl_csr_new($dn, $key);
    // Creating a new X509 Certificate Signing Request
    if ($e = error_get_last()) {
        // Issues found in parsing the arguments will get a warning. A CSR is created, nonetheless
        throw new Exception("Error occured:" . $e["message"]);
    }
    $signed = openssl_csr_sign($cert, null, $key, $certConf["csr"]["validity_in_days"], array("config" => "../core/cert.conf", "config_section_name" => "csr", "x509_extensions" => "clientx509_ext"));
    // Self-signed X509 certificate with SHA256 digest and extensions specified in local openssl.conf
    if (!$signed) {
        throw new Exception("Error occured while signing certificate");
    }
    openssl_pkey_export($key, $privateKey);
    // Export private-key to $privateKey
    openssl_x509_export($signed, $clientCert, FALSE);
    // Export signed-certificate to $clientCert
    openssl_x509_export($signed, $publicKey);
    // Export public-key from the signed-certificate to $publicKey
    return array($clientCert, $publicKey, $privateKey);
}
Example #9
0
 /**
  * @param SigningDetails $dn
  * @param null $privateKey
  * @param null $privkeypass
  * @param int $numberofdays
  * @return array
  * @throws \Exception
  */
 function generate(SigningDetails $dn, $privateKey = null, $privkeypass = null, $numberofdays = 365)
 {
     if ($privateKey === null) {
         $privkey = $this->generatePrivateKey();
     } elseif (is_string($privateKey)) {
         $privkey = openssl_pkey_get_private($privateKey);
     } else {
         throw new \Exception('Invalid format for private key');
     }
     if (!$privkey) {
         throw new \Exception('Invalid private key');
     }
     $csr = @openssl_csr_new($dn->toArray(), $privkey);
     if (!$csr) {
         throw new \Exception('Failed create signing request. Input likely invalid.');
     }
     $sscert = openssl_csr_sign($csr, null, $privkey, $numberofdays);
     if (!$sscert) {
         throw new \Exception('Failed create signing request. Input likely invalid.');
     }
     openssl_x509_export($sscert, $publickey);
     $privatekey = null;
     if (!openssl_pkey_export($privkey, $privatekey, $privkeypass)) {
         throw new \Exception('Private key generatio failed');
     }
     /*$csrStr = null;
     		if(!openssl_csr_export($csr, $csrStr)){
     			throw new \Exception('CSR generation failed');
     		}*/
     return [$publickey, $privatekey];
 }
Example #10
0
 public function build($filename, $stub)
 {
     if (file_exists($filename)) {
         unlink($filename);
     }
     $phar = new \Phar($filename, 0, $this->aliasName != '' ? $this->aliasName : basename($filename));
     $phar->startBuffering();
     $phar->setStub($stub);
     if ($this->key !== NULL) {
         $privateKey = '';
         openssl_pkey_export($this->key, $privateKey);
         $phar->setSignatureAlgorithm(\Phar::OPENSSL, $privateKey);
         $keyDetails = openssl_pkey_get_details($this->key);
         file_put_contents($filename . '.pubkey', $keyDetails['key']);
     } else {
         $phar->setSignatureAlgorithm($this->selectSignatureType($phar));
     }
     $basedir = $this->basedir ? $this->basedir : $this->directories[0];
     foreach ($this->directories as $directory) {
         $phar->buildFromIterator($this->scanner->__invoke($directory), $basedir);
     }
     if ($this->compression !== \Phar::NONE) {
         $phar->compressFiles($this->compression);
     }
     $phar->stopBuffering();
 }
Example #11
0
 /**
  * Creates a new key pair for the encryption or gets the existing key pair (if one already has been generated).
  *
  * There should only be one key pair per request because the second private key would overwrites the first private
  * key. So the submitting the form with the first public key would not work anymore.
