openssl_open
(PHP 4 >= 4.0.4, PHP 5)
openssl_open — Open sealed data
Description
$sealed_data
, string &$open_data
, string $env_key
, mixed $priv_key_id
[, string $method
] )
openssl_open() opens (decrypts)
sealed_data
using the private key associated with
the key identifier priv_key_id
and the envelope key
env_key
, and fills
open_data
with the decrypted data.
The envelope key is generated when the
data are sealed and can only be used by one specific private key. See
openssl_seal() for more information.
Parameters
-
sealed_data
-
-
open_data
-
If the call is successful the opened data is returned in this parameter.
-
env_key
-
-
priv_key_id
-
Return Values
Returns TRUE
on success or FALSE
on failure.
Examples
Example #1 openssl_open() example
<?php
// $sealed and $env_key are assumed to contain the sealed data
// and our envelope key, both given to us by the sealer.
// fetch private key from file and ready it
$fp = fopen("/src/openssl-0.9.6/demos/sign/key.pem", "r");
$priv_key = fread($fp, 8192);
fclose($fp);
$pkeyid = openssl_get_privatekey($priv_key);
// decrypt the data and store it in $open
if (openssl_open($sealed, $open, $env_key, $pkeyid)) {
echo "here is the opened data: ", $open;
} else {
echo "failed to open data";
}
// free the private key from memory
openssl_free_key($pkeyid);
?>
- PHP Руководство
- Функции по категориям
- Индекс функций
- Справочник функций
- Криптографические расширения
- OpenSSL
- openssl_cipher_iv_length
- openssl_csr_export_to_file
- openssl_csr_export
- openssl_csr_get_public_key
- openssl_csr_get_subject
- openssl_csr_new
- openssl_csr_sign
- openssl_decrypt
- openssl_dh_compute_key
- openssl_digest
- openssl_encrypt
- openssl_error_string
- openssl_free_key
- openssl_get_cert_locations
- openssl_get_cipher_methods
- openssl_get_md_methods
- openssl_get_privatekey
- openssl_get_publickey
- openssl_open
- openssl_pbkdf2
- openssl_pkcs12_export_to_file
- openssl_pkcs12_export
- openssl_pkcs12_read
- openssl_pkcs7_decrypt
- openssl_pkcs7_encrypt
- openssl_pkcs7_sign
- openssl_pkcs7_verify
- openssl_pkey_export_to_file
- openssl_pkey_export
- openssl_pkey_free
- openssl_pkey_get_details
- openssl_pkey_get_private
- openssl_pkey_get_public
- openssl_pkey_new
- openssl_private_decrypt
- openssl_private_encrypt
- openssl_public_decrypt
- openssl_public_encrypt
- openssl_random_pseudo_bytes
- openssl_seal
- openssl_sign
- openssl_spki_export_challenge
- openssl_spki_export
- openssl_spki_new
- openssl_spki_verify
- openssl_verify
- openssl_x509_check_private_key
- openssl_x509_checkpurpose
- openssl_x509_export_to_file
- openssl_x509_export
- openssl_x509_fingerprint
- openssl_x509_free
- openssl_x509_parse
- openssl_x509_read
Коментарии
Example code, assume mycert.pem is a certificate containing both private and public key.
$cert = file_get_contents("mycert.pem");
$public = openssl_get_publickey($cert);
$private = openssl_get_privatekey($cert);
$data = "I'm a lumberjack and I'm okay.";
echo "Data before: {$data}\n";
openssl_seal($data, $cipher, $e, array($public));
echo "Ciphertext: {$cipher}\n";
openssl_open($cipher, $open, $e[0], $private);
echo "Decrypted: {$open}\n";
PHP compiled without OpenSSL support? Here's how you can call the openssl command-line utility to achieve the same goal:
<?php
// $sealed and $env_key are assumed to contain the sealed data
// and our envelope key, both given to us by the sealer.
// specify private key file and passphrase
$pkey_file='key.pem';
$pkey_pp='netsvc';
// call openssl to decrypt envelope key
$ph=proc_open('openssl rsautl -decrypt -inkey '.
escapeshellarg($pkey_file).' -passin fd:3',array(
0 => array('pipe','r'), // stdin < envelope key
1 => array('pipe','w'), // stdout > decoded envelope key
2 => STDERR,
3 => array('pipe','r'), // < passphrase
),$pipes);
// write envelope key
fwrite($pipes[0],$env_key);
fclose($pipes[0]);
// write private key passphrase
fwrite($pipes[3],$pkey_pp);
fclose($pipes[3]);
// read decoded key, convert to hexadecimal
$env_key='';
while(!feof($pipes[1])){
$env_key.=sprintf("%02x",ord(fgetc($pipes[1])));
}
fclose($pipes[1]);
if($xc=proc_close($ph)){
echo "Exit code: $xc\n";
}
// call openssl to decryp
$ph=proc_open('openssl rc4 -d -iv 0 -K '.$env_key,array(
0 => array('pipe','r'), // stdin < sealed data
1 => array('pipe','w'), // stdout > opened data
2 => STDERR,
),$pipes);
// write sealed data
fwrite($pipes[0],$sealed);
fclose($pipes[0]);
// read opened data
//$open=stream_get_contents($pipes[1]);
$open='';
while(!feof($pipes[1])){
$open.=fgets($pipes[1]);
}
fclose($pipes[1]);
if($xc=proc_close($ph)){
echo "Exit code: $xc\n";
}
// display the decrypted data
echo $open;
?>