I am trying to run the following command from PHP
openssl enc -base64 -in <( openssl dgst -sha256 -binary -hmac echkrHQpoaK8LV4ROplB8vQiY9r1dQf0 <( echo -n "POST application/json a5d3867576a72ad3d981f91032f32aff6b81435ea226807e32f322b20b711a54 2017-02-22T16:55:14Z /user/2"))
But I keep getting the error
sh: -c: line 0: syntax error near unexpected token `('
sh: -c: line 0: `openssl enc -base64 -in <( openssl dgst -sha256 -binary -hmac echkrHQpoaK8LV4ROplB8vQiY9r1dQf0 <( echo -n "POST application/json a5d3867576a72ad3d981f91032f32aff6b81435ea226807e32f322b20b711a54 2017-02-22T16:55:14Z /transaction/v23"))'
I have used shell_exc(), exec(), system() and backticks `` and they all give me the same output.
I am using PHP 7 on an Ubuntu 16.04 server and also in a CentOS 7 server.
The command runs as expected with a valid output when run directly in the shell.
I am at a lost here. Any help will be appreciate it.
Related
I have the following running code on PHP7.
$command = "openssl smime -verify -inform DER -in ".$path." -noverify -out ".PATH_XML_EXTRACT.$filename_output;
exec( $command, $output, $return_var );
The openssl command creates the file properly. Can I avoid to store the message content to the output file? I want to get the message as a string (for example in the $output variable) and managing the flow in memory (no writing on the disk).
Any suggestions?
I encrypted a file using file_input_contents function:
file_input_contents('myfile',openssl_encrypt("This string was AES-128 / ECB encrypted.", "AES-128-ECB", "password"));
But I can't decrypt it using openssl command. Always getting "bad magic number" error.
I tried with this command:
openssl enc -aes-128-ecb -d -in myfile -out outputfile
$passphrase = "';__!!??()[]";
$passphrase = escapeshellarg($passphrase);
shell_exec("openssl\openssl.exe genrsa -des3 -passout pass:${passphrase} -out test.key 2048");
#Here the password works
echo system("openssl\openssl.exe rsa -in test.key -passin pass:${passphrase} -noout -text");
This code works fine to generate a key with openssl. I can also read the key without any problem. But when I want to read the key from the command line I'm unable to decrypt it. I use exactly the same command as in the code. The only difference is, that I copy the passphrase to the command line as it is written in the code. This always fails with a bad decrypt error.
How can I fix this issue?
Edit: To make this more clear. This does not work when run from terminal:
openssl\openssl.exe rsa -in test.key -passin pass:"';__!!??()[]" -noout -text
Why don't you use PHP's OpenSSL library instead of the shell?
http://php.net/manual/en/ref.openssl.php
TLDR;
I have a shell script which works fine when run from the command line, but not if called from within a PHP script (accessed via web).
In both cases, the calling user is www-data.
The line failing is this:
openssl genrsa -des3 -out certs/$PCODE.key -passout env:PASSPHRASE 2048
Why is this happening? How can I debug it?
Full story
I have the following script which is a slightly modified version of this gist for generating self-signed SSL certs.
When I run it from the terminal as www-data it works ok and generates the key files, the CSR and the SSL cert file. But when I call the script from within a PHP script, it outputs an error and no files are generated. What is causing the failure? How can I debug this?
