I generate a pair of keys using openssl:
shell> ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/Users/mike/.ssh/id_rsa): /path/to/test_rsa
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /path/to/test_rsa.
Your public key has been saved in /path/to/test_rsa.pub.
And then, I generate modulus from private key:
shell> openssl rsa -in /path/to/test_rsa -noout -modulus > /path/to/modulus.txt
Now, is there any way to get test_rsa.pub(public key) just from modulus?
You can get the public key in a more standardized format using phpseclib, a pure PHP RSA implementation. eg.
<?php
include('Crypt/RSA.php');
$modulus = 'yEQs2LxSHBZgZCH0rRQQy9kmry8g2tNhQL1B9f5azNz9Ce9pXPgSRjVUo1B9Ggb/FK3jy41wWd2IfS6rse3vBzRsabMj29CVODM/19yZPmwEmjJHCgYd+AA2qweKZanDp4FLsSw/kyV5WoPN16GHEMLmLGkJFNIWtzzH5jV+S80=';
$exponent = 'AQAB';
$rsa = new Crypt_RSA();
$modulus = new Math_BigInteger(base64_decode($modulus), 256);
$exponent = new Math_BigInteger(base64_decode($exponent), 256);
$rsa->loadKey(array('n' => $modulus, 'e' => $exponent));
$rsa->setPublicKey();
echo $rsa->getPublicKey();
Related
I created a P8 format Private Key and signed data Using Java and tried to verify it using Public Key in PHP which Failed.
I created p8 file using openssl command
openssl pkcs8 -topk8 -inform PEM -outform DER -in myprivate.in.key -out myprivate.in.key.p8 -nocrypt
and Signed a Json data using
public byte[] sign(String data, String privateKeyFilePath) throws InvalidKeyException, NoSuchAlgorithmException, InvalidKeySpecException, IOException, SignatureException {
byte[] returnVal = null;
Signature signature = Signature.getInstance(RSA_SHA_256);
PrivateKey privateKey = getPrivateKey(privateKeyFilePath);
signature.initSign(privateKey);
signature.update(data.getBytes());
returnVal = signature.sign();
return returnVal;
}
But When I tried to verify it using Public cerificate in PHP using openssl command, it failed
$cert_path = file_get_contents(storage_path('certificates/my_in.cer'));
$pub_key = openssl_get_publickey($cert_path);
$keyData = openssl_pkey_get_details($pub_key);
$pub_key = $keyData['key'];
// $verify = openssl_x509_verify()
$verify = openssl_verify($dataSigned, $signatureDecoded, $pub_key, 'sha256WithRSAEncryption');
What am I doing wrong, Also is there a way I can Sign the data using p8 key in php!
By following this process everything is ok. Maybe it will be useful to you?
Use openssl to generate keys:
# Generate PK
openssl genpkey -algorithm RSA \
-pkeyopt rsa_keygen_bits:2048 \
-pkeyopt rsa_keygen_pubexp:65537 | \
openssl pkcs8 -topk8 -nocrypt -outform der > rsa-2048-private-key.p8
# Convert your PKCS#8 file to a plain private key
openssl pkcs8 -nocrypt -in rsa-2048-private-key.p8 -inform DER -out rsa-2048-private-key.pem
# Generate pub key
openssl rsa -in rsa-2048-private-key.pem -pubout -out rsa-2048-public-key.pem
Test pkey and sign data (index.php):
<?php
$privateKeyFile="file://".__DIR__.DIRECTORY_SEPARATOR."rsa-2048-private-key.pem";
$publicKeyFile="file://".__DIR__.DIRECTORY_SEPARATOR."rsa-2048-public-key.pem";
// Data to sign
$data = 'Hello world!';
// Test on get private key
$pkeyid = openssl_pkey_get_private($privateKeyFile);
if ($pkeyid === false) {
var_dump(openssl_error_string());
}else{
var_dump($pkeyid);
}
// Sign data
openssl_sign($data, $signature, $pkeyid);
// Free memory
openssl_free_key($pkeyid);
// Read pub key
$pubkeyid = openssl_pkey_get_public($publicKeyFile);
// Test if sign is ok
$ok = openssl_verify($data, $signature, $pubkeyid);
if ($ok == 1) {
echo "Sign OK";
} elseif ($ok == 0) {
echo "Sign NOK";
} else {
echo "Sign check error";
}
// Free memory
openssl_free_key($pubkeyid);
php -S localhost:8000, http://localhost:8000, returns:
resource(2) of type (OpenSSL key) Sign OK
Recently I use openssl generate RSA Private Key to encrypted my data.