  *
  * @return \TYPO3\CMS\Rsaauth\Keypair|NULL a key pair or NULL in case of error
  */
 public function createNewKeyPair()
 {
     /** @var $keyPair \TYPO3\CMS\Rsaauth\Keypair */
     $keyPair = \TYPO3\CMS\Core\Utility\GeneralUtility::makeInstance('TYPO3\\CMS\\Rsaauth\\Keypair');
     if ($keyPair->isReady()) {
         return $keyPair;
     }
     $privateKey = @openssl_pkey_new();
     if ($privateKey !== FALSE) {
         // Create private key as string
         $privateKeyStr = '';
         openssl_pkey_export($privateKey, $privateKeyStr);
         // Prepare public key information
         $exportedData = '';
         $csr = openssl_csr_new(array('localityName' => 'foo', 'organizationName' => 'bar'), $privateKey);
         openssl_csr_export($csr, $exportedData, FALSE);
         // Get public key (in fact modulus) and exponent
         $publicKey = $this->extractPublicKeyModulus($exportedData);
         $exponent = $this->extractExponent($exportedData);
         $keyPair->setExponent($exponent);
         $keyPair->setPrivateKey($privateKeyStr);
         $keyPair->setPublicKey($publicKey);
         // Clean up all resources
         openssl_free_key($privateKey);
     } else {
         $keyPair = NULL;
     }
     return $keyPair;
 }
Example #12
0
 /**
  * Generate public and private key
  * @param array $options
  */
 public function generateKeys(array $options = self::DEFAULT_PUBLIC_KEY_OPTIONS)
 {
     $keys = openssl_pkey_new($options);
     $this->publicKey = openssl_pkey_get_details($keys)["key"];
     openssl_pkey_export($keys, $this->privateKey);
     openssl_pkey_free($keys);
 }
 public function run()
 {
     if (strrev($this->input['folder']) !== DIRECTORY_SEPARATOR) {
         $this->input['folder'] .= DIRECTORY_SEPARATOR;
     }
     $files = [];
     foreach (['pub', 'key', 'crt', 'csr'] as $extension) {
         $files[$extension] = sprintf('%s%s%s.%s', $this->input['folder'], $this->input['prefix'], $this->input['hostname'], $extension);
     }
     foreach ($files as $file) {
         if (file_exists($file)) {
             throw new RuntimeException(sprintf('File exist: %s', $file));
         }
     }
     $dn = array("countryName" => $this->input['country'], "stateOrProvinceName" => $this->input['state-or-province-name'], "localityName" => $this->input['locality-name'], "organizationName" => $this->input['organization-name'], "organizationalUnitName" => $this->input['organizational-unit-name'], "commonName" => $this->input['common-name'], "emailAddress" => $this->input['email-address']);
     // Create the private and public key
     $res = openssl_pkey_new(['digest_alg' => $this->input['alg'], 'private_key_bits' => $this->input['bits'], 'private_key_type' => OPENSSL_KEYTYPE_RSA]);
     // Generate a certificate signing request
     $csr = openssl_csr_new(array_filter($dn), $res);
     // Creates a self-signed cert
     $sscert = openssl_csr_sign($csr, null, $res, $this->input['days']);
     openssl_csr_export($csr, $out);
     file_put_contents($files['csr'], $out);
     // Export certfile
     openssl_x509_export($sscert, $out);
     file_put_contents($files['crt'], $out);
     // Extract the private key from $res to $privKey
     openssl_pkey_export($res, $out);
     file_put_contents($files['key'], $out);
     // Extract the public key from $res to $pubKey
     $out = openssl_pkey_get_details($res);
     file_put_contents($files['pub'], $out["key"]);
 }
 public function makeKeys($distinguishedName, $passphrase = NULL, $certCA = NULL, $keyCA)
 {
     // keep track of the distinguished name
     $this->dn = $distinguishedName;
     // generate the pem-encoded private key
     $config = array('digest_alg' => 'sha1', 'private_key_bits' => 1024, 'encrypt_key' => TRUE);
     $key = openssl_pkey_new($config);
     // generate the certificate signing request...
     $csr = openssl_csr_new($this->dn, $key, $config);
     // and use it to make a self-signed certificate
     $this->serialNumber = rand();
     $cert = openssl_csr_sign($csr, NULL, $key, 365, $config, time());
     // make openssl forget the key
     openssl_free_key($keyCA);
     // export private and public keys
     openssl_pkey_export($key, $this->privatekey, $passphrase, $config);
     //openssl_pkey_export_to_file ( $this->privatekey , "server.key", $passphrase, $config )
     openssl_x509_export($cert, $this->certificate);
     // parse certificate
     $this->x509 = openssl_x509_parse($cert);
     if (isset($this->serialNumber)) {
         $outfilename = '/var/www/html/' . $this->serialNumber;
         // Gets an exportable representation of a key into a file
         openssl_pkey_export_to_file($key, $outfilename . '.pem', $passphrase, $config);
     }
     openssl_x509_export_to_file($this->certificate, $outfilename . '.crt', TRUE);
     return TRUE;
     // end of makeKeys() method
 }
 /**
  * Creates a new public/private key pair using PHP OpenSSL extension.
