I am developing an wap app with laravel and omnipay-alipay (https://github.com/lokielse/omnipay-alipay/wiki/Aop-WAP-Gateway) I followed the instructions:
$gateway = Omnipay::create('Alipay_AopWap');
$gateway->setAppId('201610100207.....');
$gateway->setPrivateKey('MIICXAIBAAKBgQDH8RiuZfAi1Lm+81GTopr9Ttg/NL6CJ4vtQcKkCkj0DCdL4DVo6V2mBFp9aWsC1KmbphEvOCBotwfdBnEXeSSpGaGi8DNR95za+C027YluN6uxrSRQh3Enk16oEf4QIzezn91+aZgS2innm6RqDOkx/7qWQVAeQPtrPUOQdAJgQwIDAQABAoGAL9x+1ACC41OYwyTrujOKdmiRS1AM6osc68Z6GVp87C6cmYUqQ9rZGAyivLKncx4FG8U9B9ifqXFm6HnKSJwvMf6jKeMM5sn+ez3Ixc3MuaQyyPkAOeU/jdOYAtFHU6slbZTSaofgGaJ0CZCSkdQ+rMaAoJm3EcOjmAVpMvn0IgECQQD5gBJn4Tz0twIIS+VukJ0tQA/BpvuJU/CoHj/28EH6X1oHGvz4Se7Hdgx+TDY99akq24StyVwqLgp3OmuGYp7jAkEAzSaESlTLI/huFMJSCp1QLVWdz6nubMsNF82Na7I2S2v8OElerhi5HVCTXq4xWO4I8V9o34JktGn5GpwAdFyXIQJAWxBTp3aeOPNS2pRY+THvLETle1jnFgh9Hd9smUS30BpdUZqYGkdhz4tWpAJNCfBP/kSA+K015m9HgpzgAfyc4QJAfGRQbqm/iw4F4Xx6Nolwpix1xgcp1LnCNJ6kk5q5pT3S72Y9jJ7dD9NdqFlC/sNGlOTfODdeTK69Js9UzzmdQQJBAI99imtOqFPssADFHQg+w7EYH3tdX+YN7guiOaurb2r2P4a3S6DOq5GtFWG/ffM10q7gbXVS1KOWOFiMUCF/Ac0=');
//$gateway->setPrivateKey('-----BEGIN RSA PRIVATE KEY-----MIICXAIBAAKBgQDH8RiuZfAi1Lm+81GTopr9Ttg/NL6CJ4vtQcKkCkj0DCdL4DVo6V2mBFp9aWsC1KmbphEvOCBotwfdBnEXeSSpGaGi8DNR95za+C027YluN6uxrSRQh3Enk16oEf4QIzezn91+aZgS2innm6RqDOkx/7qWQVAeQPtrPUOQdAJgQwIDAQABAoGAL9x+1ACC41OYwyTrujOKdmiRS1AM6osc68Z6GVp87C6cmYUqQ9rZGAyivLKncx4FG8U9B9ifqXFm6HnKSJwvMf6jKeMM5sn+ez3Ixc3MuaQyyPkAOeU/jdOYAtFHU6slbZTSaofgGaJ0CZCSkdQ+rMaAoJm3EcOjmAVpMvn0IgECQQD5gBJn4Tz0twIIS+VukJ0tQA/BpvuJU/CoHj/28EH6X1oHGvz4Se7Hdgx+TDY99akq24StyVwqLgp3OmuGYp7jAkEAzSaESlTLI/huFMJSCp1QLVWdz6nubMsNF82Na7I2S2v8OElerhi5HVCTXq4xWO4I8V9o34JktGn5GpwAdFyXIQJAWxBTp3aeOPNS2pRY+THvLETle1jnFgh9Hd9smUS30BpdUZqYGkdhz4tWpAJNCfBP/kSA+K015m9HgpzgAfyc4QJAfGRQbqm/iw4F4Xx6Nolwpix1xgcp1LnCNJ6kk5q5pT3S72Y9jJ7dD9NdqFlC/sNGlOTfODdeTK69Js9UzzmdQQJBAI99imtOqFPssADFHQg+w7EYH3tdX+YN7guiOaurb2r2P4a3S6DOq5GtFWG/ffM10q7gbXVS1KOWOFiMUCF/Ac0=-----END RSA PRIVATE KEY-----');
but I kept getting the error msg:
openssl_sign(): supplied key param cannot be coerced into a private key.
