diff --git a/reference/openssl/functions/openssl-csr-export-to-file.xml b/reference/openssl/functions/openssl-csr-export-to-file.xml
index e7c38f70e5..71971a502c 100644
--- a/reference/openssl/functions/openssl-csr-export-to-file.xml
+++ b/reference/openssl/functions/openssl-csr-export-to-file.xml
@@ -1,35 +1,35 @@
-
+
-
-
- openssl_csr_export_to_file
- Exports a CSR to a file
-
-
- Description
-
- boolopenssl_csr_export_to_file
- resourcecsr
- stringoutfilename
- boolnotext
-
-
- openssl_csr_export_to_file takes the Certificate
- Signing Request represented by csr and saves it
- as ascii-armoured text into the file named by outfilename.
-
- &reference.openssl.parameter-notext;
-
- &return.success;
-
-
- See also openssl_csr_export,
- openssl_csr_new and
- openssl_csr_sign.
-
-
-
+
+
+ openssl_csr_export_to_file
+ Exports a CSR to a file
+
+
+ Description
+
+ boolopenssl_csr_export_to_file
+ resourcecsr
+ stringoutfilename
+ boolnotext
+
+
+ openssl_csr_export_to_file takes the Certificate
+ Signing Request represented by csr and saves it
+ as ascii-armoured text into the file named by outfilename.
+
+ &reference.openssl.parameter-notext;
+
+ &return.success;
+
+
+ See also openssl_csr_export,
+ openssl_csr_new and
+ openssl_csr_sign.
+
+
+
+
-
-
- openssl_csr_export
- Exports a CSR as a string
-
-
- Description
-
- boolopenssl_csr_export
- resourcecsr
- stringout
- boolnotext
-
-
- openssl_csr_export takes the Certificate Signing
- Request represented by csr and stores it as
- ascii-armoured text into out, which is passed by
- reference.
-
- &reference.openssl.parameter-notext;
-
- &return.success;
-
-
- See also openssl_csr_export_to_file,
- openssl_csr_new and
- openssl_csr_sign.
-
-
-
+
+
+ openssl_csr_export
+ Exports a CSR as a string
+
+
+ Description
+
+ boolopenssl_csr_export
+ resourcecsr
+ stringout
+ boolnotext
+
+
+ openssl_csr_export takes the Certificate Signing
+ Request represented by csr and stores it as
+ ascii-armoured text into out, which is passed by
+ reference.
+
+ &reference.openssl.parameter-notext;
+
+ &return.success;
+
+
+ See also openssl_csr_export_to_file,
+ openssl_csr_new and
+ openssl_csr_sign.
+
+
+
+
-
-
- openssl_csr_new
- Generates a CSR
-
-
- Description
-
- mixedopenssl_csr_new
- arraydn
- resourceprivkey
- arrayconfigargs
- arrayextraattribs
-
-
- openssl_csr_new generates a new CSR (Certificate Signing Request)
- based on the information provided by dn, which represents the
- Distinguished Name to be used in the certificate.
-
-
- privkey should be set to a private key that was
- previously generated by openssl_pkey_new (or
- otherwise obtained from the other openssl_pkey family of functions).
- The corresponding public portion of the key will be used to sign the
- CSR.
-
-
- extraattribs is used to specify additional
- configuration options for the CSR. Both dn and
- extraattribs are associative arrays whose keys are
- converted to OIDs and applied to the relevant part of the request.
-
- &reference.openssl.note-openssl-cnf;
-
- By default, the information in your system openssl.conf
- is used to initialize the request; you can specify a configuration file
- section by setting the config_section_section key of
- configargs. You can also specify an alternative
- openssl configuration file by setting the value of the
- config key to the path of the file you want to use.
- The following keys, if present in configargs
- behave as their equivalents in the openssl.conf, as
- listed in the table below.
+
+
+ openssl_csr_new
+ Generates a CSR
+
+
+ Description
+
+ mixedopenssl_csr_new
+ arraydn
+ resourceprivkey
+ arrayconfigargs
+ arrayextraattribs
+
+
+ openssl_csr_new generates a new CSR (Certificate Signing Request)
+ based on the information provided by dn, which represents the
+ Distinguished Name to be used in the certificate.
+
+
+ privkey should be set to a private key that was
+ previously generated by openssl_pkey_new (or
+ otherwise obtained from the other openssl_pkey family of functions).
+ The corresponding public portion of the key will be used to sign the
+ CSR.
+
+
+ extraattribs is used to specify additional
+ configuration options for the CSR. Both dn and
+ extraattribs are associative arrays whose keys are
+ converted to OIDs and applied to the relevant part of the request.
+
+ &reference.openssl.note-openssl-cnf;
+
+ By default, the information in your system openssl.conf
+ is used to initialize the request; you can specify a configuration file
+ section by setting the config_section_section key of
+ configargs. You can also specify an alternative
+ openssl configuration file by setting the value of the
+ config key to the path of the file you want to use.
+ The following keys, if present in configargs
+ behave as their equivalents in the openssl.conf, as
+ listed in the table below.
-
- Configuration overrides
-
-
-
- configargs key
- type
- openssl.conf equivalent
- description
-
-
-
-
- digest_alg
- string
- default_md
- Selects which digest method to use
-
-
- x509_extensions
- string
- x509_extensions
- Selects which extensions should be used when creating an x509
- certificate
-
-
- req_extensions
- string
- req_extensions
- Selects which extensions should be used when creating a CSR
-
-
- private_key_bits
- integer
- default_bits
- Specifies how many bits should be used to generate a private
- key
-
-
- private_key_type
- integer
- none
- Specifies the type of private key to create. This can be one
- of OPENSSL_KEYTYPE_DSA,
- OPENSSL_KEYTYPE_DH or
- OPENSSL_KEYTYPE_RSA.
- The default value is OPENSSL_KEYTYPE_RSA which
- is currently the only supported key type.