From terminal:
me#machine$ sudo su www-data
www-data#machine$ ./gencert.sh acme
www-data will generate an SSL cert for acme.dev
Command after line 32 executed oK
Passphrase expoted as I7gOnWxWd0hOk38Zu ... FbxL3K3Rzlv
Generating RSA private key, 2048 bit long modulus
..............................................+++
.................+++
e is 65537 (0x10001)
Command after line 49 executed oK
Command after line 54 executed oK
Command after line 65 executed oK
writing RSA key
Command after line 69 executed oK
Signature ok
subject=/C=IR/ST=Alborz/.../emailAddress=noreply#acme.dev
Getting Private key
Command after line 74 executed oK
Resulting files:
certs/acme.key.org
certs/acme.key
certs/acme.csr
certs/acme.crt
From PHP:
$r = `/var/www/testbench/pm/shell/gencert.sh acme`;
echo $r;
No files are generated and the output is this:
www-data will generate an SSL cert for acme.dev
Command after line 32 executed oK
Passphrase expoted as 1Fd1seZoe2XF ... oSmQFJdVpdwOeTo2CK5VjLxp
Error. Return value = 1 after line 49
The line returning 1 is this:
openssl genrsa -des3 -out certs/$PCODE.key -passout env:PASSPHRASE 2048
Here is the modified shell script:
#!/bin/bash
# Bash shell script for generating self-signed certs. Run this in a folder, as it
# generates a few files. Large portions of this script were taken from the
# following artcile:
#
# http://usrportage.de/archives/919-Batch-generating-SSL-certificates.html
# https://deliciousbrains.com/ssl-certificate-authority-for-local-https-development/
# Additional alterations by: Brad Landers
# Date: 2012-01-27
# Script accepts a single argument, the fqdn for the cert
PCODE="$1"
if [ -z "$PCODE" ]; then
echo "Usage: $(basename $0) <PCODE>"
exit 11
fi
THE_USER="$(whoami)"
echo "$THE_USER will generate an SSL cert for $PCODE.dev"
fail_if_error() {
[ $1 != 0 ] && {
echo -n "Error. Return value = $1 after line $LASTLINE"
unset PASSPHRASE
exit 10
}
echo "Command after line $LASTLINE executed oK"
}
# Generate a passphrase
LASTLINE="${LINENO}"
export PASSPHRASE=$(head -c 500 /dev/urandom | tr -dc a-z0-9A-Z | head -c 128; echo)
fail_if_error $?
echo -n "Passphrase expoted as "
printenv PASSPHRASE
# Certificate details; replace items in angle brackets with your own info
subj="
C=IR
ST=Alborz
O=ACME
localityName=Karaj
commonName=*.$PCODE.dev
organizationalUnitName=WebAdmin
emailAddress=noreply#$PCODE.dev
"
LASTLINE="${LINENO}"
# Generate the server private key
openssl genrsa -des3 -out certs/$PCODE.key -passout env:PASSPHRASE 2048
fail_if_error $?
LASTLINE="${LINENO}"
# Generate the CSR
openssl req \
-new \
-batch \
-subj "$(echo -n "$subj" | tr "\n" "/")" \
-key certs/$PCODE.key \
-out certs/$PCODE.csr \
-passin env:PASSPHRASE
fail_if_error $?
LASTLINE="${LINENO}"
cp certs/$PCODE.key certs/$PCODE.key.org
fail_if_error $?
LASTLINE="${LINENO}"
# Strip the password so we don't have to type it every time we restart Apache
openssl rsa -in certs/$PCODE.key.org -out certs/$PCODE.key -passin env:PASSPHRASE
fail_if_error $?
LASTLINE="${LINENO}"
# Generate the cert (good for 10 years)
openssl x509 -req -days 3650 -in certs/$PCODE.csr -signkey certs/$PCODE.key -out certs/$PCODE.crt
fail_if_error $?
The command you want to execute has relative paths, eg: certs/$PCODE.key. When you exec the commands (via the backtick operator in this case), the paths are expanded relative to the PHP process' current working directory. This is rarely, if ever, the same path as your command shell uses.
To debug this, you can extend your actual command with strace, eg: strace openssl .... This will give you considerable diagnostics and, near the end, you'll see something along the lines of EPERM.
To fix this, you can either use chdir in your PHP to set the current working directory, or you can cd in your script, or your script can use absolute paths. I'd prefer the latter.
I'm generating a SHA1 hash via OpenSSL via the commandline with the following command:
echo -n "test" | openssl dgst -sha1 -sign private.pem | openssl enc -base64
The output is:
mTuk4MicnS1Xn9BB4wed6pWe62CGDgj6imaOp9f3spiRo/W88WNac7sMkAYl37ruh82mbREbEzsFwCCdhO3MpGh/tyhb+2vx59tta1GTp5Nhb8PlnFL20Zh8QUrv6WrgvsI8z4IPG4KXCJw++7hBQHcnxa8dT5EMn1OW72MumG8=
when I execute the same command via PHP with exec() I get a different output:
YDGDpc0nC1uaFBO28uepQ/8hMhqoUhXIhqb0UTVCHA2oqWI7PeYyHBB1tmvQ8iqo/ZJzvkNxAruy6T67rdpz/4hyKh6hRxGvYNStteqv/Cn04yiSlgidiHnN2x5aoI6GdE/c0haiE/WmJlFTOcQdPztsQWOk2QUzWdwDmO0OjqE=
WHY?
both scripts run via the same user, As the PHP Script is run as "nobody" I have logged in via the shell as nobody and executed it... no dfference
Using the full path fixed the problem!