I've tried different formats but in vain. How should I set the private key properly ? Thanks in advance.
According to my reading of the code, the private_key parameter is passed to PHP's openssl_pkey_get_private() function, i.e. this one:
http://php.net/manual/en/function.openssl-pkey-get-private.php
By looking at your code above it seems that you need to use something like the line that you have commented out:
$gateway->setPrivateKey('-----BEGIN RSA PRIVATE KEY-----MIICXAI...
however each line of the private key file must be terminated with a new line (\n) character.
Use OpenSSL to create a PEM formatted private key file and then read that in using file_get_contents().
Related
I have a private key file $formatPrivateKey that I need to use as a variable
$privateKey = file_get_contents('27660275_website.com.key');
$signature = hash_hmac('sha256', $base64UrlHeader . "." . $base64UrlPayload, $privateKey, true);
I need this to generate a client-assertion JWT.
However, I'm getting the following error - {"error":"invalid_request","error_description":"The Token's Signature resulted invalid when verified using the Algorithm: SHA256withRSA"}
I guess I'm not reading the file_get_contents('27660275_website.com.key') properly.
My $privateKey file starts with the following -----BEGIN RSA PRIVATE KEY----- and finishes with -----END RSA PRIVATE KEY----. I tried to remove them but I still got the same output.
I tried to concatenate the alphanumeric sequence as suggested in another answer to a question in Stackoverflow. However, it didn't work.
Therefore my assumption that I'm not reading file_get_contents('27660275_website.com.key') properly.
In this context, the secret key is a password (a string) rather than a private key file.
Check out this for example, they simply use the password 'secret'. Any string should make your code work.
https://www.php.net/manual/en/function.hash-hmac.php
According to OpenSSL ChangeLog, OpenSSL 1.1.1 added support for EdDSA (which includes Ed25519). I'm running PHP 7.3.5 with OpenSSL 1.1.1b, which should support it. I tried to use an Ed25519 (the ones from https://www.rfc-editor.org/rfc/rfc8410#section-10.3). That got me the following error (as returned by openssl_error_string()) with the "Ed25519 private key without the public key" key.
error:0608D096:digital envelope routines:EVP_PKEY_sign_init:operation not supported for this keytype
The "Ed25519 private key encoded with an attribute and the public key" key got me a different error.
Warning: openssl_sign(): supplied key param cannot be coerced into a private key in /path/to/test.php on line 3 bad error:0D078094:asn1 encoding routines:asn1_item_embed_d2i:sequence length mismatch
This the code I used.
$r = openssl_sign('hello, world!', $signature, '-----BEGIN PRIVATE KEY-----
MHICAQEwBQYDK2VwBCIEINTuctv5E1hK1bbY8fdp+K06/nwoy/HU++CXqI9EdVhC
oB8wHQYKKoZIhvcNAQkJFDEPDA1DdXJkbGUgQ2hhaXJzgSEAGb9ECWmEzf6FQbrB
Z9w7lshQhqowtrbLDFw4rXAxZuE=
-----END PRIVATE KEY-----');
echo $r ? 'good' : 'bad';
echo "\n";
echo openssl_error_string();
I guess PHP just doesn't yet support Ed25519.
I guess not, if we go by the documentation, it looks like the signing/verification requirements are different from the normal usage of the openssl library.
The Ed25519 and Ed448 EVP_PKEY implementation supports key generation,
one-shot digest sign and digest verify using PureEdDSA and Ed25519 or
Ed448 (see RFC8032).
and comments like:
The PureEdDSA algorithm does not support the streaming mechanism of other signature algorithms using, for example, EVP_DigestUpdate(). The message to sign or verify must be passed using the one-shot EVP_DigestSign() and EVP_DigestVerify() functions.