-
-
-
- encrypt_key
- boolean
- encrypt_key
- Should an exported key (with passphrase) be encrypted?
-
-
-
-
-
-
- &return.success;
-
-
-
- <function>openssl_csr_new</function> example - creating a
- self-signed-certificate
-
+
+ Configuration overrides
+
+
+
+ configargs key
+ type
+ openssl.conf equivalent
+ description
+
+
+
+
+ digest_alg
+ string
+ default_md
+ Selects which digest method to use
+
+
+ x509_extensions
+ string
+ x509_extensions
+ Selects which extensions should be used when creating an x509
+ certificate
+
+
+ req_extensions
+ string
+ req_extensions
+ Selects which extensions should be used when creating a CSR
+
+
+ private_key_bits
+ integer
+ default_bits
+ Specifies how many bits should be used to generate a private
+ key
+
+
+ private_key_type
+ integer
+ none
+ Specifies the type of private key to create. This can be one
+ of OPENSSL_KEYTYPE_DSA,
+ OPENSSL_KEYTYPE_DH or
+ OPENSSL_KEYTYPE_RSA.
+ The default value is OPENSSL_KEYTYPE_RSA which
+ is currently the only supported key type.
+
+
+
+ encrypt_key
+ boolean
+ encrypt_key
+ Should an exported key (with passphrase) be encrypted?
+
+
+
+
+
+
+ &return.success;
+
+
+
+ <function>openssl_csr_new</function> example - creating a
+ self-signed-certificate
+
]]>
-
-
-
-
-
+
+
+
+
+
+
-
-
- openssl_csr_sign
- Sign a CSR with another certificate (or itself) and generate a certificate
-
-
- Description
-
- resourceopenssl_csr_sign
- mixedcsr
- mixedcacert
- mixedpriv_key
- intdays
- arrayconfigargs
- intserial
-
-
- openssl_csr_sign generates an x509 certificate
- resource from the csr previously generated by
- openssl_csr_new, but it can also be the path to
- a PEM encoded CSR when specified as
- file://path/to/csr or an exported string generated
- by openssl_csr_export.
- The generated certificate will be signed by
- cacert. If cacert is &null;,
- the generated certificate will be a self-signed certificate.
- priv_key is the private key that corresponds to
- cacert.
- days specifies the length of time for which the
- generated certificate will be valid, in days.
- You can finetune the CSR signing by configargs.
- See openssl_csr_new for more information about
- configargs.
- Since PHP 4.3.3 you can specify the serial number of issued certificate by
- serial. In earlier versions, it was always 0.
-
-
- Returns an x509 certificate resource on success, &false; on failure.
-
- &reference.openssl.note-openssl-cnf;
-
-
- <function>openssl_csr_sign</function> example - signing a
- CSR (how to implement your own CA)
-
+
+
+ openssl_csr_sign
+ Sign a CSR with another certificate (or itself) and generate a certificate
+
+
+ Description
+
+ resourceopenssl_csr_sign
+ mixedcsr
+ mixedcacert
+ mixedpriv_key
+ intdays
+ arrayconfigargs
+ intserial
+
+
+ openssl_csr_sign generates an x509 certificate
+ resource from the csr previously generated by
+ openssl_csr_new, but it can also be the path to
+ a PEM encoded CSR when specified as
+ file://path/to/csr or an exported string generated
+ by openssl_csr_export.
+ The generated certificate will be signed by
+ cacert. If cacert is &null;,
+ the generated certificate will be a self-signed certificate.
+ priv_key is the private key that corresponds to
+ cacert.
+ days specifies the length of time for which the
+ generated certificate will be valid, in days.
+ You can finetune the CSR signing by configargs.
+ See openssl_csr_new for more information about
+ configargs.
+ Since PHP 4.3.3 you can specify the serial number of issued certificate by
+ serial. In earlier versions, it was always 0.
+
+
+ Returns an x509 certificate resource on success, &false; on failure.
+
+ &reference.openssl.note-openssl-cnf;
+
+
+ <function>openssl_csr_sign</function> example - signing a
+ CSR (how to implement your own CA)
+
]]>
-
-
-
-
-
-
+
+
+
+
+
+
-
-
- openssl_error_string
- Return openSSL error message
-
-
- Description
-
- stringopenssl_error_string
-
-
-
- Returns an error message string, or &false; if there are no more error
- messages to return.
-
-
- openssl_error_string returns the last error from the
- openSSL library. Error messages are stacked, so this function should be
- called multiple times to collect all of the information.
-
-
-
- <function>openssl_error_string</function> example
-
+
+
+ openssl_error_string
+ Return openSSL error message
+
+
+ Description
+
+ stringopenssl_error_string
+
+
+
+ Returns an error message string, or &false; if there are no more error
+ messages to return.
+
+
+ openssl_error_string returns the last error from the
+ openSSL library. Error messages are stacked, so this function should be
+ called multiple times to collect all of the information.
+
+
+
+ <function>openssl_error_string</function> example
+
\n";
?>
]]>
-
-
-
-
-
+
+
+
+
+
+
-
-
- openssl_free_key
- Free key resource
-
-
- Description
-
- voidopenssl_free_key
- resourcekey_identifier
-
-
- openssl_free_key frees the key associated with
- the specified key_identifier from memory.
-
-
-
+
+
+ openssl_free_key
+ Free key resource
+
+
+ Description
+
+ voidopenssl_free_key
+ resourcekey_identifier
+
+
+ openssl_free_key frees the key associated with
+ the specified key_identifier from memory.
+
+
+
+
-
-
- openssl_open
- Open sealed data
-
-
- Description
-
- boolopenssl_open
- stringsealed_data
- stringopen_data
- stringenv_key
- mixedpriv_key_id
-
-
- &return.success; If successful the opened
- data is returned in open_data.
-
-
- openssl_open opens (decrypts)
- sealed_data using the private key associated with
- the key identifier priv_key_id and the envelope key
- env_key, and fills
- open_data with the decrypted data.
