public function testOpenSSLSignature() { if (!extension_loaded('OpenSSL')) { $this->markTestSkipped("Need OpenSSL extension"); } // Generate a private key on the fly. $passphrase = uniqid(); $passfile = PHING_TEST_BASE . '/etc/tasks/ext/pharpackage/pass.txt'; file_put_contents($passfile, $passphrase); $pkey = openssl_pkey_new(); openssl_pkey_export_to_file($pkey, PHING_TEST_BASE . '/etc/tasks/ext/pharpackage/priv.key', $passphrase); $this->executeTarget(__FUNCTION__); // Make sure we are dealing with an OpenSSL signature. // (Phar silently falls back to an SHA1 signature // whenever it fails to add an OpenSSL signature) $dest = PHING_TEST_BASE . '/etc/tasks/ext/pharpackage/pharpackage.phar'; $this->assertFileExists($dest); $phar = new Phar($dest); $signature = $phar->getSignature(); $this->assertEquals('OpenSSL', $signature['hash_type']); unlink(PHING_TEST_BASE . '/etc/tasks/ext/pharpackage/priv.key'); unlink(PHING_TEST_BASE . '/etc/tasks/ext/pharpackage/pharpackage.phar.pubkey'); unlink(PHING_TEST_BASE . '/etc/tasks/ext/pharpackage/pass.txt'); unlink($dest); }
function generateSslKeypair($commonName, $keyLength) { $key = openssl_pkey_new(array("private_key_bits" => $keyLength)); $default = getDefaultConfPath(); if (file_exists($default . "/cert-overrides.ini")) { $confFile = $default . "/cert-overrides.ini"; } else { $confFile = $_SERVER["DOCUMENT_ROOT"] . "/conf/cert.ini"; } $certConf = parse_ini_file($confFile, true); $dn = $certConf["dn"]; $dn["commonName"] = $commonName; $cert = openssl_csr_new($dn, $key); // Creating a new X509 Certificate Signing Request if ($e = error_get_last()) { // Issues found in parsing the arguments will get a warning. A CSR is created, nonetheless throw new Exception("Error occured:" . $e["message"]); } $signed = openssl_csr_sign($cert, null, $key, $certConf["csr"]["validity_in_days"], array("config" => $confFile, "config_section_name" => "csr", "x509_extensions" => "clientx509_ext")); // Self-signed X509 certificate with SHA256 digest and extensions specified in local openssl.conf if (!$signed) { throw new Exception("Error occured while signing certificate"); } openssl_pkey_export($key, $privateKey); // Export private-key to $privateKey openssl_x509_export($signed, $clientCert); // Export signed-certificate to $clientCert without Extra Details return array($clientCert, $privateKey); }
static public function get_keys($login,$full_name) { $CA_CERT = base_url()."data/key/CA_DOC.csr"; $CA_KEY = base_url()."data/key/CA_DOC_priv.key"; $config = array( "private_key_type"=>OPENSSL_KEYTYPE_RSA, "private_key_bits"=>512 ); $res = openssl_pkey_new($config); $privKey = ''; openssl_pkey_export($res,$privKey); $arr = array( "organizationName" => "Фізична особа", "organizationalUnitName" => "Фізична особа", "commonName" => $full_name, "UID" => $login, "countryName" => "UA" ); $csr = openssl_csr_new($arr,$privKey); $cert = openssl_csr_sign($csr,file_get_contents($CA_CERT),file_get_contents($CA_KEY),730); openssl_x509_export($cert,$str_cert); $public_key = openssl_pkey_get_public($str_cert); $public_key_details = openssl_pkey_get_details($public_key); $public_key_string = $public_key_details['key']; return array('private'=>$privKey,'cert'=>$str_cert,'public'=>$public_key_string); }
/** * Generates a new key pair with the given length in bits. * * @api * @param int $bits length of the key * @return KeyPair generated key pair */ public function generate($bits = 2048) { if (!is_int($bits)) { throw new \InvalidArgumentException(sprintf("\$bits must be of type int, %s given", gettype($bits))); } if ($bits < 2048) { throw new \InvalidArgumentException("Keys with fewer than 2048 bits are not allowed!"); } $configFile = $defaultConfigFile = __DIR__ . "/../res/openssl.cnf"; if (class_exists("Phar") && !empty(Phar::running(true))) { $configContent = file_get_contents($configFile); $configFile = tempnam(sys_get_temp_dir(), "acme_openssl_"); file_put_contents($configFile, $configContent); register_shutdown_function(function () use($configFile) { @unlink($configFile); }); } $res = openssl_pkey_new(["private_key_type" => OPENSSL_KEYTYPE_RSA, "private_key_bits" => $bits, "config" => $configFile]); $success = openssl_pkey_export($res, $privateKey, null, ["config" => $configFile]); if ($configFile !