php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #77787 OPENSSL PRIVATE KEY is missing
Submitted: 2019-03-24 02:14 UTC Modified: 2019-06-01 15:38 UTC
From: xxalfa at gmail dot com Assigned:
Status: Re-Opened Package: OpenSSL related
PHP Version: 7.3.3 OS:
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: xxalfa at gmail dot com
New email:
PHP Version: OS:

 

 [2019-03-24 02:14 UTC] xxalfa at gmail dot com
Description:
------------
When creating private and public keys, there are some problems. With the option "config" I have the configuration file "C:\php\extras\ssl\openssl.cnf" deposited, but I get only the public key. PHP insists on taking the configuration file located in "C:\usr\local\ssl\openssl.cnf".

Test script:
---------------
<?php

    // C:\Users\User\Desktop\php-openssl-certificate-example.cmd

    // @echo off

    // title PHP Development Server

    // cd "%cd%"

    // "C:\php\php.exe" "php-openssl-certificate-example.php"

    // pause

    // C:\Users\User\Desktop\php-openssl-certificate-example.php [PID:9676][PHP:7.3.3]

    //-------------------------------------------------
    // HEAD
    //-------------------------------------------------

    declare( strict_types = 1 );

    header( 'Content-Type:text/plain' );

    error_reporting( E_ALL );

    ini_set( 'display_errors', '1' );

    ini_set( 'html_errors', '0' );

    define( 'CORE_DIR', dirname( __FILE__ ) . DIRECTORY_SEPARATOR );

    isset( $argv ) or trigger_error( 'This is a command terminal application.', E_USER_ERROR );

    echo __FILE__ . ' [PID:' . getmypid() . '][PHP:' . phpversion() . ']' . PHP_EOL . PHP_EOL;

    extension_loaded( 'openssl' ) or dl( 'openssl' ) or trigger_error( 'The openssl extension is required.', E_USER_ERROR );

    //-------------------------------------------------
    // CERTIFICATE LOCATIONS
    //-------------------------------------------------

    $array_of_certificate_locations = openssl_get_cert_locations();

    echo var_export( $array_of_certificate_locations, true ) . PHP_EOL;

    // The ".rnd" file is created at the point of execution. In my case on the desktop. And not as planned in the specified directory.

    // $file_path = $array_of_certificate_locations[ 'default_default_cert_area' ] . DIRECTORY_SEPARATOR . '.rnd';

    // file_exists( $file_path ) or touch( $file_path );

    // is_writeable( $file_path ) or trigger_error( 'The file (' . $file_path . ') does not exist or is not writable.', E_USER_ERROR );

    //-------------------------------------------------
    // CREATE PRIVATE AND PUBLIC KEY
    //-------------------------------------------------

    $options = array();

    $options[ 'config' ] = realpath( 'C:\php' . DIRECTORY_SEPARATOR . 'extras/ssl\\openssl.cnf' ); // Returns: only public key

    // $options[ 'config' ] = realpath( 'C:\usr\local\ssl\renamed_openssl.cnf' ); // Returns: only public key

    // $options[ 'config' ] = realpath( 'C:\usr\local\ssl\openssl.cnf' ); // Returns: private and public key

    // $options[ 'encrypt_key' ] = true; // If I set this value true, where do I deposit the password?

    $options[ 'digest_alg' ] = 'sha512';

    $options[ 'private_key_bits' ] = 1024;

    $options[ 'private_key_type' ] = OPENSSL_KEYTYPE_RSA;

    $openssl_resource = openssl_pkey_new( $options ) or trigger_error( 'An error occurred while processing the configuration.', E_USER_ERROR );

    // openssl_pkey_export( $openssl_resource, $private_key, $passphrase = 'password' ); // Is $passphrase set only if encrypt_key is true?

    openssl_pkey_export( $openssl_resource, $private_key );

    echo $private_key . PHP_EOL . PHP_EOL;

    $public_key = openssl_pkey_get_details( $openssl_resource );

    $public_key = $public_key[ 'key' ];

    echo $public_key . PHP_EOL . PHP_EOL;

    //-------------------------------------------------
    // PLAINTEXT
    //-------------------------------------------------

    // $plaintext = 'plaintext data goes here';

    // echo $plaintext . PHP_EOL . PHP_EOL;

    //-------------------------------------------------
    // OPENSSL PRIVATE ENCRYPT
    //-------------------------------------------------

    // Encrypt data with the private key.

    // openssl_private_encrypt( $plaintext, $private_encrypted, $private_key );

    // echo 'openssl_private_encrypt' . PHP_EOL . PHP_EOL . bin2hex( $private_encrypted ) . PHP_EOL . PHP_EOL;

    //-------------------------------------------------
    // OPENSSL PUBLIC DECRYPT
    //-------------------------------------------------

    // Data encrypted with the private key, now decrypted with the public key.

    // openssl_public_decrypt( $private_encrypted, $public_decrypted, $public_key );

    // echo 'openssl_public_decrypt' . PHP_EOL . PHP_EOL . $public_decrypted . PHP_EOL . PHP_EOL;

    //-------------------------------------------------
    // OPENSSL PUBLIC ENCRYPT
    //-------------------------------------------------

    // Encrypt data with the public key.

    // openssl_public_encrypt( $plaintext, $public_encrypted, $public_key );

    // echo 'openssl_public_encrypt' . PHP_EOL . PHP_EOL . bin2hex( $public_encrypted ) . PHP_EOL . PHP_EOL;

    //-------------------------------------------------
    // OPENSSL PRIVATE DECRYPT
    //-------------------------------------------------

    // Data encrypted with the public key, now decrypted with the private key.