$private_key = "-----BEGIN RSA PRIVATE KEY----- MIICXQIBAAKBgQDGCn4a42xSG6Hs0h+BSWG/MQmXOpIqd6ptlfFxMFQeL9bvJ9jR j0842NyaWIAedxQrv/0+XC5pYF8ExrcGXCnWtCpUTK2M6cgkTLgkkptLz5N+z8jd AeSbakKkJuQEgEyKI1cIrjRhz6u6yfjoPKZAmVdlwEDN1u4TweZ1HDDxHQIDAQAB AoGANPgvfI+htGBxsf8NsC3peBLspsdiuvsg2YjGeGjdxukyyurUglCbdvACKUJM mlltSrpiSOCtBUBiicuAvrG9+pdjQb1gPui/xj83ZbNytfG6K8UFk6cokH6fEgON Pd3npWlhXwdrJUxcFLzlJzREq18VyAWwgsbH82//ineOF6ECQQD3HOpE+IQ2JDIL Kxna/rVnW5RSvImddKksC4KLk7IsMFqsfo+e/Vkf3D7vmsMDCXCNpt5+ttLF93lU 3Iz1j/bJAkEAzSnJ4kp9rsvf7X5OqLWOJjR6CDGK3RSwSXeSMoJSIvV6rSXXQryU ltiYct5A5Oi3g49cOYNuYMt1bw3uTEVNtQJBAKqR7e8fr3sDrvtgi99LE4I9h3s4 orDp1uANLdYUY9b2pZANaCtxavR//X08UUGmYWeVeFz06zY05S47cp0J+2kCQEyk CbixHxZHLtWnU3cOq5V2EQgyia9g5SHsuv6HVGuezD8WXb2eeNuI+hofEJrynGtX CJqrkHY0SyA7UgPH9+kCQQDRrxJ4plB0nWqhLpdc3OV74vW0m11LS8+270nMMVN1 IP08iRfF4ASWEXoe5A2LNEP4ydFw68Ve08WaRwSJ65kn -----END RSA PRIVATE KEY-----";
$pi_key = openssl_pkey_get_private($private_key);
var_dump($pikey."\n");
return:
string(1) "
"
I use it at my local wampserver,But I get return data is resource.
string(16) "Resource id #46
"
My openssl version:
OpenSSL is pretty picky when it comes to keys. All that base64-encoded data needs to span multiple lines, each of which is, at most, 64 lines long. I used phpseclib to convert you key and it worked fine for me after the conversion (whereas it didn't before):
<?php
include('Crypt/RSA.php');
$key = '-----BEGIN RSA PRIVATE KEY----- MIICXQIBAAKBgQDGCn4a42xSG6Hs0h+BSWG/MQmXOpIqd6ptlfFxMFQeL9bvJ9jR j0842NyaWIAedxQrv/0+XC5pYF8ExrcGXCnWtCpUTK2M6cgkTLgkkptLz5N+z8jd AeSbakKkJuQEgEyKI1cIrjRhz6u6yfjoPKZAmVdlwEDN1u4TweZ1HDDxHQIDAQAB AoGANPgvfI+htGBxsf8NsC3peBLspsdiuvsg2YjGeGjdxukyyurUglCbdvACKUJM mlltSrpiSOCtBUBiicuAvrG9+pdjQb1gPui/xj83ZbNytfG6K8UFk6cokH6fEgON Pd3npWlhXwdrJUxcFLzlJzREq18VyAWwgsbH82//ineOF6ECQQD3HOpE+IQ2JDIL Kxna/rVnW5RSvImddKksC4KLk7IsMFqsfo+e/Vkf3D7vmsMDCXCNpt5+ttLF93lU 3Iz1j/bJAkEAzSnJ4kp9rsvf7X5OqLWOJjR6CDGK3RSwSXeSMoJSIvV6rSXXQryU ltiYct5A5Oi3g49cOYNuYMt1bw3uTEVNtQJBAKqR7e8fr3sDrvtgi99LE4I9h3s4 orDp1uANLdYUY9b2pZANaCtxavR//X08UUGmYWeVeFz06zY05S47cp0J+2kCQEyk CbixHxZHLtWnU3cOq5V2EQgyia9g5SHsuv6HVGuezD8WXb2eeNuI+hofEJrynGtX CJqrkHY0SyA7UgPH9+kCQQDRrxJ4plB0nWqhLpdc3OV74vW0m11LS8+270nMMVN1 IP08iRfF4ASWEXoe5A2LNEP4ydFw68Ve08WaRwSJ65kn -----END RSA PRIVATE KEY-----';
$pi_key = openssl_pkey_get_private($key);
var_dump($pi_key);
echo "\r\n";
$rsa = new Crypt_RSA();
$rsa->loadKey($key);
$pi_key = openssl_pkey_get_private($rsa);
var_dump($pi_key);
echo "\r\n";
The first one output bool(false) and the second one returned resource(8) of type (OpenSSL key).