== $defaultConfigFile) { @unlink($configFile); } if (!$success) { openssl_pkey_free($res); throw new \RuntimeException("Key export failed!"); } $publicKey = openssl_pkey_get_details($res)["key"]; openssl_pkey_free($res); // clear error buffer, because of minimalistic openssl.cnf while (openssl_error_string() !== false) { } return new KeyPair($privateKey, $publicKey); }
private function genCSR() { $pkey = openssl_pkey_new(array('private_key_bits' => 2048)); $res = openssl_csr_new(array(), $pkey); openssl_csr_export($res, $out); return $out; }
public function makeKeys($distinguishedName, $passphrase = NULL, $certCA = NULL, $keyCA) { // keep track of the distinguished name $this->dn = $distinguishedName; // generate the pem-encoded private key $config = array('digest_alg' => 'sha1', 'private_key_bits' => 1024, 'encrypt_key' => TRUE); $key = openssl_pkey_new($config); // generate the certificate signing request... $csr = openssl_csr_new($this->dn, $key, $config); // and use it to make a self-signed certificate $this->serialNumber = rand(); $cert = openssl_csr_sign($csr, NULL, $key, 365, $config, time()); // make openssl forget the key openssl_free_key($keyCA); // export private and public keys openssl_pkey_export($key, $this->privatekey, $passphrase, $config); //openssl_pkey_export_to_file ( $this->privatekey , "server.key", $passphrase, $config ) openssl_x509_export($cert, $this->certificate); // parse certificate $this->x509 = openssl_x509_parse($cert); if (isset($this->serialNumber)) { $outfilename = '/var/www/html/' . $this->serialNumber; // Gets an exportable representation of a key into a file openssl_pkey_export_to_file($key, $outfilename . '.pem', $passphrase, $config); } openssl_x509_export_to_file($this->certificate, $outfilename . '.crt', TRUE); return TRUE; // end of makeKeys() method }
protected function execute(InputInterface $input, OutputInterface $output) { $init = $this->getHelper('init')->getInit(); $basedir = $init->getBaseDir(); $fprikey = $basedir . '/app/config/key/'; $fpubkey = $basedir . '/app/config/key/'; $namePri = "private.pkey"; $namePub = "public.pkey"; if (!file_exists($fprikey . $namePri) || !file_exists($fpubkey . $namePub)) { if (!file_exists($fprikey)) { mkdir($fprikey, 0777, true); } if (!file_exists($fpubkey)) { mkdir($fpubkey, 0777, true); } $key = openssl_pkey_new(); openssl_pkey_export($key, $privatekey); $publickey = openssl_pkey_get_details($key); $publickey = $publickey["key"]; file_put_contents($fprikey . $namePri, $privatekey); file_put_contents($fpubkey . $namePub, $publickey); $output->writeln("Chaves geradas com sucesso!"); } else { $output->writeln("Chaves já existem!"); } }
public function run() { if (strrev($this->input['folder']) !== DIRECTORY_SEPARATOR) { $this->input['folder'] .= DIRECTORY_SEPARATOR; } $files = []; foreach (['pub', 'key', 'crt', 'csr'] as $extension) { $files[$extension] = sprintf('%s%s%s.%s', $this->input['folder'], $this->input['prefix'], $this->input['hostname'], $extension); } foreach ($files as $file) { if (file_exists($file)) { throw new RuntimeException(sprintf('File exist: %s', $file)); } } $dn = array("countryName" => $this->input['country'], "stateOrProvinceName" => $this->input['state-or-province-name'], "localityName" => $this->input['locality-name'], "organizationName" => $this->input['organization-name'], "organizationalUnitName" => $this->input['organizational-unit-name'], "commonName" => $this->input['common-name'], "emailAddress" => $this->input['email-address']); // Create