PHP  
downloads | documentation | faq | getting help | mailing lists | | php.net sites | links 
search for in the  
lookup:
Manuale PHPManuale PHP
Guida FunzioniGuida Funzioni
 ApacheApache
 ArrayArray
 AspellAspell
 BC mathBC math
 Bzip2Bzip2
 CalendarCalendar
 CCVSCCVS
 COMCOM
 Classi/OggettiClassi/Oggetti
 ClibPDFClibPDF
 Funzioni di CrackFunzioni di Crack
 CURLCURL
 CybercashCybercash
 CyberMUTCyberMUT
 CyradmCyradm
 ctypectype
 dbadba
 Data/oraData/ora
 dBasedBase
 DBMDBM
 dbxdbx
 DB++DB++
 DIODIO
 DirectoryDirectory
 DOM XMLDOM XML
 Funzioni .NETFunzioni .NET
 Errori e loggingErrori e logging
 FrontBaseFrontBase
 fileProfilePro
 FilesystemFilesystem
 FDFFDF
 Funzioni FriBiDiFunzioni FriBiDi
 FTPFTP
 FunctionsFunctions
 gettextgettext
 GMPGMP
 HTTPHTTP
 HyperwaveHyperwave
 Hyperwave APIHyperwave API
 iconviconv
 ImmaginiImmagini
 IMAPIMAP
 InformixInformix
 InterBaseInterBase
 Ingres IIIngres II
 IRC GatewayIRC Gateway
 JavaJava
 LDAPLDAP
 MailMail
 mailparsemailparse
 MatMat
 Multi-Byte StringMulti-Byte String
 MCALMCAL
 mcryptmcrypt
 mhashmhash
 MimetypeMimetype
 MS SQL ServerMS SQL Server
 Ming (flash)Ming (flash)
 Misc.Misc.
 mnoGoSearchmnoGoSearch
 mSQLmSQL
 MySQLMySQL
 MsessionMsession
 muscatmuscat
 ReteRete
 ncursesncurses
 Lotus NotesLotus Notes
 ODBCODBC
 Object AggregationObject Aggregation
 OCI8OCI8
 OpenSSLOpenSSL
 OracleOracle
 OvrimosSQLOvrimosSQL
 Output ControlOutput Control
 Overloading degli objectOverloading degli object
 PDFPDF
 Verisign Payflow ProVerisign Payflow Pro
 PHP Options/InfoPHP Options/Info
 POSIXPOSIX
 PostgreSQLPostgreSQL
 PCNTLPCNTL
 Esecuzione di programmiEsecuzione di programmi
 StampantiStampanti
 PspellPspell
 ReadlineReadline
 RecodeRecode
 PCREPCRE
 Funzioni qtdomFunzioni qtdom
 RegexpRegexp
 SemaforiSemafori
 SESAMSESAM
 SessioniSessioni
 shmopshmop
 SWFSWF
 SNMPSNMP
 SocketsSockets
 StringsStrings
 SybaseSybase
 TokenizerTokenizer
 URLsURLs
 VariabiliVariabili
 Funzioni vpopmailFunzioni vpopmail
 Funzioni W32apiFunzioni W32api
 WDDXWDDX
 XMLXML
 Funzioni XMLRPCFunzioni XMLRPC
 XSLTXSLT
 YAZYAZ
 YP/NISYP/NIS
 ZipZip
 ZlibZlib
previousOCIWriteLobToFileopenssl_csr_export_to_filenext
Last updated: Tue, 03 Sep 2002
view the printer friendly version or the printer friendly version with notes or change language to English | Brazilian Portuguese | Chinese | Czech | Dutch | Finnish | French | German | Hungarian | Japanese | Korean | Polish | Romanian | Russian | Spanish | Swedish | Turkish

LXXI. OpenSSL functions

Attenzione

Questo modulo � SPERIMENTALE. Ovvero, il comportamento di queste funzioni, i nomi di queste funzioni, in definitiva tutto ci� che � documentato qui pu� cambiare nei futuri rilasci del PHP senza preavviso. Siete avvisati, l'uso di questo modulo � a vostro rischio.

Introduzione

This module uses the functions of for generation and verification of signatures and for sealing (encrypting) and opening (decrypting) data. OpenSSL offers many features that this module currently doesn't support. Some of these may be added in the future.

Requisiti

In order to use the OpenSSL functions you need to install the package. PHP-4.0.4pl1 requires OpenSSL >= 0.9.6, but PHP-4.0.5 and greater will also work with OpenSSL >= 0.9.5.