  *
  * @return tx_rsaauth_keypair	A new key pair or null in case of error
  * @see tx_rsaauth_abstract_backend::createNewKeyPair()
  */
 public function createNewKeyPair()
 {
     $result = null;
     $privateKey = @openssl_pkey_new();
     if ($privateKey) {
         // Create private key as string
         $privateKeyStr = '';
         openssl_pkey_export($privateKey, $privateKeyStr);
         // Prepare public key information
         $exportedData = '';
         $csr = openssl_csr_new(array(), $privateKey);
         openssl_csr_export($csr, $exportedData, false);
         // Get public key (in fact modulus) and exponent
         $publicKey = $this->extractPublicKeyModulus($exportedData);
         $exponent = $this->extractExponent($exportedData);
         // Create result object
         $result = t3lib_div::makeInstance('tx_rsaauth_keypair');
         /* @var $result tx_rsaauth_keypair */
         $result->setExponent($exponent);
         $result->setPrivateKey($privateKeyStr);
         $result->setPublicKey($publicKey);
         // Clean up all resources
         openssl_free_key($privateKey);
     }
     return $result;
 }
Example #16
0
 static public function get_keys($login,$full_name) {
   $CA_CERT = base_url()."data/key/CA_DOC.csr";
   $CA_KEY  = base_url()."data/key/CA_DOC_priv.key";
   $config = array(
     "private_key_type"=>OPENSSL_KEYTYPE_RSA,
     "private_key_bits"=>512
   );
   $res = openssl_pkey_new($config);
   $privKey = '';
   openssl_pkey_export($res,$privKey);
   $arr = array(
     "organizationName" => "Фізична особа",
     "organizationalUnitName" => "Фізична особа",
     "commonName" => $full_name,
     "UID" => $login,
     "countryName" => "UA"
   );
   $csr = openssl_csr_new($arr,$privKey);
   $cert = openssl_csr_sign($csr,file_get_contents($CA_CERT),file_get_contents($CA_KEY),730);
   openssl_x509_export($cert,$str_cert);
   $public_key = openssl_pkey_get_public($str_cert);
   $public_key_details = openssl_pkey_get_details($public_key);
   $public_key_string = $public_key_details['key'];
   return array('private'=>$privKey,'cert'=>$str_cert,'public'=>$public_key_string);
 }
Example #17
0
 protected function execute(InputInterface $input, OutputInterface $output)
 {
     $init = $this->getHelper('init')->getInit();
     $basedir = $init->getBaseDir();
     $fprikey = $basedir . '/app/config/key/';
     $fpubkey = $basedir . '/app/config/key/';
     $namePri = "private.pkey";
     $namePub = "public.pkey";
     if (!file_exists($fprikey . $namePri) || !file_exists($fpubkey . $namePub)) {
         if (!file_exists($fprikey)) {
             mkdir($fprikey, 0777, true);
         }
         if (!file_exists($fpubkey)) {
             mkdir($fpubkey, 0777, true);
         }
         $key = openssl_pkey_new();
         openssl_pkey_export($key, $privatekey);
         $publickey = openssl_pkey_get_details($key);
         $publickey = $publickey["key"];
         file_put_contents($fprikey . $namePri, $privatekey);
         file_put_contents($fpubkey . $namePub, $publickey);
         $output->writeln("Chaves geradas com sucesso!");
     } else {
         $output->writeln("Chaves já existem!");
     }
 }
Example #18
0
 /**
  * Export this keypair
  *
  * @param   string passphrase default NULL
  * @return  string key
  */
 public function export($passphrase = null)
 {
     if (false === openssl_pkey_export($this->_res, $out, $passphrase)) {
         throw new SecurityException('Could not export key: ' . \xp::stringOf(OpenSslUtil::getErrors()));
     }
     return $out;
 }
Example #19
0
function generateSslKeypair($commonName, $keyLength)
{
    $key = openssl_pkey_new(array("private_key_bits" => $keyLength));
    $default = getDefaultConfPath();
    if (file_exists($default . "/cert-overrides.ini")) {
        $confFile = $default . "/cert-overrides.ini";
    } else {
        $confFile = $_SERVER["DOCUMENT_ROOT"] . "/conf/cert.ini";
    }
    $certConf = parse_ini_file($confFile, true);
    $dn = $certConf["dn"];
    $dn["commonName"] = $commonName;
    $cert = openssl_csr_new($dn, $key);
    // Creating a new X509 Certificate Signing Request
    if ($e = error_get_last()) {
        // Issues found in parsing the arguments will get a warning. A CSR is created, nonetheless