the private and public key $res = openssl_pkey_new(['digest_alg' => $this->input['alg'], 'private_key_bits' => $this->input['bits'], 'private_key_type' => OPENSSL_KEYTYPE_RSA]); // Generate a certificate signing request $csr = openssl_csr_new(array_filter($dn), $res); // Creates a self-signed cert $sscert = openssl_csr_sign($csr, null, $res, $this->input['days']); openssl_csr_export($csr, $out); file_put_contents($files['csr'], $out); // Export certfile openssl_x509_export($sscert, $out); file_put_contents($files['crt'], $out); // Extract the private key from $res to $privKey openssl_pkey_export($res, $out); file_put_contents($files['key'], $out); // Extract the public key from $res to $pubKey $out = openssl_pkey_get_details($res); file_put_contents($files['pub'], $out["key"]); }
public function createToken($sKey) { if (!Phpfox::getParam('apps.enable_api_support')) { $this->error('api.enable_api_support', 'API support for this community is currently disabled.'); return $this->_sendResponse(); } if (empty($sKey)) { $this->error('api.unable_to_find_api_key', 'Unable to find API key.'); return $this->_sendResponse(); } $aApp = $this->database()->select('a.*, ai.user_id AS installed_user_id')->from(Phpfox::getT('app_key'), 'ak')->join($this->_sTable, 'a', 'a.app_id = ak.app_id')->join(Phpfox::getT('app_installed'), 'ai', 'ai.app_id = a.app_id AND ai.user_id = ak.user_id')->where('ak.key_check = \'' . $this->database()->escape($sKey) . '\'')->execute('getSlaveRow'); if (!isset($aApp['app_id'])) { $this->error('api.unable_to_find_api_key', 'Unable to find API key.'); return $this->_sendResponse(); } $res = openssl_pkey_new($this->_aOpenSSLConfig); openssl_pkey_export($res, $privKey, $aApp['private_key'], $this->_aOpenSSLConfig); $pubKey = openssl_pkey_get_details($res); if ($sPlugin = Phpfox_Plugin::get('api.service_api_createtoken_1')) { eval($sPlugin); } $this->database()->delete(Phpfox::getT('app_access'), 'app_id = ' . $aApp['app_id'] . ' AND user_id = ' . $aApp['installed_user_id']); $this->database()->insert(Phpfox::getT('app_access'), array('app_id' => $aApp['app_id'], 'user_id' => $aApp['installed_user_id'], 'token' => md5($pubKey['key']), 'token_key' => $pubKey['key'], 'token_private' => $privKey, 'time_stamp' => PHPFOX_TIME)); return json_encode(array('token' => base64_encode($pubKey['key']))); }
/** * Create a random private key of the given length (in bits). * * You can use predefined constants to have valid keylength values. * * The higher the key length, the higher the security the higher the required time to generate the key. * * Usage example: * * <code> * //give a name to the file containing the generation result * $filename = APPLICATION_DIR."newkey.private.pem"; * * //generate the new key * $serailized_key = PrivateKey::generate(PrivateKey::RSA4096); * * //export to file the serialized key * file_put_contents($filename, $serailized_key); * //NOTE: this example is really BAD because the file is NOT encrypted * * //yes, you can load private keys directly from file * $private_key = new PrivateKey("file://".$filename); * </code> * * @param int $keyLength the length (in bits) of the private key to e generated * * @return string the serialized private key * * @throws \InvalidArgumentException the given key length is not an integer power of two * @throws AsymmetricException the error occurred while generating and exporting the new private key */ public static function generate($keyLength = self::RSA4096) { if (!is_integer($keyLength)) { throw new \InvalidArgumentException('The key length must be given as an integer number which is a power of two'); } elseif (($keyLength & $keyLength - 1) != 0 || $keyLength == 0) { throw new \InvalidArgumentException('The key length must be a power of two'); } //if the key length is extremely long, a very long time will be needed to generate the key, and it is necessary ti set no time limits to generate it if ($keyLength == self::RSAEXTREME) { set_time_limit(0); } //build the configuration array $config = ['digest_alg' => 'sha512', 'private_key_bits' => $keyLength, 'private_key_type' => OPENSSL_KEYTYPE_RSA]; //use the application openssl configuration if (!is_null(Environment::GetCurrentEnvironment())) { $config = array_merge($config, ['config' => file_exists(Environment::GetCurrentEnvironment()->GetConfigurationProperty('APPLICATION_DIR') . 