openssl_dh_compute_key
(PHP 5 >= 5.3.11)
openssl_dh_compute_key — Computes shared secret for public value of remote DH key and local DH key
Описание
string openssl_dh_compute_key
( string
$pub_key
, resource $dh_key
)Внимание
К настоящему времени эта функция еще не была документирована; для ознакомления доступен только список аргументов.
Список параметров
-
pub_key -
Public key
-
dh_key -
DH key
Возвращаемые значения
Returns computed key on success или FALSE в случае возникновения ошибки.
- PHP Руководство
- Функции по категориям
- Индекс функций
- Справочник функций
- Криптографические расширения
- OpenSSL
- openssl_cipher_iv_length
- openssl_csr_export_to_file
- openssl_csr_export
- openssl_csr_get_public_key
- openssl_csr_get_subject
- openssl_csr_new
- openssl_csr_sign
- openssl_decrypt
- openssl_dh_compute_key
- openssl_digest
- openssl_encrypt
- openssl_error_string
- openssl_free_key
- openssl_get_cert_locations
- openssl_get_cipher_methods
- openssl_get_md_methods
- openssl_get_privatekey
- openssl_get_publickey
- openssl_open
- openssl_pbkdf2
- openssl_pkcs12_export_to_file
- openssl_pkcs12_export
- openssl_pkcs12_read
- openssl_pkcs7_decrypt
- openssl_pkcs7_encrypt
- openssl_pkcs7_sign
- openssl_pkcs7_verify
- openssl_pkey_export_to_file
- openssl_pkey_export
- openssl_pkey_free
- openssl_pkey_get_details
- openssl_pkey_get_private
- openssl_pkey_get_public
- openssl_pkey_new
- openssl_private_decrypt
- openssl_private_encrypt
- openssl_public_decrypt
- openssl_public_encrypt
- openssl_random_pseudo_bytes
- openssl_seal
- openssl_sign
- openssl_spki_export_challenge
- openssl_spki_export
- openssl_spki_new
- openssl_spki_verify
- openssl_verify
- openssl_x509_check_private_key
- openssl_x509_checkpurpose
- openssl_x509_export_to_file
- openssl_x509_export
- openssl_x509_fingerprint
- openssl_x509_free
- openssl_x509_parse
- openssl_x509_read
Коментарии
Is it possible for someone to post a working example? I have written many test and examples, and I just can't seem to get 2 secrets that are alike with this method.
I am following this; https://sandilands.info/sgordon/diffie-hellman-secret-key-exchange-with-openssl
With the console, it works great. With openssl_dh_compute_key it does not work.
A working example. After some study and reading I finally get how this method is working.
You need to follow the below 4 steps;
1. You create a public key which is known to 1:n parties.
2. Each party creates their own keypair.
2a. Each party shared their public key with the members.
3. Each user can re-create the shared secret by using his Private Key and the Public Key of the other parties.
4. Compare the secrets as a handshake
/* 1. Create the first, global known public key. */
/**
* Get DH public/private keys
* @return array
*/
public static function get_keypair()
{
$keys = [];
$config = [
"digest_alg" => "sha512",
"private_key_bits" => 2048,
"private_key_type" => OPENSSL_KEYTYPE_DH,
];
// Create the private and public key
$res = openssl_pkey_new($config);
$pubKey = openssl_pkey_get_details($res);
$keys["public"] = $pubKey["key"];
openssl_pkey_export($res, $privKey);
$keys["private"] = $privKey;
return $keys;
}
Now you share the Public Key with every member of the party.
