2002-04-15 00:12:54 +00:00
|
|
|
<?xml version="1.0" encoding="iso-8859-1"?>
|
2004-02-24 08:46:39 +00:00
|
|
|
<!-- $Revision: 1.8 $ -->
|
2002-04-15 00:12:54 +00:00
|
|
|
<reference id="ref.openssl">
|
2004-02-24 08:46:39 +00:00
|
|
|
<title>OpenSSL Functions</title>
|
2002-04-15 00:12:54 +00:00
|
|
|
<titleabbrev>OpenSSL</titleabbrev>
|
|
|
|
|
<partintro>
|
2002-08-01 23:05:27 +00:00
|
|
|
<section id="openssl.intro">
|
|
|
|
|
&reftitle.intro;
|
|
|
|
|
<para>
|
|
|
|
|
This module uses the functions of <ulink
|
|
|
|
|
url="&url.openssl;">OpenSSL</ulink> for generation and verification
|
|
|
|
|
of signatures and for sealing (encrypting) and opening (decrypting)
|
|
|
|
|
data. OpenSSL offers many features that this module currently doesn't
|
|
|
|
|
support. Some of these may be added in the future.
|
|
|
|
|
</para>
|
|
|
|
|
</section>
|
|
|
|
|
|
2002-08-09 10:26:12 +00:00
|
|
|
<section id="openssl.requirements">
|
2002-08-01 23:05:27 +00:00
|
|
|
&reftitle.required;
|
|
|
|
|
<para>
|
|
|
|
|
In order to use the OpenSSL functions you need to install the <ulink
|
|
|
|
|
url="&url.openssl;">OpenSSL</ulink> package.
|
|
|
|
|
PHP-4.0.4pl1 requires OpenSSL >= 0.9.6, but PHP-4.0.5 and greater
|
|
|
|
|
will also work with OpenSSL >= 0.9.5.
|
|
|
|
|
</para>
|
|
|
|
|
</section>
|
|
|
|
|
|
2002-12-01 17:10:18 +00:00
|
|
|
&reference.openssl.configure;
|
2002-08-01 23:05:27 +00:00
|
|
|
|
|
|
|
|
<section id="openssl.configuration">
|
|
|
|
|
&reftitle.runtime;
|
|
|
|
|
&no.config;
|
|
|
|
|
</section>
|
|
|
|
|
|
|
|
|
|
<section id="openssl.resources">
|
|
|
|
|
&reftitle.resources;
|
|
|
|
|
<para>
|
|
|
|
|
</para>
|
|
|
|
|
</section>
|
|
|
|
|
|
|
|
|
|
<section id="openssl.certparams">
|
|
|
|
|
<title>Key/Certificate parameters</title>
|
|
|
|
|
<para>
|
|
|
|
|
Quite a few of the openssl functions require a key or a certificate
|
|
|
|
|
parameter. PHP 4.0.5 and earlier have to use a key or certificate
|
|
|
|
|
<type>resource</type> returned by one of the openssl_get_xxx functions.