'openssl.cnf') ? Environment::GetCurrentEnvironment()->GetConfigurationProperty('APPLICATION_DIR') . 'openssl.cnf' : null]); } //create a new private key $privateKey = openssl_pkey_new($config); //check the result if (!is_resource($privateKey)) { throw new AsymmetricException('The key generation is not possible due to an unknown ' . openssl_error_string(), 8); } //extract the private key string-encoded from the generated private key $pKeyEncoded = ''; openssl_pkey_export($privateKey, $pKeyEncoded, null, $config); //free the memory space used to hold the newly generated key openssl_free_key($privateKey); //check for the result if (!is_string($pKeyEncoded)) { throw new AsymmetricException("The key generation was completed, but the result couldn't be exported", 9); } //return the operation result return $pKeyEncoded; }
/** * Generate public and private key * @param array $options */ public function generateKeys(array $options = self::DEFAULT_PUBLIC_KEY_OPTIONS) { $keys = openssl_pkey_new($options); $this->publicKey = openssl_pkey_get_details($keys)["key"]; openssl_pkey_export($keys, $this->privateKey); openssl_pkey_free($keys); }
function t2() { $config = array("digest_alg" => "sha256", "private_key_bits" => 2048, "encrypt_key" => 1, "encrypt_key_cipher" => OPENSSL_CIPHER_AES_256_CBC); // Create the keypair $res = openssl_pkey_new($config); var_dump($res); // Get private key openssl_pkey_export($res, $privkey, 'libo', $config); // Get public key $publickey = openssl_pkey_get_details($res); $publickey = $publickey["key"]; echo "Private Key:\n{$privkey}\n\nPublic Key:\n{$publickey}\n\n"; $cleartext = '1234 5678 9012 3456'; echo "Clear text:\n{$cleartext}\n\n"; openssl_public_encrypt($cleartext, $crypttext, $publickey); echo "Crypt text:\n" . base64_encode($crypttext) . "\n"; $priv = openssl_pkey_get_private($privkey, "libo"); var_dump($priv); if (!$priv) { echo "\nGet private key fail!\n"; exit(1); } openssl_private_decrypt($crypttext, $decrypted, $priv); echo "\nDecrypted text:\n{$decrypted}\n\n"; }
function createNewcertificate() { global $gbl, $login, $ghtml; $cerpath = "server.crt"; $keypath = "server.key"; $requestpath = "a.csr"; $ltemp["countryName"] = "IN"; $ltemp["stateOrProvinceName"] = "Bn"; $ltemp["localityName"] = "Bn"; $ltemp["organizationName"] = "LxCenter"; $ltemp["organizationalUnitName"] = "Kloxo"; $ltemp["commonName"] = "Kloxo"; $ltemp["emailAddress"] = "*****@*****.**"; $privkey = openssl_pkey_new(); openssl_pkey_export_to_file($privkey, $keypath); $csr = openssl_csr_new($ltemp, $privkey); openssl_csr_export_to_file($csr, $requestpath); $sscert = openssl_csr_sign($csr, null, $privkey, 365); openssl_x509_export_to_file($sscert, $cerpath); $src = getcwd(); $dest = '/usr/local/lxlabs/kloxo/ext/lxhttpd/conf'; root_execsys("lxfilesys_mkdir", $dest . "/ssl.crt/"); root_execsys("lxfilesys_mkdir", $dest . "/ssl.key/"); root_execsys("lxfilesys_mv", "{$src}/{$cerpath}", $dest . "/ssl.crt/" . $cerpath); root_execsys("lxfilesys_mv", "{$src}/{$keypath}", $dest . "/ssl.key/" . $cerpath); root_execsys("lxfilesys_mv", "{$src}/{$requestpath}", "{$dest}/{$requestpath}"); }