- The envelope key is generated when the
- data are sealed and can only be used by one specific private key. See
- openssl_seal for more information.
-
-
-
- <function>openssl_open</function> example
-
+
+
+ openssl_open
+ Open sealed data
+
+
+ Description
+
+ boolopenssl_open
+ stringsealed_data
+ stringopen_data
+ stringenv_key
+ mixedpriv_key_id
+
+
+ &return.success; If successful the opened
+ data is returned in open_data.
+
+
+ openssl_open opens (decrypts)
+ sealed_data using the private key associated with
+ the key identifier priv_key_id and the envelope key
+ env_key, and fills
+ open_data with the decrypted data.
+ The envelope key is generated when the
+ data are sealed and can only be used by one specific private key. See
+ openssl_seal for more information.
+
+
+
+ <function>openssl_open</function> example
+
]]>
-
-
-
-
- See also openssl_seal.
-
-
-
+
+
+
+
+ See also openssl_seal.
+
+
+
+
-
-
- openssl_pkcs7_decrypt
- Decrypts an S/MIME encrypted message
-
-
- Description
-
- boolopenssl_pkcs7_decrypt
- stringinfilename
- stringoutfilename
- mixedrecipcert
- mixedrecipkey
-
-
- Decrypts the S/MIME encrypted message contained in the file specified by
- infilename using the certificate and its
- associated private key specified by recipcert and
- recipkey.
-
- The decrypted message is output to the
- file specified by outfilename
-
-
-
- <function>openssl_pkcs7_decrypt</function> example
-
+
+
+ openssl_pkcs7_decrypt
+ Decrypts an S/MIME encrypted message
+
+
+ Description
+
+ boolopenssl_pkcs7_decrypt
+ stringinfilename
+ stringoutfilename
+ mixedrecipcert
+ mixedrecipkey
+
+
+ Decrypts the S/MIME encrypted message contained in the file specified by
+ infilename using the certificate and its
+ associated private key specified by recipcert and
+ recipkey.
+
+ The decrypted message is output to the
+ file specified by outfilename
+
+
+
+ <function>openssl_pkcs7_decrypt</function> example
+
]]>
-
-
-
-
-
+
+
+
+
+
+
-
-
- openssl_pkcs7_encrypt
- Encrypt an S/MIME message
-
-
- Description
-
- boolopenssl_pkcs7_encrypt
- stringinfile
- stringoutfile
- mixedrecipcerts
- arrayheaders
- intflags
- intcipherid
-
-
- openssl_pkcs7_encrypt takes the contents of the
- file named infile and encrypts them using an RC2
- 40-bit cipher so that they can only be read by the intended recipients
- specified by recipcerts, which is either a
- lone X.509 certificate, or an array of X.509 certificates.
- headers is an array of headers that
- will be prepended to the data after it has been encrypted.
- flags can be used to specify options that affect
- the encoding process - see PKCS7
- constants.
- headers can be either an associative array
- keyed by header name, or an indexed array, where each element contains
- a single header line.
- Cipher can be selected with cipherid since PHP 5.
-
-
-
- <function>openssl_pkcs7_encrypt</function> example
-
+
+
+ openssl_pkcs7_encrypt
+ Encrypt an S/MIME message
+
+
+ Description
+
+ boolopenssl_pkcs7_encrypt
+ stringinfile
+ stringoutfile
+ mixedrecipcerts
+ arrayheaders
+ intflags
+ intcipherid
+
+
+ openssl_pkcs7_encrypt takes the contents of the
+ file named infile and encrypts them using an RC2
+ 40-bit cipher so that they can only be read by the intended recipients
+ specified by recipcerts, which is either a
+ lone X.509 certificate, or an array of X.509 certificates.
+ headers is an array of headers that
+ will be prepended to the data after it has been encrypted.
+ flags can be used to specify options that affect
+ the encoding process - see PKCS7
+ constants.
+ headers can be either an associative array
+ keyed by header name, or an indexed array, where each element contains
+ a single header line.
+ Cipher can be selected with cipherid since PHP 5.
+
+
+
+ <function>openssl_pkcs7_encrypt</function> example
+
]]>
-
-
-
+
+
+
-
-
+
+
+
-
-
- openssl_pkcs7_sign
- Sign an S/MIME message
-
-
- Description
-
- boolopenssl_pkcs7_sign
- stringinfilename
- stringoutfilename
- mixedsigncert
- mixedprivkey
- arrayheaders
- intflags
- stringextracerts
-
-
- openssl_pkcs7_sign takes the contents of the file
- named infilename and signs them using the
- certificate and its matching private key specified by
- signcert and privkey
- parameters.
-
- headers is an array of headers that
- will be prepended to the data after it has been signed (see
- openssl_pkcs7_encrypt for more information about
- the format of this parameter.
-
-
- flags can be used to alter the output - see PKCS7 constants - if not specified,
- it defaults to PKCS7_DETACHED.
-
-
- extracerts specifies the name of a file containing
- a bunch of extra certificates to include in the signature which can for
- example be used to help the recipient to verify the certificate that you used.
-
-
-
- <function>openssl_pkcs7_sign</function> example
-
+
+
+ openssl_pkcs7_sign
+ Sign an S/MIME message
+
+
+ Description
+
+ boolopenssl_pkcs7_sign
+ stringinfilename
+ stringoutfilename
+ mixedsigncert
+ mixedprivkey
+ arrayheaders
+ intflags
+ stringextracerts
+
+
+ openssl_pkcs7_sign takes the contents of the file
+ named infilename and signs them using the
+ certificate and its matching private key specified by
+ signcert and privkey
+ parameters.
+
+ headers is an array of headers that
+ will be prepended to the data after it has been signed (see
+ openssl_pkcs7_encrypt for more information about
+ the format of this parameter.
+
+
+ flags can be used to alter the output - see PKCS7 constants - if not specified,
+ it defaults to PKCS7_DETACHED.