I have a RSA private key and a RSA public key.
both rsa keys are in xml version ( <RSAKeyValue><Modulus>.... );
I need to make a PKCS8 signature from private key and test it by publik key in php
I used this snippet for making signature:
$content = "test string";
include('Crypt/RSA.php');
$rsa = new Crypt_RSA();
$rsa->loadKey(file_get_contents("private.txt"));
$pem_format = $rsa->getPrivateKey();
$pvk_res = openssl_get_privatekey($pem_format);
$sig = '';
openssl_sign($content , $sig, $pvk_res, OPENSSL_ALGO_SHA1);
$signature = base64_encode($sig);
is this right way for making signature ??
now how use public key to test accuracy of signature ??
PKCS8 concerns key formats - not signatures.
Also, I see you're using phpseclib to convert the key to pem and then using openssl. Why not just use phpseclib for everything? At that point you could use this example:
http://phpseclib.sourceforge.net/rsa/examples.html#sign,sign2
<?php
include('Crypt/RSA.php');
$rsa = new Crypt_RSA();
//$rsa->setPassword('password');
$rsa->loadKey('...'); // private key
$plaintext = '...';
$rsa->setSignatureMode(CRYPT_RSA_SIGNATURE_PKCS1);
$signature = $rsa->sign($plaintext);
$rsa->loadKey('...'); // public key
echo $rsa->verify($plaintext, $signature) ? 'verified' : 'unverified';
?>
How could I remove passphase from RSA private key using PHP
I know that in OpenSSL it is this way:
openssl rsa -in key.key -out key.key
and I am searching equivalent command to this one in PHP.
RSA command requires the pass
OpenSSL> rsa -in key2.key -out key2.key
Enter pass phrase for key2.key:
Using phpseclib, a pure PHP RSA implementation:
<?php
include('Crypt/RSA.php');
$rsa = new Crypt_RSA();
$rsa->setPassword('password');
$rsa->loadKey('...');
$rsa->setPassword();
echo $rsa->getPrivateKey();
?>
This would accomplish the same operation using the openssl extension:
$key = file_get_contents('key2.key');
$password = 'your password or pass phrase';
if (false === ($pkey = openssl_pkey_get_private($key, $password))) {
die(openssl_error_string());
}
openssl_pkey_export($pkey, $out_key);
file_put_contents('key2.key', $out_key);
A concrete example:
$key = <<<EOS
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,775352C44A559B6C
V8EuwC29zy4yuY7Ie+HvyygjKJx4G+VF/SgjjCQR+Q/iLaXcoXhIMBmP9ugQpywu
Tgmg25PruaXl3Mabs2h03aUwLyFEEjcnaVz4IFYGflqDIBbSb/Y4Q9Ef0OjbCwCJ
5pEnD0ATPtb+bptHk7VitvyK9vIN4zrqDeWdpGkqhYZx4SkUDLBhcYYYA3eY8P7y
/yeUmHt2p12W7xF4OWflNj0ot7N2GoofKrAomW0vHVAAlVHj4OVyZYeOEG/8gm2A
a3xo+LS9D2tFJjCtnP5ytczWnsoe18bKlWbjV/IimlkVEqR6jx0jC99eCUHyaSvm
OfU/DHHcooBIJxXB5VfxFbRzjyWYgsAiVf2lThvusRb+j8/Ey28t5CWx8ME2hgmk
hrTPmCFor+Lx/7++cmOFWSNvJU8MrC6jH+q2R3xIPuY=
-----END RSA PRIVATE KEY-----
EOS;
$password = 'superman';
if (false === ($pkey = openssl_pkey_get_private($key, $password))) {
die(openssl_error_string());
}
openssl_pkey_export($pkey, $out_key);
echo $out_key;
I want to generate ssh keypair from php can anyone please guide me how to do it? I have tried the shell_exec but the shell asks questions so that command does not work. I would like to specify filename and path in which to put the keys after generation.
This is based on Converting an OpenSSL generated RSA public key to OpenSSH format (PHP). Thanks shevron.