Istallazione

To use PHP's OpenSSL support you must also compile PHP --with-openssl[=DIR].

Configurazione Runtime

Questa estensione non definisce alcuna direttiva di configurazione

Resource Type

Key/Certificate parameters

Quite a few of the openssl functions require a key or a certificate parameter. PHP 4.0.5 and earlier have to use a key or certificate resource returned by one of the openssl_get_xxx functions. Later versions may use one of the following methods:

  • Certificates

    1. An X.509 resource returned from openssl_x509_read()

    2. A string having the format file://path/to/cert.pem; the named file must contain a PEM encoded certificate

    3. A string containing the content of a certificate, PEM encoded

  • Public/Private Keys

    1. A key resource returned from openssl_get_publickey() or openssl_get_privatekey()

    2. For public keys only: an X.509 resource

    3. A string having the format file://path/to/file.pem - the named file must contain a PEM encoded certificate/private key (it may contain both)

    4. A string containing the content of a certificate/key, PEM encoded

    5. For private keys, you may also use the syntax array($key, $passphrase) where $key represents a key specified using the file:// or textual content notation above, and $passphrase represents a string containing the passphrase for that private key

Certificate Verification

When calling a function that will verify a signature/certificate, the cainfo parameter is an array containing file and directory names that specify the locations of trusted CA files. If a directory is specified, then it must be a correctly formed hashed directory as the openssl command would use.

Costanti Predefinite

Queste costanti sono definite da questa estensione e sono disponibili solo se l'estensione � stata compilata nel PHP o se � stata caricata dinamicamente a runtime.

X509_PURPOSE_SSL_CLIENT (integer)

X509_PURPOSE_SSL_SERVER (integer)

X509_PURPOSE_NS_SSL_SERVER (integer)

X509_PURPOSE_SMIME_SIGN (integer)

X509_PURPOSE_SMIME_ENCRYPT (integer)

X509_PURPOSE_CRL_SIGN (integer)

X509_PURPOSE_ANY (integer)

OPENSSL_PKCS1_PADDING (integer)

OPENSSL_SSLV23_PADDING (integer)

OPENSSL_NO_PADDING (integer)

OPENSSL_PKCS1_OAEP_PADDING (integer)

OPENSSL_KEYTYPE_RSA (integer)

OPENSSL_KEYTYPE_DSA (integer)

OPENSSL_KEYTYPE_DH (integer)

PKCS7 Flags/Constants

The S/MIME functions make use of flags which are specified using a bitfield which can include one or more of the following values:

Tabella 1. PKCS7 CONSTANTS

ConstantDescription
PKCS7_TEXTadds text/plain content type headers to encrypted/signed message. If decrypting or verifying, it strips those headers from the output - if the decrypted or verified message is not of MIME type text/plain then an error will occur.
PKCS7_BINARYnormally the input message is converted to "canonical" format which is effectively using CR and LF as end of line: as required by the S/MIME specification. When this options is present, no translation occurs. This is useful when handling binary data which may not be in MIME format.
PKCS7_NOINTERNwhen verifying a message, certificates (if any) included in the message are normally searched for the signing certificate. With this option only the certificates specified in the extracerts parameter of openssl_pkcs7_verify() are used. The supplied certificates can still be used as untrusted CAs however.
PKCS7_NOVERIFYdo not verify the signers certificate of a signed message.
PKCS7_NOCHAINdo not chain verification of signers certificates: that is don't use the certificates in the signed message as untrusted CAs.
PKCS7_NOCERTSwhen signing a message the signer's certificate is normally included - with this option it is excluded. This will reduce the size of the signed message but the verifier must have a copy of the signers certificate available locally (passed using the extracerts to openssl_pkcs7_verify() for example.
PKCS7_NOATTRnormally when a message is signed, a set of attributes are included which include the signing time and the supported symmetric algorithms. With this option they are not included.
PKCS7_DETACHEDWhen signing a message, use cleartext signing with the MIME type multipart/signed. This is the default if the flags parameter to openssl_pkcs7_sign() if you do not specify any flags. If you turn this option off, the message will be signed using opaque signing, which is more resistant to translation by mail relays but cannot be read by mail agents that do not support S/MIME.
PKCS7_NOSIGSDon't try and verify the signatures on a message

Nota: These constants were added in 4.0.6.