/* 2. Each user creates a new Key Pair with the P,G from the global public key info */
$key = openssl_get_publickey(base64_decode($publicKey));
$info = openssl_pkey_get_details($key);
$params = $info["dh"];
Now you have the P,G from the public key. Use it;
/**
* Create keypair from Prime and Generator for KeyExchange
* @param $prime
* @param $generator
*/
public static function create_keypair_from_pg($prime, $generator)
{
$config = [
"digest_alg" => "sha512",
"private_key_bits" => 2048,
"dh" => [
"p" => $prime,
"g" => $generator
],
"private_key_type" => OPENSSL_KEYTYPE_DH,
];
return openssl_pkey_new($config);
}
/* 3. Create a shared secret with your Private Key, and User 1:n's Public Key */
$privateKey = openssl_get_publickey(base64_decode($privateKeyData));
$secret1 = openssl_dh_compute_key($user1PublicKey, $privateKey);
if($secret !== false) {
return bin2hex($secret);
}else{
print_r(openssl_error_string());
}
$secret2 = openssl_dh_compute_key($user2PublicKey, $privateKey);
if($secret !== false) {
return bin2hex($secret);
}else{
print_r(openssl_error_string());
}
/* 4. Compare the secrets as a handshake method */
if(strcmp($secret1, $secret2) === 0) {
return true;
}
return false;
Good luck, enjoy!. Keep me posted about improvements and updates. vangelier AT hotmail DOT com
After some challenges I decided to write a C++ and PHP code samples.
As it can be very tricky to get a grib on how the Diffie and Hellman algoritm work. The code samples are cross compatible.
Gist with PHP code and C++ code:
https://gist.github.com/digitalhuman/2a2b85d61672e4bf83596d41351723ba
Enjoy!
// Purpose: Provide a working example of Diffie-Hellman, entirely in php.
// This function generates a configuration for Diffie-Hellman keypair
// We start with an empty config and have openssl_pkey_new create
// a prime and a generator. This is a time consuming step.
function get_DH_params ($keylength=2048, $digest_alg="sha512")
{
$pkey = openssl_pkey_new(["digest_alg" => $digest_alg,
"private_key_bits" => $keylength,
"private_key_type" => OPENSSL_KEYTYPE_DH]);
$details = openssl_pkey_get_details($pkey);
return [
"digest_alg" => $digest_alg,
"private_key_bits" => $keylength,
"dh" => array('p' => $details['dh']['p'], 'g' => $details['dh']['g']),
"private_key_type" => OPENSSL_KEYTYPE_DH,
];
}
// Now Alice and Bob can create their respective keypairs
function get_DH_keyPair ($DH_params)
{
$pkey = openssl_pkey_new($DH_params);
$privkey = openssl_pkey_get_private($pkey);
$pubkey = openssl_pkey_get_details($pkey)['dh']['pub_key'];
return (object) compact('pubkey','privkey');
}
// Now Alice and Bob can create a mutual secret
function get_DH_mutualsecret($peers_public, $my_private)
{
return bin2hex(openssl_dh_compute_key($peers_public, $my_private));
}
// Usage
>>> $dh_params = get_DH_params();
=> [
"digest_alg" => "sha512",
"private_key_bits" => 2048,
"dh" => [
"p" => b"ó»¸'#ð\x18\x04Û_Ä\tõyÁZàx\x15\x14\x11ƒ┬l=Ü┤H\0",
"g" => "\x02",
],
"private_key_type" => 2,
]
// Alice & Bob generate their keys from the same dh_params.
// Binary values truncated.
>>> $alice = get_DH_keypair($dh_params);
=> {#3773
+"pubkey": b"""EØüÔSðÔîË╚ùà5ÜLÜ$┘▄±ü6]",
+"privkey": OpenSSLAsymmetricKey {#3771},
}
>>> $bob = get_DH_keypair($dh_params);
=> {#3774
+"pubkey": b"'ua¥ªo\ê\x11║OM©\vó╣ßÜWöíþ³e÷:\t9Ô\rB┌\x13",
+"privkey": OpenSSLAsymmetricKey {#3765},
}
>>> $alice_secret = get_DH_mutualsecret($bob->pubkey, $alice->privkey);
=> "5fbf9df2f13da103f106. ....."
>>> $bob_secret = get_DH_mutualsecret($alice->pubkey, $bob->privkey);
=> "5fbf9df2f13da103f106. ....."
>>> $bob_secret == $alice_secret;
=> true
// Now Alice and Bob have a shared secret which they can use as a symmetric key. The key will be 2048 bits long (same as the DH key length parameter). They can hash it to get a shorter key if they want.
// A third person, Charlie, can also create a key pair like Alice and Bob.
// And Charlie and Alice can create their own Alice and Bob did.
// And Charlie and Bob can create their own (separate) secret.
//