<?php
$rsaKey = openssl_pkey_new(array(
'private_key_bits' => 1024,
'private_key_type' => OPENSSL_KEYTYPE_RSA));
$privKey = openssl_pkey_get_private($rsaKey);
openssl_pkey_export($privKey, $pem); //Private Key
$pubKey = sshEncodePublicKey($rsaKey); //Public Key
$umask = umask(0066);
file_put_contents('/tmp/test.rsa', $pem); //save private key into file
file_put_contents('/tmp/test.rsa.pub', $pubKey); //save public key into file
print "Private Key:\n $pem \n\n";
echo "Public key:\n$pubKey\n\n";
function sshEncodePublicKey($privKey) {
$keyInfo = openssl_pkey_get_details($privKey);
$buffer = pack("N", 7) . "ssh-rsa" .
sshEncodeBuffer($keyInfo['rsa']['e']) .
sshEncodeBuffer($keyInfo['rsa']['n']);
return "ssh-rsa " . base64_encode($buffer);
}
function sshEncodeBuffer($buffer) {
$len = strlen($buffer);
if (ord($buffer[0]) & 0x80) {
$len++;
$buffer = "\x00" . $buffer;
}
return pack("Na*", $len, $buffer);
}
?>
I would use phpseclib, a pure PHP RSA implementation:
<?php
include('Crypt/RSA.php');
$rsa = new Crypt_RSA();
$rsa->setPublicKeyFormat(CRYPT_RSA_PUBLIC_FORMAT_OPENSSH);
extract($rsa->createKey());
echo "$publickey\r\n\r\n$privatekey";
?>
Sample output:
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQCqGKukO1De7zhZj6+H0qtjTkVxwTCpvKe4eCZ0FPqri0cb2JZfXJ/DgYSF6vUpwmJG8wVQZKjeGcjDOL5UlsuusFncCzWBQ7RKNUSesmQRMSGkVb1/3j+skZ6UtW+5u09lHNsj6tQ51s1SPrCBkedbNf0Tp0GbMJDyR4e9T04ZZw== phpseclib-generated-key
-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQCqGKukO1De7zhZj6+H0qtjTkVxwTCpvKe4eCZ0FPqri0cb2JZfXJ/DgYSF6vUp
wmJG8wVQZKjeGcjDOL5UlsuusFncCzWBQ7RKNUSesmQRMSGkVb1/3j+skZ6UtW+5u09lHNsj6tQ5
1s1SPrCBkedbNf0Tp0GbMJDyR4e9T04ZZwIDAQABAoGAFijko56+qGyN8M0RVyaRAXz++xTqHBLh
3tx4VgMtrQ+WEgCjhoTwo23KMBAuJGSYnRmoBZM3lMfTKevIkAidPExvYCdm5dYq3XToLkkLv5L2
pIIVOFMDG+KESnAFV7l2c+cnzRMW0+b6f8mR1CJzZuxVLL6Q02fvLi55/mbSYxECQQDeAw6fiIQX
GukBI4eMZZt4nscy2o12KyYner3VpoeE+Np2q+Z3pvAMd/aNzQ/W9WaI+NRfcxUJrmfPwIGm63il
AkEAxCL5HQb2bQr4ByorcMWm/hEP2MZzROV73yF41hPsRC9m66KrheO9HPTJuo3/9s5p+sqGxOlF
L0NDt4SkosjgGwJAFklyR1uZ/wPJjj611cdBcztlPdqoxssQGnh85BzCj/u3WqBpE2vjvyyvyI5k
X6zk7S0ljKtt2jny2+00VsBerQJBAJGC1Mg5Oydo5NwD6BiROrPxGo2bpTbu/fhrT8ebHkTz2epl
U9VQQSQzY1oZMVX8i1m5WUTLPz2yLJIBQVdXqhMCQBGoiuSoSjafUhV7i1cEGpb88h5NBYZzWXGZ
37sJ5QsW+sJyoNde3xH8vdXhzU7eT82D6X/scw9RZz+/6rCJ4p0=
-----END RSA PRIVATE KEY-----
Source: http://phpseclib.sourceforge.net/rsa/examples.html#openssh
Has anybody tried this?
ssh-keygen -q -N place_your_passphrase_here -t rsa -f ~/.ssh/id_rsa
It's worked for me
Check the manpage of ssh-keygen to find out how to execute it without any prompts.
http://linux.die.net/man/1/ssh-keygen
This code uses only built-in PHP openssl functions.
It generates keys in a portable PEM format, suitable for use with most 3rd party software.
<?php
function generateRsaKeyPair(array $config = []): array
{
$config = array_merge([
'digest_alg' => 'sha512',
'private_key_bits' => 2048,
'private_key_type' => OPENSSL_KEYTYPE_RSA,
], $config);
// Create the keypair
$key = openssl_pkey_new($config);
if (!$key) {
throw new RuntimeException('Unable to generate RSA key pair');
}
// Get private key
openssl_pkey_export($key, $private);
if (!$private) {
throw new RuntimeException('Unable to extract private key');
}
// Get public key
$public = openssl_pkey_get_details($key)['key'] ?? null;
if (!$public) {
throw new RuntimeException('Unable to extract public key');
}
// Free key from memory
openssl_pkey_free($key);
// Return both keys
return compact('public', 'private');
}