OpenSSL Functions OpenSSL
&reftitle.intro; This module uses the functions of OpenSSL for generation and verification of signatures and for sealing (encrypting) and opening (decrypting) data. OpenSSL offers many features that this module currently doesn't support. Some of these may be added in the future.
&reftitle.required; In order to use the OpenSSL functions you need to install the OpenSSL package. PHP between versions 4.0.5 and 4.3.1 will work with OpenSSL >= 0.9.5. Other versions (PHP <=4.0.4pl1 and >= 4.3.2) require OpenSSL >= 0.9.6. You are strongly encouraged to use the most recent OpenSSL version, otherwise your web server could be vulnerable to attack.
&reference.openssl.configure;
&reftitle.runtime; &no.config;
&reftitle.resources;
Key/Certificate parameters Quite a few of the openssl functions require a key or a certificate parameter. PHP 4.0.5 and earlier have to use a key or certificate resource returned by one of the openssl_get_xxx functions. Later versions may use one of the following methods: Certificates An X.509 resource returned from openssl_x509_read A string having the format file://path/to/cert.pem; the named file must contain a PEM encoded certificate A string containing the content of a certificate, PEM encoded Public/Private Keys A key resource returned from openssl_get_publickey or openssl_get_privatekey For public keys only: an X.509 resource A string having the format file://path/to/file.pem - the named file must contain a PEM encoded certificate/private key (it may contain both) A string containing the content of a certificate/key, PEM encoded For private keys, you may also use the syntax array($key, $passphrase) where $key represents a key specified using the file:// or textual content notation above, and $passphrase represents a string containing the passphrase for that private key
Certificate Verification When calling a function that will verify a signature/certificate, the cainfo parameter is an array containing file and directory names that specify the locations of trusted CA files. If a directory is specified, then it must be a correctly formed hashed directory as the openssl command would use.
&reference.openssl.constants; &reference.openssl.functions;