+
+
+ extracerts specifies the name of a file containing
+ a bunch of extra certificates to include in the signature which can for
+ example be used to help the recipient to verify the certificate that you used.
+
+
+
+ <function>openssl_pkcs7_sign</function> example
+
]]>
-
-
-
-
-
+
+
+
+
+
+
-
-
- openssl_pkcs7_verify
- Verifies the signature of an S/MIME signed message
-
-
- Description
-
- mixedopenssl_pkcs7_verify
- stringfilename
- intflags
- stringoutfilename
- arraycainfo
- stringextracerts
- stringcontent
-
-
- openssl_pkcs7_verify reads the S/MIME message
- contained in the filename specified by filename and
- examines the digital signature. It returns &true; if the signature is
- verified, &false; if it is not correct (the message has been tampered with,
- or the signing certificate is invalid), or -1 on error.
-
-
- flags can be used to affect how the signature is
- verified - see PKCS7 constants
- for more information.
-
-
- If the outfilename is specified, it should be a
- string holding the name of a file into which the certificates of the
- persons that signed the messages will be stored in PEM format.
-
-
- If the cainfo is specified, it should hold
- information about the trusted CA certificates to use in the verification
- process - see certificate
- verification for more information about this parameter.
-
-
- If the extracerts is specified, it is the filename
- of a file containing a bunch of certificates to use as untrusted CAs.
-
-
- You can specify a filename with content that will
- be filled with the verified data, but with the signature information
- stripped. This was added as of PHP 5.1.0.
-
-
-
+
+
+ openssl_pkcs7_verify
+ Verifies the signature of an S/MIME signed message
+
+
+ Description
+
+ mixedopenssl_pkcs7_verify
+ stringfilename
+ intflags
+ stringoutfilename
+ arraycainfo
+ stringextracerts
+ stringcontent
+
+
+ openssl_pkcs7_verify reads the S/MIME message
+ contained in the filename specified by filename and
+ examines the digital signature. It returns &true; if the signature is
+ verified, &false; if it is not correct (the message has been tampered with,
+ or the signing certificate is invalid), or -1 on error.
+
+
+ flags can be used to affect how the signature is
+ verified - see PKCS7 constants
+ for more information.
+
+
+ If the outfilename is specified, it should be a
+ string holding the name of a file into which the certificates of the
+ persons that signed the messages will be stored in PEM format.
+
+
+ If the cainfo is specified, it should hold
+ information about the trusted CA certificates to use in the verification
+ process - see certificate
+ verification for more information about this parameter.
+
+
+ If the extracerts is specified, it is the filename
+ of a file containing a bunch of certificates to use as untrusted CAs.
+
+
+ You can specify a filename with content that will
+ be filled with the verified data, but with the signature information
+ stripped. This was added as of PHP 5.1.0.
+
+
+
+
-
-
- openssl_pkey_export_to_file
- Gets an exportable representation of a key into a file
-
-
- Description
-
- boolopenssl_pkey_export_to_file
- mixedkey
- stringoutfilename
- stringpassphrase
- arrayconfigargs
-
-
- openssl_pkey_export_to_file saves an ascii-armoured
- (PEM encoded) rendition of key into the file named
- by outfilename. The key can be optionally
- protected by a passphrase.
- configargs can be used to fine-tune the export
- process by specifying and/or overriding options for the openssl
- configuration file. See openssl_csr_new for more
- information about configargs.
- &return.success;
-
- &reference.openssl.note-openssl-cnf;
-
-
+
+
+ openssl_pkey_export_to_file
+ Gets an exportable representation of a key into a file
+
+
+ Description
+
+ boolopenssl_pkey_export_to_file
+ mixedkey
+ stringoutfilename
+ stringpassphrase
+ arrayconfigargs
+
+
+ openssl_pkey_export_to_file saves an ascii-armoured
+ (PEM encoded) rendition of key into the file named
+ by outfilename. The key can be optionally
+ protected by a passphrase.
+ configargs can be used to fine-tune the export
+ process by specifying and/or overriding options for the openssl
+ configuration file. See openssl_csr_new for more
+ information about configargs.
+ &return.success;
+
+ &reference.openssl.note-openssl-cnf;
+
+
+
-
-
- openssl_pkey_export
- Gets an exportable representation of a key into a string
-
-
- Description
-
- boolopenssl_pkey_export
- mixedkey
- stringout
- stringpassphrase
- arrayconfigargs
-
-
- openssl_pkey_export exports
- key as a PEM encoded string and stores it into
- out (which is passed by reference).
- The key is optionally protected by passphrase.
- configargs can be used to fine-tune the export
- process by specifying and/or overriding options for the openssl
- configuration file. See openssl_csr_new for more
- information about configargs.
- &return.success;
-
- &reference.openssl.note-openssl-cnf;
-
-
+
+
+ openssl_pkey_export
+ Gets an exportable representation of a key into a string
+
+
+ Description
+
+ boolopenssl_pkey_export
+ mixedkey
+ stringout
+ stringpassphrase
+ arrayconfigargs
+
+
+ openssl_pkey_export exports
+ key as a PEM encoded string and stores it into
+ out (which is passed by reference).
+ The key is optionally protected by passphrase.
+ configargs can be used to fine-tune the export
+ process by specifying and/or overriding options for the openssl
+ configuration file. See openssl_csr_new for more
+ information about configargs.
+ &return.success;
+
+ &reference.openssl.note-openssl-cnf;
+
+
-
-
- openssl_pkey_free
- Frees a private key
-
-
- Description
-
- voidopenssl_pkey_free
- resourcekey
-
-
- This function frees a private key created by
- openssl_pkey_new.
-
-
-
+
+
+
+ openssl_pkey_free
+ Frees a private key
+
+
+ Description
+
+ voidopenssl_pkey_free
+ resourcekey
+
+
+ This function frees a private key created by
+ openssl_pkey_new.