Sommario
openssl_csr_export_to_file -- Exports a CSR to a file
openssl_csr_export -- Exports a CSR to file or a var
openssl_csr_new -- Generates a privkey and CSR
openssl_csr_sign -- Signs a cert with another CERT
openssl_error_string -- Return openSSL error message
openssl_free_key -- Free key resource
openssl_get_privatekey -- Prepare a PEM formatted private key for use
openssl_get_publickey -- Extract public key from certificate and prepare it for use
openssl_open -- Open sealed data
openssl_pkcs7_decrypt -- Decrypts an S/MIME encrypted message
openssl_pkcs7_encrypt -- Encrypt an S/MIME message
openssl_pkcs7_sign -- sign an S/MIME message
openssl_pkcs7_verify -- Verifies the signature of an S/MIME signed message
openssl_pkey_export_to_file -- Gets an exportable representation of a key into a file
openssl_pkey_export -- Gets an exportable representation of a key into a string or file
openssl_pkey_new -- Generates a new private key
openssl_private_decrypt -- Decrypts data with private key
openssl_private_encrypt -- Encrypts data with private key
openssl_public_decrypt -- Decrypts data with public key
openssl_public_encrypt -- Encrypts data with public key
openssl_seal -- Seal (encrypt) data
openssl_sign -- Generate signature
openssl_verify -- Verify signature
openssl_x509_check_private_key -- Checks if a private key corresponds to a CERT
openssl_x509_checkpurpose -- Verifies if a certificate can be used for a particular purpose
openssl_x509_export_to_file -- Exports a CERT to file or a var
openssl_x509_export -- Exports a CERT to file or a var
openssl_x509_free -- Free certificate resource
openssl_x509_parse -- Parse an X509 certificate and return the information as an array
openssl_x509_read -- Parse an X.509 certificate and return a resource identifier for it
User Contributed Notes
OpenSSL functions		 add a note about notes
[email protected]
06-Apr-2001 10:19
I had a hard time to make OpenSSL extension to load on Win98+Apache 1.3.17+Php4.0.4pl1.
Always complained about missing extension.

Eventually I found this page:

and there was the magic: One seems to need the files "libeay32.dll" and "ssleay32.dll" in system32 directory.

You can get them from
download an apache .zip file, for example "Apache_1.3.19-Mod_SSL_2.8.2-OpenSSL_0.9.6-WIN32.zip", extract it, and copy the mentioned files from that Apache directory.

At least phpinfo() says OpenSSL as loaded extension. Now I can start to
play with it :)

-jukkis
-www.jukkis.net
[email protected]
02-Jun-2001 08:05
PHP 4.0.5 and OpenSSL

if you got an error message where php complains about missing dlls, copy all files from /php/dll directory to your windows/system(32) directory.
If it still can't load because the MSVCR70.DLL is missing (not provided with the release found on this page), go to this link, download it and place it in windows/system(32).


[email protected]
29-Jan-2002 10:38
in trying to install the win32 extensions php_curl and php_openssl with php loaded as an apache module. Starting apache said that. it could not load the libraries due to missing dlls, i check the existence of the dlls in the php/dll directory and pasted them everywhere i could think imginable. the promlem lay in the php.ini file, for what ever reason the extension_dir was chanegd to the dir of my php install "./newphp" i changed it to the correct "c:\windows\system" and it worked beautifully, now if i could only get mcrypt to work.
[email protected]
13-Feb-2002 09:19
Why not PHP use openSSL's BIGNUM library to replace the liscensed BCMath functions? This does not seems very hard to do!
[email protected]
15-Mar-2002 04:28
The BCMath library has been released under the LGPL
[email protected]
08-Jul-2002 10:07
Can someone please post a "howto" or "getting started" for the openssl + php? I'd like to encrypt data in my database with a public key, and later, decrypt this with an off-site private key.

The only thing I have done so far is recompile PHP with ssl support. And the 'openssl' command on my rh7.3 linux system is short on the documentation.

Thanks
John
[email protected]
10-Jul-2002 06:04
I want to create a CA , andd i want to know how can i generate csr with openSSL (win32) without intercative mode?
add a note about notes
previousOCIWriteLobToFileopenssl_csr_export_to_filenext
Last updated: Tue, 03 Sep 2002
show source | credits | stats | mirror sites
Copyright © 2001, 2002 The PHP Group
All rights reserved.		 This mirror generously provided by:
Last updated: Fri Sep 6 12:35:50 2002 CEST