When calling EVP_DigestSignInit() or EVP_DigestVerifyInit(), the digest type parameter MUST be set to NULL.
So, unless you can call the openssl api directly or can add more openssl glue functions to support one-shot signing/verification support then I guess not.
I'm trying to get php to report the public key length of a certificate as a representation of bits.
e.g. 1024, 2048, 4096 etc.
I've trawled though countless functions on the PHP docs for answers or a steer in the right direction. Cant for the life of me work out a function that will provide this data.
http://php.net/manual/en/ref.openssl.php
openssl_pkey_get_details() seemed like the way to go. But cant find a way to give it the public key in the first place.
Currently i can parse the certificate. However this doesn't include the public key or bits information.
<?php
$cert = $_POST['cert_text'];
$ssl = openssl_x509_parse($cert);
echo json_encode($ssl);
?>
The $cert variable above is a PEM format certificate file. So in the format of
-----BEGIN CERTIFICATE-----
MIIGWTCCBUGgAwIBAgIKG6SqTwACAAAANzANBgkqhkiG.....etc..
-----END CERTIFICATE-----
i believe this
http://php.net/manual/en/function.openssl-pkey-get-details.php
will solve your problem
using
array openssl_pkey_get_details ( resource $key )
Returns an array with the key details in success or FALSE in failure. Returned array has indexes bits (number of bits), key (string representation of the public key) and type (type of the key which is one of OPENSSL_KEYTYPE_RSA, OPENSSL_KEYTYPE_DSA, OPENSSL_KEYTYPE_DH, OPENSSL_KEYTYPE_EC or -1 meaning unknown).
I'm creating a an X509 certificate using phpseclib and all of that seems to be fine. Once I've created the certificate, I save it down as a pkcs12 file in PHP using the private key associated with my certificate. However, once I read that file, the private key I get back is different. Shouldn't the key be the same?
For instance, let's say I call:
openssl_pkcs12_export_to_file($cert , $write_loc, $priv_key , $pass);
Works great, now when I read the file with:
openssl_pkcs12_read($write_loc, $certs, $pass);
The output in $certs['pkey'] differs from the $priv_key I passed to the export_to_file method above.
Surely they must be the same, or am I mixing up 2 completely different things?
Thank you!
I think what's going is explained at PHP RSA key creation
Basically, you're using a key that starts off with -----BEGIN RSA PRIVATE KEY----- and the key you're getting back starts off with -----BEGIN PRIVATE KEY-----.
The former is a PKCS1 formatted private key and the latter is a PKCS8 formatted private key. The latter has the private key type embedded within the base64-encoded data itself whereas the former has the private key type embedded in the human readable string.
Some versions of PHP / OpenSSL output the PKCS8 key and others output the PKCS1 key..
I have an applet that uses a "foo.key" file and a string password to generate a privateKey object, using BouncyCastle apis. Then a signature is created using this privateKey object and a string such as "MYNAMEHERE". All I know is that the algorythm used to generate this signature is RSA.
What I want to do is to decrypt (or verify) this signature in PHP. I have both files publicKey (file.cer) and privateKey (file.key) that where used to generate the privateKey object in Java.
Im trying using the openssl_verify functions in PHP, passing the values:
openssl_verify("MYNAMEHERE", $signature, "file.cer"), where $signature contains the String representation of the signature object generated in Java: new String (signature).
I dont know if this process is correct to verify the signature, or what kind of encoding/decoding process i have to do before using this function.
I hope somebody points me the right direction!
Thanks in advance!
You haven't given enough information, such as the actual signature or how it is encoded. Normally RSA means RSA in PKCS#1 1.5 mode using SHA-1 (Google it) which is more or less the default signature generation/verification algorithm in use today. In that case, the verify should proceed as you've described. The password is not needed anymore, it might just be used to decrypt the private key. You can still use the private key to see if an sign in PHP/openssl does create the same data. If not, a different hash or PKCS#1 v2.1 signature may have been used.