+
+
+
+
-
-
- openssl_pkey_get_private
- Get a private key
-
-
- Description
-
- resourceopenssl_pkey_get_private
- mixedkey
- stringpassphrase
-
-
- Returns a positive key resource identifier on success, or &false; on error.
-
-
- openssl_get_privatekey parses
- key and prepares it for use by other functions.
+
+
+ openssl_pkey_get_private
+ Get a private key
+
+
+ Description
+
+ resourceopenssl_pkey_get_private
+ mixedkey
+ stringpassphrase
+
+
+ Returns a positive key resource identifier on success, or &false; on error.
+
+
+ openssl_get_privatekey parses
+ key and prepares it for use by other functions.
- key can be one of the following:
-
- a string having the format
- file://path/to/file.pem. The named file must
- contain a PEM encoded certificate/private key (it may contain both).
-
-
- A PEM formatted private key.
-
-
-
-
- The optional parameter passphrase must be used if
- the specified key is encrypted (protected by a passphrase).
-
-
-
+ key can be one of the following:
+
+ a string having the format
+ file://path/to/file.pem. The named file must
+ contain a PEM encoded certificate/private key (it may contain both).
+
+
+ A PEM formatted private key.
+
+
+
+
+ The optional parameter passphrase must be used if
+ the specified key is encrypted (protected by a passphrase).
+
+
+
+
-
-
- openssl_pkey_get_public
- Extract public key from certificate and prepare it for use
-
-
- Description
-
- resourceopenssl_pkey_get_public
- mixedcertificate
-
-
- Returns a positive key resource identifier on success, or &false; on error.
-
-
- openssl_get_publickey extracts the
- public key from certificate and
- prepares it for use by other functions.
- certificate can be one of the following:
-
- an X.509 certificate resource
- a string having the format
- file://path/to/file.pem. The named file must
- contain a PEM encoded certificate/private key (it may contain both).
-
-
- A PEM formatted private key.
-
-
-
-
+
+
+ openssl_pkey_get_public
+ Extract public key from certificate and prepare it for use
+
+
+ Description
+
+ resourceopenssl_pkey_get_public
+ mixedcertificate
+
+
+ Returns a positive key resource identifier on success, or &false; on error.
+
+
+ openssl_get_publickey extracts the
+ public key from certificate and
+ prepares it for use by other functions.
+ certificate can be one of the following:
+
+ an X.509 certificate resource
+ a string having the format
+ file://path/to/file.pem. The named file must
+ contain a PEM encoded certificate/private key (it may contain both).
+
+
+ A PEM formatted private key.
+
+
+
+
+
-
-
- openssl_pkey_new
- Generates a new private key
-
-
- Description
-
- resourceopenssl_pkey_new
- arrayconfigargs
-
-
- openssl_pkey_new generates a new private and public
- key pair. The public component of the key can be obtained using
- openssl_pkey_get_public.
- You can finetune the key generation (such as specifying the number of
- bits) using configargs. See
- openssl_csr_new for more information about
- configargs.
-
- &reference.openssl.note-openssl-cnf;
-
-
+
+
+ openssl_pkey_new
+ Generates a new private key
+
+
+ Description
+
+ resourceopenssl_pkey_new
+ arrayconfigargs
+
+
+ openssl_pkey_new generates a new private and public
+ key pair. The public component of the key can be obtained using
+ openssl_pkey_get_public.
+ You can finetune the key generation (such as specifying the number of
+ bits) using configargs. See
+ openssl_csr_new for more information about
+ configargs.
+
+ &reference.openssl.note-openssl-cnf;
+
+
+
-
-
- openssl_private_decrypt
- Decrypts data with private key
-
-
- Description
-
- boolopenssl_private_decrypt
- stringdata
- stringdecrypted
- mixedkey
- intpadding
-
-
- openssl_private_decrypt decrypts
- data that was previous encrypted via
- openssl_public_encrypt and stores the result into
- decrypted. key must be the
- private key corresponding that was used to encrypt the
- data. padding defaults to
- OPENSSL_PKCS1_PADDING, but can also be one of
- OPENSSL_SSLV23_PADDING,
- OPENSSL_PKCS1_OAEP_PADDING,
- OPENSSL_NO_PADDING.
-
-
- &return.success;
-
-
- You can use this function e.g. to decrypt data which were supposed only to
- you.
-
-
- See also openssl_public_encrypt and
- openssl_public_decrypt.
-
-
-
+
+
+ openssl_private_decrypt
+ Decrypts data with private key
+
+
+ Description
+
+ boolopenssl_private_decrypt
+ stringdata
+ stringdecrypted
+ mixedkey
+ intpadding
+
+
+ openssl_private_decrypt decrypts
+ data that was previous encrypted via
+ openssl_public_encrypt and stores the result into
+ decrypted. key must be the
+ private key corresponding that was used to encrypt the
+ data. padding defaults to
+ OPENSSL_PKCS1_PADDING, but can also be one of
+ OPENSSL_SSLV23_PADDING,
+ OPENSSL_PKCS1_OAEP_PADDING,
+ OPENSSL_NO_PADDING.
+
+
+ &return.success;
+
+
+ You can use this function e.g. to decrypt data which were supposed only to
+ you.
+
+
+ See also openssl_public_encrypt and
+ openssl_public_decrypt.
+
+
+
+
-
-
- openssl_private_encrypt
- Encrypts data with private key
-
-
- Description
-
- boolopenssl_private_encrypt
- stringdata
- stringcrypted
- mixedkey
- intpadding
-
-
- openssl_private_encrypt encrypts data
- with private key and stores the result into
- crypted. Encrypted data can be decrypted via
- openssl_public_decrypt. padding
- defaults to OPENSSL_PKCS1_PADDING, but can also be
- OPENSSL_NO_PADDING.
-
-
- &return.success;
-
-
- This function can be used e.g. to sign data (or its hash) to prove that it
- is not written by someone else.