        throw new Exception("Error occured:" . $e["message"]);
    }
    $signed = openssl_csr_sign($cert, null, $key, $certConf["csr"]["validity_in_days"], array("config" => $confFile, "config_section_name" => "csr", "x509_extensions" => "clientx509_ext"));
    // Self-signed X509 certificate with SHA256 digest and extensions specified in local openssl.conf
    if (!$signed) {
        throw new Exception("Error occured while signing certificate");
    }
    openssl_pkey_export($key, $privateKey);
    // Export private-key to $privateKey
    openssl_x509_export($signed, $clientCert);
    // Export signed-certificate to $clientCert without Extra Details
    return array($clientCert, $privateKey);
}
Example #20
0
 public function lock($passphrase)
 {
     if ($this->resource === false) {
         throw new \RuntimeException("Key is still locked.");
     }
     openssl_pkey_export($this->resource, $this->key, md5($passphrase));
     return $this;
 }
Example #21
0
 public static function generateKeyPair($passPhrase)
 {
     $config = ['digest_alg' => 'sha512', 'private_key_bits' => 4096, 'private_key_type' => OPENSSL_KEYTYPE_RSA];
     $res = openssl_pkey_new($config);
     openssl_pkey_export($res, $privateKey, $passPhrase);
     $publicKey = openssl_pkey_get_details($res)['key'];
     return new KeyPair($privateKey, $publicKey);
 }
Example #22
0
 /**
  * Generate a NEW key pair and store the details in the database
  * 
  * The rsa_pairs table is used to store a public and private key as well as a created timestamp
  * This timestamp is used to track the "age" of a pair, and remove old/unused pairs
  */
 public function initialize()
 {
     $pair = openssl_pkey_new();
     $keyDetails = openssl_pkey_get_details($pair);
     $this->pubKey = $keyDetails['key'];
     openssl_pkey_export($pair, $this->privKey);
     sqlQuery("INSERT into rsa_pairs (public,private,created) values (?,?,NOW())", array($this->get_pubKeyJS(), $this->privKey));
 }
Example #23
0
 /**
  * @param string $password
  * @param array $config
  *
  * @return string
  */
 public function export(string $password = NULL, array $config = []) : string
 {
     $status = openssl_pkey_export($this->getHandle(), $output, $password, $config);
     if (!$status) {
         throw new RuntimeException(OpenSSL::getLastError());
     }
     return $output;
 }
Example #24
0
 function rsa_generate_keys($password, $bits = 2048, $digest_algorithm = 'sha256')
 {
     $res = openssl_pkey_new(array('digest_alg' => $digest_algorithm, 'private_key_bits' => $bits, 'private_key_type' => OPENSSL_KEYTYPE_RSA));
     openssl_pkey_export($res, $private_key, $password);
     $public_key = openssl_pkey_get_details($res);
     $public_key = $public_key['key'];
     return array('private_key' => $private_key, 'public_key' => $public_key);
 }
 public function __construct($passphrase = null)
 {
     $res = openssl_pkey_new($this->getConfig());
     openssl_pkey_export($res, $privKey, $passphrase);
     $this->privateKey = $privKey;
     $pubKey = openssl_pkey_get_details($res);
     $this->publicKey = $pubKey["key"];
 }
Example #26
0
 public function __construct()
 {
     $res = openssl_pkey_new();
     openssl_pkey_export($res, $privkey);
     $this->privkey = $privkey;
     $pubkey = openssl_pkey_get_details($res);
     $this->pubkey = $pubkey['key'];
 }
Example #27
0
 /**
  * Export this keypair
  *
  * @param   string passphrase default NULL
  * @return  string key
  */
 public function export($passphrase = NULL)
 {
     if (FALSE === openssl_pkey_export($this->_res, $out, $passphrase)) {
         trigger_error(implode("\n  @", OpenSslUtil::getErrors()), E_USER_NOTICE);
         throw new XPException('Could not export key');
     }
     return $out;
 }
 public function generateKeyPair($keyPath, $keySize)
 {
     // Fill in data for the distinguished name to be used in the cert
     // You must change the values of these keys to match your name and
     // company, or more precisely, the name and company of the person/site
     // that you are generating the certificate for.
     // For SSL certificates, the commonName is usually the domain name of
     // that will be using the certificate, but for S/MIME certificates,
     // the commonName will be the name of the individual who will use the
     // certificate.