|
|
|
|
|
Later versions may use one of the following methods:
|
|
|
|
|
<itemizedlist>
|
|
|
|
|
<listitem>
|
|
|
|
|
<para>
|
|
|
|
|
Certificates
|
|
|
|
|
<orderedlist>
|
|
|
|
|
<listitem>
|
|
|
|
|
<simpara>
|
|
|
|
|
An X.509 resource returned from
|
|
|
|
|
<function>openssl_x509_read</function>
|
|
|
|
|
</simpara>
|
|
|
|
|
</listitem>
|
|
|
|
|
<listitem>
|
|
|
|
|
<simpara>A string having the format
|
|
|
|
|
<filename>file://path/to/cert.pem</filename>; the named file must
|
|
|
|
|
contain a PEM encoded certificate
|
|
|
|
|
</simpara>
|
|
|
|
|
</listitem>
|
|
|
|
|
<listitem>
|
|
|
|
|
<simpara>
|
|
|
|
|
A string containing the content of a certificate, PEM encoded
|
|
|
|
|
</simpara>
|
|
|
|
|
</listitem>
|
|
|
|
|
</orderedlist>
|
|
|
|
|
</para>
|
|
|
|
|
</listitem>
|
|
|
|
|
|
|
|
|
|
<listitem>
|
|
|
|
|
<para>
|
|
|
|
|
Public/Private Keys
|
|
|
|
|
<orderedlist>
|
|
|
|
|
<listitem>
|
|
|
|
|
<simpara>A key resource returned from
|
|
|
|
|
<function>openssl_get_publickey</function> or
|
|
|
|
|
<function>openssl_get_privatekey</function>
|
|
|
|
|
</simpara>
|
|
|
|
|
</listitem>
|
|
|
|
|
<listitem>
|
|
|
|
|
<simpara>For public keys only: an X.509 resource</simpara>
|
|
|
|
|
</listitem>
|
|
|
|
|
<listitem>
|
|
|
|
|
<simpara>A string having the format
|
|
|
|
|
<filename>file://path/to/file.pem</filename> - the named file must
|
|
|
|
|
contain a PEM encoded certificate/private key (it may contain both)
|
|
|
|
|
</simpara>
|
|
|
|
|
</listitem>
|
|
|
|
|
<listitem>
|
|
|
|
|
<simpara>
|
|
|
|
|
A string containing the content of a certificate/key, PEM encoded
|
|
|
|
|
</simpara>
|
|
|
|
|
</listitem>
|
|
|
|
|
<listitem>
|
|
|
|
|
<simpara>
|
|
|
|
|
For private keys, you may also use the syntax
|
|
|
|
|
<emphasis>array($key, $passphrase)</emphasis> where $key represents a
|
|
|
|
|
key specified using the file:// or textual content notation above, and
|
|
|
|
|
$passphrase represents a string containing the passphrase for that
|
|
|
|
|
private key
|
|
|
|
|
</simpara>
|
|
|
|
|
</listitem>
|
|
|
|
|
</orderedlist>
|
|
|
|
|
</para>
|
|
|
|
|
</listitem>
|
|
|
|
|
</itemizedlist>
|
|
|
|
|
</para>
|
|
|
|
|
</section>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<section id="openssl.cert.verification">
|
|
|
|
|
<title>Certificate Verification</title>
|
|
|
|
|
<para>
|
|
|
|
|
When calling a function that will verify a signature/certificate, the
|
|
|
|
|
<emphasis>cainfo</emphasis> parameter is an array containing file and
|
|
|
|
|
directory names that specify the locations of trusted CA files. If a
|
|
|
|
|
directory is specified, then it must be a correctly formed hashed
|
|
|
|
|
directory as the <command>openssl</command> command would use.
|
|
|
|
|
</para>
|
|
|
|
|
</section>
|
|
|
|
|
|
|
|
|
|
&reference.openssl.constants;
|
2002-04-15 00:12:54 +00:00
|
|
|
|
|
|
|
|
|
|
|
|
|
</partintro>
|
|
|
|
|
|
|
|
|
|
&reference.openssl.functions;
|
|
|
|
|
|
|
|
|
|
</reference>
|
|
|
|
|
<!-- Keep this comment at the end of the file
|
|
|
|
|
Local variables:
|
|
|
|
|
mode: sgml
|
|
|
|
|
sgml-omittag:t
|
|
|
|
|
sgml-shorttag:t
|
|
|
|
|
sgml-minimize-attributes:nil
|
|
|
|
|
sgml-always-quote-attributes:t
|
|
|
|
|
sgml-indent-step:1
|
|
|
|
|
sgml-indent-data:t
|
|
|
|
|
indent-tabs-mode:nil
|
|
|
|
|
sgml-parent-document:nil
|
|
|
|
|
sgml-default-dtd-file:"../../../manual.ced"
|
|
|
|
|
sgml-exposed-tags:nil
|
|
|
|
|
sgml-local-catalogs:nil
|
|
|
|
|
sgml-local-ecat-files:nil
|
|
|
|
|
End:
|
|
|
|
|
vim600: syn=xml fen fdm=syntax fdl=2 si
|
|
|
|
|
vim: et tw=78 syn=sgml
|
|
|
|
|
vi: ts=1 sw=1
|
|
|
|
|
-->
|
|
|
|
|
|