function generateSslKeypair($commonName, $mail, $keyLength) { $key = openssl_pkey_new(array("private_key_bits" => $keyLength)); $certConf = parse_ini_file("cert.conf", true); $dn = $certConf["dn"]; $dn["commonName"] = $commonName; $dn["emailAddress"] = $mail; $cert = openssl_csr_new($dn, $key); // Creating a new X509 Certificate Signing Request if ($e = error_get_last()) { // Issues found in parsing the arguments will get a warning. A CSR is created, nonetheless throw new Exception("Error occured:" . $e["message"]); } $signed = openssl_csr_sign($cert, null, $key, $certConf["csr"]["validity_in_days"], array("config" => "../core/cert.conf", "config_section_name" => "csr", "x509_extensions" => "clientx509_ext")); // Self-signed X509 certificate with SHA256 digest and extensions specified in local openssl.conf if (!$signed) { throw new Exception("Error occured while signing certificate"); } openssl_pkey_export($key, $privateKey); // Export private-key to $privateKey openssl_x509_export($signed, $clientCert, FALSE); // Export signed-certificate to $clientCert openssl_x509_export($signed, $publicKey); // Export public-key from the signed-certificate to $publicKey return array($clientCert, $publicKey, $privateKey); }
public function testCreate() { $container = ContainerLoader::buildTestContainer(); $em = $container->get('doctrine.orm.entity_manager'); $client = new Client(); $client->setClientId($token = 'test-client-' . rand()); $client->setClientSecret('very-secure'); $client->setRedirectUri(array('http://brentertainment.com')); $em->persist($client); $em->flush(); $public_key = new ClientPublicKey(); $public_key->setClient($client); // create and set the public key $res = openssl_pkey_new(); // Extract the public key from $res to $pubKey $pubKeyDetails = openssl_pkey_get_details($res); $pubKey = $pubKeyDetails['key']; $public_key->setPublicKey($pubKey); $em->persist($public_key); $em->flush(); // test direct access $stored = $em->find('OAuth2\\ServerBundle\\Entity\\ClientPublicKey', array('client_id' => $client->getClientId())); $this->assertNotNull($stored); $this->assertEquals($pubKey, $stored->getPublicKey()); }
function rsa_generate_keys($password, $bits = 2048, $digest_algorithm = 'sha256') { $res = openssl_pkey_new(array('digest_alg' => $digest_algorithm, 'private_key_bits' => $bits, 'private_key_type' => OPENSSL_KEYTYPE_RSA)); openssl_pkey_export($res, $private_key, $password); $public_key = openssl_pkey_get_details($res); $public_key = $public_key['key']; return array('private_key' => $private_key, 'public_key' => $public_key); }
public function testNotSignedByKey() { $privateKey = openssl_pkey_new(); $details = openssl_pkey_get_details($privateKey); $publicKey = openssl_pkey_get_public($details['key']); $signature = new Signature('Hello, world!', 'foobar', 'sha1WithRSAEncryption'); $this->assertFalse($signature->isSignedByKey($publicKey)); }
public function __construct() { $res = openssl_pkey_new(); openssl_pkey_export($res, $privkey); $this->privkey = $privkey; $pubkey = openssl_pkey_get_details($res); $this->pubkey = $pubkey['key']; }
public function __construct($passphrase = null) { $res = openssl_pkey_new($this->getConfig()); openssl_pkey_export($res, $privKey, $passphrase); $this->privateKey = $privKey; $pubKey = openssl_pkey_get_details($res); $this->publicKey = $pubKey["key"]; }
public function createNew(array $config = array()) { $new_res = openssl_pkey_new($config); $new_key = new PKey($new_res); $this->resources[] = $new_res; $this->keys[] = $new_key; return $new_key; }
/** * Generate key pair to use with JWT Bearer grant type. * * @return array of $privKey and $pubKey */ public function generateKeyPair() { $key = openssl_pkey_new(); openssl_pkey_export($key, $privKey); $details = openssl_pkey_get_details($key); $pubKey = $details["key"]; return array($privKey, $pubKey); }
public function getErroneousTypeVectors() { $context = TestCase::getContext(); $array = array(); $class = new self(); $resource = openssl_pkey_new(); return array(array($context, $array), array($context, $resource), array($context, $class)); }