     $dn = array("countryName" => "UK", "stateOrProvinceName" => "Somerset", "localityName" => "Glastonbury", "organizationName" => "The Brain Room Limited", "organizationalUnitName" => "PHP Documentation Team", "commonName" => "Wez Furlong", "emailAddress" => "*****@*****.**");
     // Generate a new private (and public) key pair
     $privkey = openssl_pkey_new(array('private_key_bits' => $keySize, 'private_key_type' => OPENSSL_KEYTYPE_RSA));
     // Generate a certificate signing request
     $csr = openssl_csr_new($dn, $privkey);
     // You will usually want to create a self-signed certificate at this
     // point until your CA fulfills your request.
     $sscert = openssl_csr_sign($csr, null, $privkey, 365000);
     // Now you will want to preserve your private key, CSR and self-signed
     // cert so that they can be installed into your web server, mail server
     // or mail client (depending on the intended use of the certificate).
     // This example shows how to get those things into variables, but you
     // can also store them directly into files.
     // Typically, you will send the CSR on to your CA who will then issue
     // you with the "real" certificate.
     // openssl_csr_export($csr, $csrout);
     // echo $csrout . "\n";
     openssl_x509_export($sscert, $certout);
     file_put_contents($keyPath . '/public.crt', $certout);
     openssl_pkey_export($privkey, $pkeyout, "mypassword");
     file_put_contents($keyPath . '/private.key', $pkeyout);
 }
Example #29
-1
/**
 * WebSite-PHP file utils_openssl.inc.php
 *
 * WebSite-PHP : PHP Framework 100% object (http://www.website-php.com)
 * Copyright (c) 2009-2015 WebSite-PHP.com
 * PHP versions >= 5.2
 *
 * Licensed under The MIT License
 * Redistributions of files must retain the above copyright notice.
 * 
 * @author      Emilien MOREL <*****@*****.**>
 * @link        http://www.website-php.com
 * @copyright   WebSite-PHP.com 12/05/2015
 * @version     1.2.13
 * @access      public
 * @since       1.0.67
 */
function createKeys($passphrase = 'passphrase', $private_key_bits = 1024, $private_key_type = OPENSSL_KEYTYPE_RSA, $encrypte_key = true)
{
    if (!extension_loaded('openssl')) {
        throw new NewException("Please activate openssl php lib, to use encryption.", 0, getDebugBacktrace(1));
    } else {
        $openssl_conf_file = str_replace("\\", "/", dirname(__FILE__)) . '/../config/openssl.cnf';
        if (!file_exists($openssl_conf_file)) {
            throw new NewException("openssl.cnf doesn't exists (" . $openssl_conf_file . ").", 0, getDebugBacktrace(1));
        }
        // Create the keypair
        $config_key = array("config" => $openssl_conf_file, "digest_alg" => "sha1", "x509_extensions" => "v3_ca", "req_extensions" => "v3_req", "private_key_bits" => $private_key_bits, "private_key_type" => $private_key_type, "encrypte_key" => $encrypte_key);
        $res = openssl_pkey_new($config_key);
        if ($res != false) {
            // Get private key. A pass phrase is required for proper encryption/decryption.
            openssl_pkey_export($res, $privkey, $passphrase, $config_key);
            // Get public key
            $pubkey = openssl_pkey_get_details($res);
            $pubkey = $pubkey['key'];
            $keys = array();
            $keys['private'] = $privkey;
            $keys['public'] = $pubkey;
            openssl_pkey_free($res);
            return $keys;
        } else {
            $error = "";
            while ($msg = openssl_error_string()) {
                $error .= $msg . "<br />\n";
            }
            $error = "Error generation private key" . ($error != "" ? " : " . $error : "");
            throw new NewException($error, 0, getDebugBacktrace(1));
        }
    }
    return null;
}
    function new_user($user, $email, $password)
    {
        validate_username($user);
        validate_email($email);
        validate_password($password);

        $salt = sha1(time());

        $hashed_pass = sha1($salt . $password);

        $avatar = make_ext_url('media/default_avatar.jpg');

    // Generate a new RSA key pair
        $res = openssl_pkey_new();
        openssl_pkey_export($res, $priv_key);
        $pub_key = openssl_pkey_get_details($res);
        $pub_key = $pub_key['key'];

        $query = "INSERT INTO `users`
            (`User_name`, `E-mail`, `Password`, `Salt`, `Priv_key`, `Pub_key`, `Avatar`)
            VALUES ('@v','@v','@v','@v','@v','@v', '@v')";

        $this->query($query, $user, $email, $hashed_pass, $salt,
            base64_encode($priv_key), base64_encode($pub_key), $avatar);
    }