-
-
- See also openssl_public_decrypt and
- openssl_public_encrypt.
-
-
-
+
+
+ openssl_private_encrypt
+ Encrypts data with private key
+
+
+ Description
+
+ boolopenssl_private_encrypt
+ stringdata
+ stringcrypted
+ mixedkey
+ intpadding
+
+
+ openssl_private_encrypt encrypts data
+ with private key and stores the result into
+ crypted. Encrypted data can be decrypted via
+ openssl_public_decrypt. padding
+ defaults to OPENSSL_PKCS1_PADDING, but can also be
+ OPENSSL_NO_PADDING.
+
+
+ &return.success;
+
+
+ This function can be used e.g. to sign data (or its hash) to prove that it
+ is not written by someone else.
+
+
+ See also openssl_public_decrypt and
+ openssl_public_encrypt.
+
+
+
+
-
-
- openssl_public_decrypt
- Decrypts data with public key
-
-
- Description
-
- boolopenssl_public_decrypt
- stringdata
- stringdecrypted
- mixedkey
- intpadding
-
-
- openssl_public_decrypt decrypts
- data that was previous encrypted via
- openssl_private_encrypt and stores the result into
- decrypted. key must be the
- public key corresponding that was used to encrypt the
- data. padding defaults to
- OPENSSL_PKCS1_PADDING, but can also be
- OPENSSL_NO_PADDING.
-
-
- &return.success;
-
-
- You can use this function e.g. to check if the message was written by the
- owner of the private key.
-
-
- See also openssl_private_encrypt and
- openssl_private_decrypt.
-
-
-
+
+
+ openssl_public_decrypt
+ Decrypts data with public key
+
+
+ Description
+
+ boolopenssl_public_decrypt
+ stringdata
+ stringdecrypted
+ mixedkey
+ intpadding
+
+
+ openssl_public_decrypt decrypts
+ data that was previous encrypted via
+ openssl_private_encrypt and stores the result into
+ decrypted. key must be the
+ public key corresponding that was used to encrypt the
+ data. padding defaults to
+ OPENSSL_PKCS1_PADDING, but can also be
+ OPENSSL_NO_PADDING.
+
+
+ &return.success;
+
+
+ You can use this function e.g. to check if the message was written by the
+ owner of the private key.
+
+
+ See also openssl_private_encrypt and
+ openssl_private_decrypt.
+
+
+
+
-
-
- openssl_public_encrypt
- Encrypts data with public key
-
-
- Description
-
- boolopenssl_public_encrypt
- stringdata
- stringcrypted
- mixedkey
- intpadding
-
-
- openssl_public_encrypt encrypts data
- with public key and stores the result into
- crypted. Encrypted data can be decrypted via
- openssl_private_decrypt. padding
- defaults to OPENSSL_PKCS1_PADDING, but can also be
- one of OPENSSL_SSLV23_PADDING,
- OPENSSL_PKCS1_OAEP_PADDING,
- OPENSSL_NO_PADDING.
-
-
- &return.success;
-
-
- This function can be used e.g. to encrypt message which can be then read
- only by owner of the private key. It can be also used to store secure data
- in database.
-
-
- See also openssl_private_decrypt and
- openssl_private_encrypt.
-
-
-
+
+
+ openssl_public_encrypt
+ Encrypts data with public key
+
+
+ Description
+
+ boolopenssl_public_encrypt
+ stringdata
+ stringcrypted
+ mixedkey
+ intpadding
+
+
+ openssl_public_encrypt encrypts data
+ with public key and stores the result into
+ crypted. Encrypted data can be decrypted via
+ openssl_private_decrypt. padding
+ defaults to OPENSSL_PKCS1_PADDING, but can also be
+ one of OPENSSL_SSLV23_PADDING,
+ OPENSSL_PKCS1_OAEP_PADDING,
+ OPENSSL_NO_PADDING.
+
+
+ &return.success;
+
+
+ This function can be used e.g. to encrypt message which can be then read
+ only by owner of the private key. It can be also used to store secure data
+ in database.
+
+
+ See also openssl_private_decrypt and
+ openssl_private_encrypt.
+
+
+
+
-
-
- openssl_seal
- Seal (encrypt) data
-
-
- Description
-
- intopenssl_seal
- stringdata
- stringsealed_data
- arrayenv_keys
- arraypub_key_ids
-
-
- Returns the length of the sealed data on success, or &false; on error.
- If successful the sealed data is returned in
- sealed_data, and the envelope keys in
- env_keys.
+
+
+ openssl_seal
+ Seal (encrypt) data
+
+
+ Description
+
+ intopenssl_seal
+ stringdata
+ stringsealed_data
+ arrayenv_keys
+ arraypub_key_ids
+
+
+ Returns the length of the sealed data on success, or &false; on error.
+ If successful the sealed data is returned in
+ sealed_data, and the envelope keys in
+ env_keys.
-
-
- openssl_seal seals (encrypts)
- data by using RC4 with a randomly generated
- secret key. The key is encrypted with each of the public keys
- associated with the identifiers in pub_key_ids
- and each encrypted key is returned
- in env_keys. This means that one can send
- sealed data to multiple recipients (provided one has obtained their
- public keys). Each recipient must receive both the sealed data and
- the envelope key that was encrypted with the recipient's public key.
-
-
-
- <function>openssl_seal</function> example
-
+
+
+ openssl_seal seals (encrypts)
+ data by using RC4 with a randomly generated
+ secret key. The key is encrypted with each of the public keys
+ associated with the identifiers in pub_key_ids
+ and each encrypted key is returned
+ in env_keys. This means that one can send
+ sealed data to multiple recipients (provided one has obtained their
+ public keys). Each recipient must receive both the sealed data and
+ the envelope key that was encrypted with the recipient's public key.
+
+
+
+ <function>openssl_seal</function> example
+
]]>
-
-
-
-
- See also openssl_open.