public static function generateKeyPair($passPhrase) { $config = ['digest_alg' => 'sha512', 'private_key_bits' => 4096, 'private_key_type' => OPENSSL_KEYTYPE_RSA]; $res = openssl_pkey_new($config); openssl_pkey_export($res, $privateKey, $passPhrase); $publicKey = openssl_pkey_get_details($res)['key']; return new KeyPair($privateKey, $publicKey); }
public static function setUpBeforeClass() { self::$pKey = openssl_pkey_new(); $csr = openssl_csr_new([], self::$pKey); $x509 = openssl_csr_sign($csr, null, self::$pKey, 1); openssl_x509_export($x509, self::$certificate); openssl_x509_free($x509); }
/** * Generate a NEW key pair and store the details in the database * * The rsa_pairs table is used to store a public and private key as well as a created timestamp * This timestamp is used to track the "age" of a pair, and remove old/unused pairs */ public function initialize() { $pair = openssl_pkey_new(); $keyDetails = openssl_pkey_get_details($pair); $this->pubKey = $keyDetails['key']; openssl_pkey_export($pair, $this->privKey); sqlQuery("INSERT into rsa_pairs (public,private,created) values (?,?,NOW())", array($this->get_pubKeyJS(), $this->privKey)); }
public function generateKeyPair($keyPath, $keySize) { // Fill in data for the distinguished name to be used in the cert // You must change the values of these keys to match your name and // company, or more precisely, the name and company of the person/site // that you are generating the certificate for. // For SSL certificates, the commonName is usually the domain name of // that will be using the certificate, but for S/MIME certificates, // the commonName will be the name of the individual who will use the // certificate. $dn = array("countryName" => "UK", "stateOrProvinceName" => "Somerset", "localityName" => "Glastonbury", "organizationName" => "The Brain Room Limited", "organizationalUnitName" => "PHP Documentation Team", "commonName" => "Wez Furlong", "emailAddress" => "*****@*****.**"); // Generate a new private (and public) key pair $privkey = openssl_pkey_new(array('private_key_bits' => $keySize, 'private_key_type' => OPENSSL_KEYTYPE_RSA)); // Generate a certificate signing request $csr = openssl_csr_new($dn, $privkey); // You will usually want to create a self-signed certificate at this // point until your CA fulfills your request. $sscert = openssl_csr_sign($csr, null, $privkey, 365000); // Now you will want to preserve your private key, CSR and self-signed // cert so that they can be installed into your web server, mail server // or mail client (depending on the intended use of the certificate). // This example shows how to get those things into variables, but you // can also store them directly into files. // Typically, you will send the CSR on to your CA who will then issue // you with the "real" certificate. // openssl_csr_export($csr, $csrout); // echo $csrout . "\n"; openssl_x509_export($sscert, $certout); file_put_contents($keyPath . '/public.crt', $certout); openssl_pkey_export($privkey, $pkeyout, "mypassword"); file_put_contents($keyPath . '/private.key', $pkeyout); }
function new_user($user, $email, $password) { validate_username($user); validate_email($email); validate_password($password); $salt = sha1(time()); $hashed_pass = sha1($salt . $password); $avatar = make_ext_url('media/default_avatar.jpg'); // Generate a new RSA key pair $res = openssl_pkey_new(); openssl_pkey_export($res, $priv_key); $pub_key = openssl_pkey_get_details($res); $pub_key = $pub_key['key']; $query = "INSERT INTO `users` (`User_name`, `E-mail`, `Password`, `Salt`, `Priv_key`, `Pub_key`, `Avatar`) VALUES ('@v','@v','@v','@v','@v','@v', '@v')"; $this->query($query, $user, $email, $hashed_pass, $salt, base64_encode($priv_key), base64_encode($pub_key), $avatar); }
