php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Request #77602 OpenSSL extension lacks PKCS#8 support
Submitted: 2019-02-11 10:22 UTC Modified: -
Votes:5
Avg. Score:4.4 ± 0.8
Reproduced:4 of 4 (100.0%)
Same Version:3 (75.0%)
Same OS:2 (50.0%)
From: jonas at freesources dot org Assigned:
Status: Open Package: OpenSSL related
PHP Version: 7.3.2 OS: Linux
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: jonas at freesources dot org
New email:
PHP Version: OS:

 

 [2019-02-11 10:22 UTC] jonas at freesources dot org 
Description:
------------
Hello,

the PHP openssl extension lacks support to export private keys in PKCS#8[1] format. The function openssl_pkey_export()[2] only supports one export format - the traditional PEM format. This is especially a problem when maintaining keys for applications that accept only the PKCS#8 format as input (like the Dovecot MailCrypt plugin[3])

The only PHP libraries I found with PKCS#8 support are phpseclib[4] and SOP\pkcs8[5]. Unfortunately, both lack support for elliptic curve keys, so they're not an option for me either.

The only option left to me, was to spawn a system call to `openssl pkey` just for the sake of migrating the traditional PEM key to PKCS#8 format.

[1] https://en.wikipedia.org/wiki/PKCS_8
[2] https://secure.php.net/manual/en/function.openssl-pkey-export.php
[3] https://wiki.dovecot.org/Plugins/MailCrypt#EC_key
[4] https://github.com/phpseclib/phpseclib
[5] https://github.com/sop/pkcs8

Patches

Pull Requests
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Wed Sep 17 19:00:01 2025 UTC