-
-
-
+
+
+
+
+ See also openssl_open.
+
+
+
+
-
-
- openssl_sign
- Generate signature
-
-
- Description
-
- boolopenssl_sign
- stringdata
- stringsignature
- mixedpriv_key_id
- intsignature_alg
-
-
- &return.success;
- If successful the signature is returned in
- signature.
-
-
- openssl_sign computes a signature for the
- specified data by using SHA1 for hashing
- followed by encryption using the private key associated with
- priv_key_id. Note that the data itself is
- not encrypted.
-
-
-
- Optional 4th parameter signature_alg was added in
- version 5.0.0. Its default value is
- OPENSSL_ALGO_SHA1. For more information see the
- list of Signature Algorithms.
-
-
-
-
- <function>openssl_sign</function> example
-
+
+
+ openssl_sign
+ Generate signature
+
+
+ Description
+
+ boolopenssl_sign
+ stringdata
+ stringsignature
+ mixedpriv_key_id
+ intsignature_alg
+
+
+ &return.success;
+ If successful the signature is returned in
+ signature.
+
+
+ openssl_sign computes a signature for the
+ specified data by using SHA1 for hashing
+ followed by encryption using the private key associated with
+ priv_key_id. Note that the data itself is
+ not encrypted.
+
+
+
+ Optional 4th parameter signature_alg was added in
+ version 5.0.0. Its default value is
+ OPENSSL_ALGO_SHA1. For more information see the
+ list of Signature Algorithms.
+
+
+
+
+ <function>openssl_sign</function> example
+
]]>
-
-
-
-
- See also openssl_verify.
-
-
-
+
+
+
+
+ See also openssl_verify.
+
+
+
+
-
-
- openssl_verify
- Verify signature
-
-
- Description
-
- intopenssl_verify
- stringdata
- stringsignature
- mixedpub_key_id
- intsignature_alg
-
-
- Returns 1 if the signature is correct, 0 if it is incorrect, and
- -1 on error.
-
-
- openssl_verify verifies that the
- signature is correct for the specified
- data using the public key associated with
- pub_key_id. This must be the public key
- corresponding to the private key used for signing.
-
-
-
- Optional 4th parameter signature_alg was added in
- version 5.2.0. Its default value is
- OPENSSL_ALGO_SHA1. For more information see the
- list of Signature Algorithms.
-
-
-
-
- <function>openssl_verify</function> example
-
+
+
+ openssl_verify
+ Verify signature
+
+
+ Description
+
+ intopenssl_verify
+ stringdata
+ stringsignature
+ mixedpub_key_id
+ intsignature_alg
+
+
+ Returns 1 if the signature is correct, 0 if it is incorrect, and
+ -1 on error.
+
+
+ openssl_verify verifies that the
+ signature is correct for the specified
+ data using the public key associated with
+ pub_key_id. This must be the public key
+ corresponding to the private key used for signing.
+
+
+
+ Optional 4th parameter signature_alg was added in
+ version 5.2.0. Its default value is
+ OPENSSL_ALGO_SHA1. For more information see the
+ list of Signature Algorithms.
+
+
+
+
+ <function>openssl_verify</function> example
+
]]>
-
-
-
-
- See also openssl_sign.
-
-
-
+
+
+
+
+ See also openssl_sign.
+
+
+
+
-
-
- openssl_x509_check_private_key
- Checks if a private key corresponds to a certificate
-
-
- Description
-
- boolopenssl_x509_check_private_key
- mixedcert
- mixedkey
-
-
- openssl_x509_check_private_key returns &true; if
- key is the private key that corresponds to
- cert, or &false; otherwise.
-
-
-
+
+
+ openssl_x509_check_private_key
+ Checks if a private key corresponds to a certificate
+
+
+ Description
+
+ boolopenssl_x509_check_private_key
+ mixedcert
+ mixedkey
+
+
+ openssl_x509_check_private_key returns &true; if
+ key is the private key that corresponds to
+ cert, or &false; otherwise.
+
+
+
+
-
-
- openssl_x509_checkpurpose
- Verifies if a certificate can be used for a particular
- purpose
-
-
- Description
-
- intopenssl_x509_checkpurpose
- mixedx509cert
- intpurpose
- arraycainfo
- stringuntrustedfile
-
-
- Returns &true; if the certificate can be used for the intended purpose,
- &false; if it cannot, or -1 on error.
-
-
- openssl_x509_checkpurpose examines the certificate
- specified by x509cert to see if it can be used for
- the purpose specified by purpose.
-
-
- cainfo should be an array of trusted CA files/dirs
- as described in Certificate
- Verification. It defaults to an empty array.
-
- untrustedfile, if specified,
- is the name of a PEM encoded file holding certificates that can be used to
- help verify the certificate, although no trust in placed in the
- certificates that come from that file.
-
-
-
- <function>openssl_x509_checkpurpose</function> purposes
-
-
-
- Constant
- Description
-
-
-
-
- X509_PURPOSE_SSL_CLIENT
- Can the certificate be used for the client side of an SSL
- connection?
-
-
- X509_PURPOSE_SSL_SERVER
- Can the certificate be used for the server side of an SSL
- connection?
-
-
- X509_PURPOSE_NS_SSL_SERVER
- Can the cert be used for Netscape SSL server?
-
-
- X509_PURPOSE_SMIME_SIGN
- Can the cert be used to sign S/MIME email?
-
-
- X509_PURPOSE_SMIME_ENCRYPT
- Can the cert be used to encrypt S/MIME email?
-
-
- X509_PURPOSE_CRL_SIGN
- Can the cert be used to sign a certificate revocation list
- (CRL)?
-
-
- X509_PURPOSE_ANY
- Can the cert be used for Any/All purposes?
-
-
-
-
- These options are not bitfields - you may specify one only!