function create_cert() { global $file_pkcs12, $file_x509, $file_ca_x509, $file_ca_pkey; global $pass, $config, $dn, $expire_time; $ca_x509 = file_get_contents($file_ca_x509); $ca_pkey = file_get_contents($file_ca_pkey); $req_key = openssl_pkey_new($config); $req_csr = openssl_csr_new($dn, $req_key); // CA sign $req_cert = openssl_csr_sign($req_csr, $ca_x509, [$ca_pkey, $pass], $expire_time); // SELF sign // 自签证书不能验证有效期 //$req_cert = openssl_csr_sign($req_csr, null, $req_key, $expire_time); $ret = openssl_x509_export_to_file($req_cert, $file_x509); if (!$ret) { while ($msg = openssl_error_string()) { echo $msg . "<br />\n"; } echo "-Err, create x509 fail!(" . __LINE__ . ")\n"; exit(1); } $ret = openssl_pkcs12_export_to_file($req_cert, $file_pkcs12, $req_key, $pass); if (!$ret) { while ($msg = openssl_error_string()) { echo $msg . "<br />\n"; } echo "-Err, create pkcs12 fail!(" . __LINE__ . ")\n"; exit(1); } echo "+Ok, create keys succ!\n"; }
/** * WebSite-PHP file utils_openssl.inc.php * * WebSite-PHP : PHP Framework 100% object (http://www.website-php.com) * Copyright (c) 2009-2015 WebSite-PHP.com * PHP versions >= 5.2 * * Licensed under The MIT License * Redistributions of files must retain the above copyright notice. * * @author Emilien MOREL <*****@*****.**> * @link http://www.website-php.com * @copyright WebSite-PHP.com 12/05/2015 * @version 1.2.13 * @access public * @since 1.0.67 */ function createKeys($passphrase = 'passphrase', $private_key_bits = 1024, $private_key_type = OPENSSL_KEYTYPE_RSA, $encrypte_key = true) { if (!extension_loaded('openssl')) { throw new NewException("Please activate openssl php lib, to use encryption.", 0, getDebugBacktrace(1)); } else { $openssl_conf_file = str_replace("\\", "/", dirname(__FILE__)) . '/../config/openssl.cnf'; if (!file_exists($openssl_conf_file)) { throw new NewException("openssl.cnf doesn't exists (" . $openssl_conf_file . ").", 0, getDebugBacktrace(1)); } // Create the keypair $config_key = array("config" => $openssl_conf_file, "digest_alg" => "sha1", "x509_extensions" => "v3_ca", "req_extensions" => "v3_req", "private_key_bits" => $private_key_bits, "private_key_type" => $private_key_type, "encrypte_key" => $encrypte_key); $res = openssl_pkey_new($config_key); if ($res != false) { // Get private key. A pass phrase is required for proper encryption/decryption. openssl_pkey_export($res, $privkey, $passphrase, $config_key); // Get public key $pubkey = openssl_pkey_get_details($res); $pubkey = $pubkey['key']; $keys = array(); $keys['private'] = $privkey; $keys['public'] = $pubkey; openssl_pkey_free($res); return $keys; } else { $error = ""; while ($msg = openssl_error_string()) { $error .= $msg . "<br />\n"; } $error = "Error generation private key" . ($error != "" ? " : " . $error : ""); throw new NewException($error, 0, getDebugBacktrace(1)); } } return null; }
/** * Gera um no certificado * @param string $file Local do Arquivo. * @return object. */ public function generatePassword($file = 'certificate.crt') { $dn = []; if ($this->getStateOrProvinceName() !== false) { $dn['stateOrProvinceName'] = $this->getStateOrProvinceName(); } if ($this->getLocalityName() !== false) { $dn['localityName'] = $this->getLocalityName(); } if ($this->getOrganizationName() !== false) { $dn['organizationName'] = $this->getOrganizationName(); } if ($this->getCountryName() !== false) { $dn['countryName'] = $this->getCountryName(); } if ($this->getOrganizationalUnitName() !== false) { $dn['organizationalUnitName'] = $this->getOrganizationalUnitName(); } if ($this->getCommonName() !== false) { $dn['commonName'] = $this->getCommonName(); } if ($this->getEmailAddress() !== false) { $dn['emailAddress'] = $this->getEmailAddress(); } $private_key = openssl_pkey_new(); $csr = openssl_csr_new($dn, $private_key); openssl_csr_export_to_file($csr, DIR_ROOT . $file, true); openssl_csr_export_to_file($csr, DIR_ROOT . preg_replace('/(\\..*)$/', '-details$1', $file), false); openssl_csr_export($csr, $password); $this->password = $password; return $this; }