473,770 Members | 2,519 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

Getting an OpenSSL public key in PEM form, from a private key or a certificate.

Hi,

I'm working on a project making large use of OpenSSL to individually
encrypt items inside a database, but I've hit a stumbling block.

There appears to be absolutely no native PHP way (eg without a shell
call to openssl) to get the PEM encoded form of a public key, given
the private key and applicable passphrase.

The closest that can be gotten is a resource key, via:
$tmp = ... // PEM encoded certificate
$pubkey = openssl_pkey_ge t_public($tmp);
From this point however, there is still no way to get PHP to give me
the public key in a PEM encoding, for storage in the database. I've
tried all of the export functions, with various warnings returned from
them.

Getting to the above point from scratch requires generating a
certificate request from the private key, and then a self-signed
certificate from that CSR. While this is doable, leaving out the
self-signed certificate step would produce a large increase in
performance as well.

The openssl command I wish to emulate is:
openssl rsa -pubout <privkey.pem

Surely there must be a way to achieve this simple action?
Jul 17 '05 #1
2 8328
Have you tried "openssl_pkey_e xport" ?
On Thu, 29 Jul 2004 19:27:04 -0700, Robin H. Johnson wrote:
I'm working on a project making large use of OpenSSL to individually
encrypt items inside a database, but I've hit a stumbling block.

There appears to be absolutely no native PHP way (eg without a shell
call to openssl) to get the PEM encoded form of a public key, given
the private key and applicable passphrase.

The closest that can be gotten is a resource key, via:
$tmp = ... // PEM encoded certificate
$pubkey = openssl_pkey_ge t_public($tmp);
From this point however, there is still no way to get PHP to give me
the public key in a PEM encoding, for storage in the database. I've
tried all of the export functions, with various warnings returned from
them.

Getting to the above point from scratch requires generating a
certificate request from the private key, and then a self-signed
certificate from that CSR. While this is doable, leaving out the
self-signed certificate step would produce a large increase in
performance as well.

The openssl command I wish to emulate is:
openssl rsa -pubout <privkey.pem

Surely there must be a way to achieve this simple action?


Jul 17 '05 #2
User1001 <su**********@g lobaleyes.net> wrote in message news:<pa******* *************** ******@globaley es.net>...
Have you tried "openssl_pkey_e xport" ?

[snip]
the public key in a PEM encoding, for storage in the database. I've
tried all of the export functions, with various warnings returned from
them.


NONE of the export functions work to export the public key. That's
openssl_pkey_ex port, openssl_x509_ex port, openssl_csr_exp ort.

openssl_pkey_ex port is the one that SHOULD work, but produces:
Warning: openssl_pkey_ex port(): supplied key param is a public key in
.... on line ...
Warning: openssl_pkey_ex port(): cannot get key from parameter 1 in ...
on line ...
and provides an empty string, returning false to show it failed.
Jul 17 '05 #3

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics
0
1811
openssl_csr_new() not working... getting a 404 error !
by: Tetedeiench | last post by:
Hi ! I am currently changing the server for my website, and i make a heavy use of openssl functions. Both servers use PHP4.3.3 with OpenSSL 0.9.6i. I was actually testing with this code, taken out from PHP's documentation :
PHP
0
2731
Enabling (PHP5) OpenSSL extensions when signing a certificate
by: User1001 | last post by:
I have been trying to enable/use specific OpenSSL extensions that I use in generating certificates manually, via PHP5 + php5-openssl module/extension. Filling out the "configargs" array with 'x509_extensions' and/or 'req_extensions' fails to generate/sign a certificate with the desired X.509 extensions included in the signed certificate. The extensions in my "openssl.cnf" file work just fine with manual OpenSSL commands. Also, I am...
PHP
0
2776
Error using Crypt::OpenSSL::RSA - Fails loading public key - Help needed
by: John Bergstrom | last post by:
Hello everyone! I wrote a simple perl program to encrypt a string using Crypt::OpenSSL::RSA. Everything as described in the module documentation. The public key is a valid X.509 encrypted certificate. When I tried executing the code I get the following error: -------------------
Perl
1
1828
Getting public key using openssl_*
by: diogoko | last post by:
Has anyone been sucessful in getting/reading a RSA or DSA public key using the openssl functions? openssl_get_publickey should work with PEM files, but it doesn't... I've tried creating a X.509 certificate, putting the public key in there and getting it out with openssl_get_publickey, but it doesn't work either... All I want to do is to decrypt some data using a public key received
PHP
0
1217
Anyone who knows how to uses openssl libraries?
by: Liu Wei | last post by:
Hi everyone, i am trying to write a C program of signature verifying and i need your help indeed... well, the program reads the public key from a X.509 certificate file. then the public key can be used in the process of decrypting the signature which sent by the sender. i know the openssl libraries provide lots of functions for
C / C++
3
9964
getting 403: forbidden when attempt to access SSL secured webservice
by: JerryK | last post by:
Hi, I have an ASP.net page, written in VB.net. In that code I want to access a validator web services that is secured via SSL. I have installed the certificate, via a .pfx file, on the system. I can browse to the service and appear to be getting through However, from my server page I cannot access the web service. The call to the service generates the exception "Request failed with HTTP status 403: Forbidden". I had previously...
.NET Framework
1
4942
OpenSSL C++; Problem with Certificates
by: pawnee | last post by:
Explanation: I wrote a simple openssl server using code from basic examples. I tried it out with several browsers like firefox, opera, ie and safari. With firefox i get the certificate and then the html site. But with the other browsers I got either no html page at all or got the site just after loading the browser twice. I dont know if the problem are the certificates or the c++ code. Platform / OS / Version: IDE: embeddedVisualC++...
C / C++
3
6494
Re: urllib getting SSL certificate info
by: Fredrik Lundh | last post by:
Ghirai wrote: you can get some info via (undocumented?) attributes on the file handle: <httplib.SSLFile instance at 0x00CE2508> '/C=ZA/O=Thawte Consulting (Pty) Ltd./CN=Thawte SGC CA' '/C=US/ST=California/L=Mountain View/O=Google Inc/CN=mail.google.com'
Python
3
7909
python openssl x509 CA
by: Marcin Jurczuk | last post by:
Hello, I'm fighting with Certificate Authority functionality with python I stuck on following problem: How to sign CSR using CA key and write resulted certificate. You can do it using following openssl cmd: openssl ca -cert CA/cert.pem -keyfile CA/private/cakey.pem -policy policy_anything -out user_cert.pem -infiles userreq.pem My try was:
Python
0
9425
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
Windows Server
0
10230
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. Here is my compilation command: g++-12 -std=c++20 -Wnarrowing bit_field.cpp Here is the code in...
C / C++
0
10058
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...
Online Marketing
1
10004
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
Windows Server
0
9870
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
General
0
8886
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own.... Now, this would greatly impact the work of software developers. The idea...
Career Advice
0
5313
Trying to create a lan-to-lan vpn between two differents networks
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
Networking - Hardware / Configuration
0
5450
Windows Forms - .Net 8.0
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
Visual Basic .NET
1
3972
transfer the data from one system to another through ip address
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
C# / C Sharp

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes
How to Post and Respond on Bytes
How to Promote and Link on Bytes
How to increase your Ranking on Bytes
Become a Recognized Expert on Bytes
Feedback Welcomed! Contact Us