From 2d4b995d680332b66a53f8278439ba1d6454a9eb Mon Sep 17 00:00:00 2001 From: Mark Jones Date: Sat, 18 Jan 2014 02:38:34 +0000 Subject: [PATCH] correcting error in openssl-pkey-get-public doc page in openssl_verify and openssl_sign * adding self-contained examples * documenting that the 4th param to can be an int or a string * improving documentation of params git-svn-id: https://svn.php.net/repository/phpdoc/en/trunk@332644 c90b9560-bf6c-de11-be94-00142212c4b1 --- .../functions/openssl-pkey-get-public.xml | 4 +- reference/openssl/functions/openssl-sign.xml | 56 ++++++++++++++++--- .../openssl/functions/openssl-verify.xml | 52 ++++++++++++++--- 3 files changed, 94 insertions(+), 18 deletions(-) diff --git a/reference/openssl/functions/openssl-pkey-get-public.xml b/reference/openssl/functions/openssl-pkey-get-public.xml index b78ad7a404..336d7df7b1 100644 --- a/reference/openssl/functions/openssl-pkey-get-public.xml +++ b/reference/openssl/functions/openssl-pkey-get-public.xml @@ -32,10 +32,10 @@ an X.509 certificate resource a string having the format file://path/to/file.pem. The named file must - contain a PEM encoded certificate/private key (it may contain both). + contain a PEM encoded certificate/public key (it may contain both). - A PEM formatted private key. + A PEM formatted public key. diff --git a/reference/openssl/functions/openssl-sign.xml b/reference/openssl/functions/openssl-sign.xml index 7f0e90530b..271281657d 100644 --- a/reference/openssl/functions/openssl-sign.xml +++ b/reference/openssl/functions/openssl-sign.xml @@ -13,12 +13,12 @@ stringdata stringsignature mixedpriv_key_id - intsignature_algOPENSSL_ALGO_SHA1 + mixedsignature_algOPENSSL_ALGO_SHA1 openssl_sign computes a signature for the - specified data by using SHA1 for hashing - followed by encryption using the private key associated with + specified data by generating a cryptographic + digital signature using the private key associated with priv_key_id. Note that the data itself is not encrypted. @@ -32,6 +32,7 @@ data + The string of data you wish to sign @@ -48,6 +49,10 @@ priv_key_id + resource - a key, returned by openssl_get_privatekey + + + string - a PEM formatted key @@ -55,8 +60,10 @@ signature_alg - For more information see the list of Signature Algorithms. + int - one of these Signature Algorithms. + + + string - a valid string returned by openssl_get_md_methods example, "sha256WithRSAEncryption" or "sha384". @@ -106,10 +113,7 @@ // $data is assumed to contain the data to be signed // fetch private key from file and ready it -$fp = fopen("/src/openssl-0.9.6/demos/sign/key.pem", "r"); -$priv_key = fread($fp, 8192); -fclose($fp); -$pkeyid = openssl_get_privatekey($priv_key); +$pkeyid = openssl_pkey_get_private("file://src/openssl-0.9.6/demos/sign/key.pem"); // compute signature openssl_sign($data, $signature, $pkeyid); @@ -120,6 +124,40 @@ openssl_free_key($pkeyid); ]]> + + <function>openssl_sign</function> example + + 2048, + "private_key_type" => OPENSSL_KEYTYPE_RSA, +)); +openssl_pkey_export($new_key_pair, $private_key_pem); + +$details = openssl_pkey_get_details($new_key_pair); +$public_key_pem = $details['key']; + +//create signature +openssl_sign($data, $signature, $private_key_pem, OPENSSL_ALGO_SHA256); + +//save for later +file_put_contents('private_key.pem', $private_key_pem); +file_put_contents('public_key.pem', $public_key_pem); +file_put_contents('signature.dat', $signature); + +//verify signature +$r = openssl_verify($data, $signature, $public_key_pem, "sha256WithRSAEncryption"); +var_dump($r); +?> +]]> + + + diff --git a/reference/openssl/functions/openssl-verify.xml b/reference/openssl/functions/openssl-verify.xml index e64d53e754..2f5933a396 100644 --- a/reference/openssl/functions/openssl-verify.xml +++ b/reference/openssl/functions/openssl-verify.xml @@ -13,7 +13,7 @@ stringdata stringsignature mixedpub_key_id - intsignature_algOPENSSL_ALGO_SHA1 + mixedsignature_algOPENSSL_ALGO_SHA1 openssl_verify verifies that the @@ -32,6 +32,7 @@ data + The string of data used to generate the signature previously @@ -39,6 +40,7 @@ signature + A raw binary string, generated by openssl_sign or similar means @@ -46,15 +48,22 @@ pub_key_id + resource - a key, returned by openssl_get_publickey + + string - a PEM formatted key, example, "-----BEGIN PUBLIC KEY----- +MIIBCgK..." + signature_alg - For more information see the list of Signature Algorithms. + int - one of these Signature Algorithms. + + + string - a valid string returned by openssl_get_md_methods example, "sha1WithRSAEncryption" or "sha512". @@ -105,10 +114,7 @@ // $data and $signature are assumed to contain the data and the signature // fetch public key from certificate and ready it -$fp = fopen("/src/openssl-0.9.6/demos/sign/cert.pem", "r"); -$cert = fread($fp, 8192); -fclose($fp); -$pubkeyid = openssl_get_publickey($cert); +$pubkeyid = openssl_pkey_get_public("file://src/openssl-0.9.6/demos/sign/cert.pem"); // state whether signature is okay or not $ok = openssl_verify($data, $signature, $pubkeyid); @@ -122,6 +128,38 @@ if ($ok == 1) { // free the key from memory openssl_free_key($pubkeyid); ?> +]]> + + + + <function>openssl_verify</function> example + + 2048, + "private_key_type" => OPENSSL_KEYTYPE_RSA, +)); +$details = openssl_pkey_get_details($private_key_res); +$public_key_res = openssl_pkey_get_public($details['key']); + +//create signature +openssl_sign($data, $signature, $private_key_res, "sha1WithRSAEncryption"); + +//verify signature +$ok = openssl_verify($data, $signature, $public_key_res, OPENSSL_ALGO_SHA1); +if ($ok == 1) { + echo "valid"; +} elseif ($ok == 0) { + echo "invalid"; +} else { + echo "error: ".openssl_error_string(); +} +?> ]]>