    // openssl_private_decrypt( $public_encrypted, $private_decrypted, $private_key );

    // echo 'openssl_private_decrypt' . PHP_EOL . PHP_EOL . $private_decrypted . PHP_EOL . PHP_EOL;

    //-------------------------------------------------
    // ERROR HANDLING
    //-------------------------------------------------

    // echo openssl_error_string() . PHP_EOL . PHP_EOL;

?>

Expected result:
----------------
array (
  'default_cert_file' => 'C:\\usr\\local\\ssl/cert.pem',
  'default_cert_file_env' => 'SSL_CERT_FILE',
  'default_cert_dir' => 'C:\\usr\\local\\ssl/certs',
  'default_cert_dir_env' => 'SSL_CERT_DIR',
  'default_private_dir' => 'C:\\usr\\local\\ssl/private',
  'default_default_cert_area' => 'C:\\usr\\local\\ssl',
  'ini_cafile' => '',
  'ini_capath' => '',
)
-----BEGIN PRIVATE KEY-----
MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAL7Z4Z1x93+4nlO9
MLDBkzOswqPC6E3ztL8oPuhn8hfBqZ0xb5Vp+yMp9N+yu+UDnPn6bUzM+JX1qZfS
UJY/gJxFIB3Ry2TAsKdHb645QKEwuIWEMGO7IuLx23eD5BjyDrJ6hSVqQrWefQGn
eX2lpWfd7LPBBsEdMCvhGSLh1yUbAgMBAAECgYBWhxAsQux0Yq6dxqvZp5nmltAU
URzjordy53tGAUKYlLwiwbQWaNtswOv9s9pOZYn5KBn/9PpLevquE7Nnu1jCOHQP
6snRVU2emDtLD4wydewgjGD5aq/UogeNCTBL5S3323/Ys+m3hKnWM5Ud2ekojDMi
tCLD926s/gqPtPBPCQJBAOJh7kdHN/sNLldqWEB62WCMTZw2J90GvgIaXLVas1aH
BUod+mygtGNZdbaO/rLDHaJ/+o0twwEuXDaynvRv5ecCQQDX0evUxOmjEpLP3ihP
Q5IMwPCFL0hoDgDJORq7QqkrD6ICqhxR+AeI0vbx9uGxl/mg7f6/IDxFOCWpdOFG
V/itAkEAmz+tuRQOQAz6CtjTTOTyzlNppgc9r0ZAaBDMI1LgSiauafXFF1neW4Ou
RlQqN023tQkvOkJ3yQeSFbDJcbiLYQJBANDoZI2qpjWx7ubDtuUzFRa/VJK3ODFx
DJW7bwLA/huuoDZQD+XQXwq0m1GQlttfrsV2WtcLDww500r61m1PDmkCQHFoOJ0a
funMLzvdfijgwQmIJTgAg+ZZqrGqQapRrsimwTFNJ6+dOsBcDKaKfl66TQAAoeNW
RuvAIB6JPTnvcZA=
-----END PRIVATE KEY-----


-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC+2eGdcfd/uJ5TvTCwwZMzrMKj
wuhN87S/KD7oZ/IXwamdMW+VafsjKfTfsrvlA5z5+m1MzPiV9amX0lCWP4CcRSAd
0ctkwLCnR2+uOUChMLiFhDBjuyLi8dt3g+QY8g6yeoUlakK1nn0Bp3l9paVn3eyz
wQbBHTAr4Rki4dclGwIDAQAB
-----END PUBLIC KEY-----

Actual result:
--------------
array (
  'default_cert_file' => 'C:\\usr\\local\\ssl/cert.pem',
  'default_cert_file_env' => 'SSL_CERT_FILE',
  'default_cert_dir' => 'C:\\usr\\local\\ssl/certs',
  'default_cert_dir_env' => 'SSL_CERT_DIR',
  'default_private_dir' => 'C:\\usr\\local\\ssl/private',
  'default_default_cert_area' => 'C:\\usr\\local\\ssl',
  'ini_cafile' => '',
  'ini_capath' => '',
)


-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDEvBAJCSq/sJalTyvKOJvr/Avd
6vaSB3hIPnnsxC3nknyudbv5DYOyOUAf0gGaPjGyUyy/5UCWNaA7h5gPyAMigzMg
EEikpfJxqoDqM3heMB5dU08hP/2QLVRW+ZJNUawrJhfz9fexuKgbzUM+OZrz6uWl
zuNKJlpl1rumqYJK3QIDAQAB
-----END PUBLIC KEY-----

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2019-06-01 08:54 UTC] cmb@php.net
-Status: Open +Status: Not a bug -Assigned To: +Assigned To: cmb
 [2019-06-01 08:54 UTC] cmb@php.net
Sorry, but your problem does not imply a bug in PHP itself.  For a
list of more appropriate places to ask for help using PHP, please
visit http://www.php.net/support.php as this bug system is not the
appropriate forum for asking support questions.  Due to the volume
of reports we can not explain in detail here why your report is not
a bug.  The support channels will be able to provide an explanation
for you.

Thank you for your interest in PHP.

See <https://www.php.net/manual/en/openssl.installation.php>.
 [2019-06-01 13:09 UTC] xxalfa at gmail dot com
I appreciate her apology, but I can not accept it.  Because I simply expect more from PHP.  The specified help page is not helpful for me.  In the deposited channels, I was not so far appropriate find.  Let's look at my message: of course it is not a bug, in my view it is just a misconduct, the configuration of openssl should be more flexible, only please whom and where can I explain this appropriately?
 [2019-06-01 15:38 UTC] cmb@php.net
-Status: Not a bug +Status: Re-Opened -Assigned To: cmb +Assigned To:
 
PHP Copyright © 2001-2019 The PHP Group
All rights reserved.
Last updated: Tue Oct 22 21:01:30 2019 UTC