-
-
-
+
+
+ openssl_x509_checkpurpose
+ Verifies if a certificate can be used for a particular purpose
+
+
+ Description
+
+ intopenssl_x509_checkpurpose
+ mixedx509cert
+ intpurpose
+ arraycainfo
+ stringuntrustedfile
+
+
+ Returns &true; if the certificate can be used for the intended purpose,
+ &false; if it cannot, or -1 on error.
+
+
+ openssl_x509_checkpurpose examines the certificate
+ specified by x509cert to see if it can be used for
+ the purpose specified by purpose.
+
+
+ cainfo should be an array of trusted CA files/dirs
+ as described in Certificate
+ Verification. It defaults to an empty array.
+
+ untrustedfile, if specified,
+ is the name of a PEM encoded file holding certificates that can be used to
+ help verify the certificate, although no trust in placed in the
+ certificates that come from that file.
+
+
+
+ <function>openssl_x509_checkpurpose</function> purposes
+
+
+
+ Constant
+ Description
+
+
+
+
+ X509_PURPOSE_SSL_CLIENT
+ Can the certificate be used for the client side of an SSL
+ connection?
+
+
+ X509_PURPOSE_SSL_SERVER
+ Can the certificate be used for the server side of an SSL
+ connection?
+
+
+ X509_PURPOSE_NS_SSL_SERVER
+ Can the cert be used for Netscape SSL server?
+
+
+ X509_PURPOSE_SMIME_SIGN
+ Can the cert be used to sign S/MIME email?
+
+
+ X509_PURPOSE_SMIME_ENCRYPT
+ Can the cert be used to encrypt S/MIME email?
+
+
+ X509_PURPOSE_CRL_SIGN
+ Can the cert be used to sign a certificate revocation list
+ (CRL)?
+
+
+ X509_PURPOSE_ANY
+ Can the cert be used for Any/All purposes?
+
+
+
+
+ These options are not bitfields - you may specify one only!
+
+
+
+
-
-
- openssl_x509_export_to_file
- Exports a certificate to file
-
-
- Description
-
- boolopenssl_x509_export_to_file
- mixedx509
- stringoutfilename
- boolnotext
-
-
- openssl_x509_export_to_file stores
- x509 into a file named by
- outfilename in a PEM encoded format.
-
- &reference.openssl.parameter-notext;
-
- &return.success;
-
-
-
+
+
+ openssl_x509_export_to_file
+ Exports a certificate to file
+
+
+ Description
+
+ boolopenssl_x509_export_to_file
+ mixedx509
+ stringoutfilename
+ boolnotext
+
+
+ openssl_x509_export_to_file stores
+ x509 into a file named by
+ outfilename in a PEM encoded format.
+
+ &reference.openssl.parameter-notext;
+
+ &return.success;
+
+
+
+
-
-
- openssl_x509_export
- Exports a certificate as a string
-
-
- Description
-
- boolopenssl_x509_export
- mixedx509
- stringoutput
- boolnotext
-
-
- openssl_x509_export stores
- x509 into a string named by
- output in a PEM encoded format.
-
- &reference.openssl.parameter-notext;
-
- &return.success;
-
-
-
+
+
+ openssl_x509_export
+ Exports a certificate as a string
+
+
+ Description
+
+ boolopenssl_x509_export
+ mixedx509
+ stringoutput
+ boolnotext
+
+
+ openssl_x509_export stores
+ x509 into a string named by
+ output in a PEM encoded format.
+
+ &reference.openssl.parameter-notext;
+
+ &return.success;
+
+
+
+
-
-
- openssl_x509_free
- Free certificate resource
-
-
- Description
-
- voidopenssl_x509_free
- resourcex509cert
-
-
- openssl_x509_free frees the certificate associated
- with the specified x509cert resource from memory.
-
-
-
+
+
+ openssl_x509_free
+ Free certificate resource
+
+
+ Description
+
+ voidopenssl_x509_free
+ resourcex509cert
+
+
+ openssl_x509_free frees the certificate associated
+ with the specified x509cert resource from memory.
+
+
+
+
-
-
- openssl_x509_parse
- Parse an X509 certificate and return the information as an
- array
-
-
- Description
-
- arrayopenssl_x509_parse
- mixedx509cert
- boolshortnames
-
-
- openssl_x509_parse returns information about the
- supplied x509cert, including fields such as subject
- name, issuer name, purposes, valid from and valid to dates etc.
- shortnames controls how the data is indexed in the
- array - if shortnames is &true; (the default) then
- fields will be indexed with the short name form, otherwise, the long name
- form will be used - e.g.: CN is the shortname form of commonName.
-
- The structure of the returned data is (deliberately) not
- yet documented, as it is still subject to change.
-
-
+
+
+ openssl_x509_parse
+ Parse an X509 certificate and return the information as an
+ array
+
+
+ Description
+
+ arrayopenssl_x509_parse
+ mixedx509cert
+ boolshortnames
+
+
+ openssl_x509_parse returns information about the
+ supplied x509cert, including fields such as subject
+ name, issuer name, purposes, valid from and valid to dates etc.
+ shortnames controls how the data is indexed in the
+ array - if shortnames is &true; (the default) then
+ fields will be indexed with the short name form, otherwise, the long name
+ form will be used - e.g.: CN is the shortname form of commonName.
+
+
+ The structure of the returned data is (deliberately) not
+ yet documented, as it is still subject to change.
+
+
+
+
-
-
- openssl_x509_read
- Parse an X.509 certificate and return a resource identifier for
- it
-
-
- Description
-
- resourceopenssl_x509_read
- mixedx509certdata
-
-
- openssl_x509_read parses the certificate supplied by
- x509certdata and returns a resource identifier for
- it.
-
-
-
+
+
+ openssl_x509_read
+ Parse an X.509 certificate and return a resource identifier for
+ it
+
+
+ Description
+
+ resourceopenssl_x509_read
+ mixedx509certdata
+
+
+ openssl_x509_read parses the certificate supplied by
+ x509certdata and returns a resource identifier for
+ it.
+
+
+