Last updated: Sat, 07 Jan 2012

OpenSSL Funktionen

Inhaltsverzeichnis

openssl_cipher_iv_length — Gets the cipher iv length
openssl_csr_export_to_file — Exportiert ein CSR in eine Datei
openssl_csr_export — Exportiert einen CSR als Zeichenkette
openssl_csr_get_public_key — Gibt den öffentlichen Schlüssel eines CERT zurück
openssl_csr_get_subject — Gibt das Subject eines CERT zurück
openssl_csr_new — Erzeugt einen CSR
openssl_csr_sign — Signiert einen CSR mit einem anderen Zertifikat (oder sich selbst) und generiert ein Zertifikat
openssl_decrypt — Decrypts data
openssl_dh_compute_key — Computes shared secret for public value of remote DH key and local DH key
openssl_digest — Computes a digest
openssl_encrypt — Encrypts data
openssl_error_string — Gibt eine openSSL Fehlermeldung zurück
openssl_free_key — Free key resource
openssl_get_cipher_methods — Gets available cipher methods
openssl_get_md_methods — Gets available digest methods
openssl_get_privatekey — Alias von openssl_pkey_get_private
openssl_get_publickey — Alias von openssl_pkey_get_public
openssl_open — Öffnet versiegelte Daten
openssl_pkcs12_export_to_file — Exportiert eine PKCS#12-kompatible Zertifikats-Datei
openssl_pkcs12_export — Exportiert eine PKCS#12-kompatible Zertifikats-Datei in eine Variable
openssl_pkcs12_read — Speichert ein PKCS#12 Zertifikat in einem Array
openssl_pkcs7_decrypt — Entschlüsseln einer S/MIME verschlüsselten Nachricht
openssl_pkcs7_encrypt — Verschlüsseln einer S/MIME Nachricht
openssl_pkcs7_sign — Signieren einer S/MIME message
openssl_pkcs7_verify — überprüft die Unterschrift einer mit S/MIME unterschriebenen Nachricht
openssl_pkey_export_to_file — Liefert eine exportierbare Representation eines Schlüssels in einer Datei
openssl_pkey_export — Liefert eine exportierbare Repräsentation eines Schlüssels in einem String
openssl_pkey_free — Gibt einen privaten Schlüssel frei
openssl_pkey_get_details — Gibt ein Array mit den Schlüssel-Details zurück
openssl_pkey_get_private — Liefert einen privaten Schlüssel
openssl_pkey_get_public — Extrahiert einen öffentlichen Schlüssel aus einem Zertifikat und bereitet diesen zur Nutzung vor
openssl_pkey_new — Erzeugt einen neuen privaten Schlüssel
openssl_private_decrypt — Entschlüsselt Daten mit einem privaten Schlüssel
openssl_private_encrypt — Verschlüsselt Daten mit einem privaten Schlüssel
openssl_public_decrypt — Entschlüsselt Daten mit einem öffentlichen Schlüssel
openssl_public_encrypt — Verschlüsselt Daten mit einem öffentlichen Schlüssel
openssl_random_pseudo_bytes — Generate a pseudo-random string of bytes
openssl_seal — Versiegelt (verschlüsselt) Daten
openssl_sign — Erzeugen einer Signatur
openssl_verify — Überprüft eine Signatur
openssl_x509_check_private_key — Überprüft, ob ein privater Schlüssel zu einem Zertifikat passt
openssl_x509_checkpurpose — Überprüft, ob ein Zertifikat für einen bestimmten Zweck benutzt werden kann
openssl_x509_export_to_file — Exportiert ein Zertifikat in eine Datei
openssl_x509_export — Exports a certificate as a string
openssl_x509_free — Freigabe einer Zertifikats Resource
openssl_x509_parse — Parst ein X.509-Zertifikat und liefert die Informationen als Array zurück
openssl_x509_read — Parst ein X.509-Zertitifikat und gibt eine Ressource zurück

add a note User Contributed Notes
OpenSSL Funktionen

igor dot gorshkov at gmail dot com
27-Apr-2007 02:31


I generate certificates in such a way. 



$config = array("config" => "d:/sslcert/openssl.cnf");

$dn = array(

   "countryName" => "RU",

   "stateOrProvinceName" => "Russia",

   "localityName" => "Saint-Petersburg",

   "organizationName" => "temp",

   "organizationalUnitName" => "temp",

   "commonName" => "temp",

   "emailAddress" => "temp@temp.com"

);

$privkey_enc = openssl_pkey_new($config);

$csr = openssl_csr_new($dn, $privkey_enc, $config);

$sscert = openssl_csr_sign($csr, null, $privkey_enc, 365);

openssl_x509_export_to_file($sscert, "d:/cert_enc.crt");

openssl_pkey_export_to_file($privkey_enc, "d:/privkey_enc.pem");



As a result all the received certificates have identical serial number (00). But it should not be! How to avoid it?

dan -AT- NOSPAM danschafer DOT netTT
29-Mar-2007 08:58


Currently, all OpenSSL Functions defined in PHP only utilize the PEM format.  Use the following code to convert from DER to PEM and PEM to DER.



<?php

$pem_data = file_get_contents($cert_path.$pem_file);

$pem2der = pem2der($pem_data);



$der_data = file_get_contents($cert_path.$der_file);

$der2pem = der2pem($der_data);



function pem2der($pem_data) {

   $begin = "CERTIFICATE-----";

   $end   = "-----END";

   $pem_data = substr($pem_data, strpos($pem_data, $begin)+strlen($begin));    

   $pem_data = substr($pem_data, 0, strpos($pem_data, $end));

   $der = base64_decode($pem_data);

   return $der;

}



function der2pem($der_data) {

   $pem = chunk_split(base64_encode($der_data), 64, "\n");

   $pem = "-----BEGIN CERTIFICATE-----\n".$pem."-----END CERTIFICATE-----\n";

   return $pem;

}

?>

Richard Ablewhite
04-Dec-2006 11:23


Windows users be warned that you need the following file in system32:



msvcr71.dll



It has to go in system32, is not picked up from php/dlls

yabba dabba
26-Jul-2006 08:23


The php4 distribution for Windows/IIS has a README-SSL.txt which strongly implies that just the path needs to be added to the OPENSLL_CONF variable in the server's environment variables. Be sure to add the file name and extension too.



E.g.: c:\php-4.3.11\openssl\openssl.cnf

peter dot mescalchin @ geemail dot com
16-May-2006 10:34


For w32 users to enable OpenSSL support. As well as copying "libeay32.dll" to the windows system32 folder you also need to copy "ssleay32.dll".  The documentation above should probably be updated to note this.



This requirement was documented at the libcurl pages:



http://curl.haxx.se/libcurl/php/install.html#windows

php ~at~ wwwcrm dot komm
16-Nov-2005 05:47


If you want to use PHP for public / private key encryption jobs without needing to know the ins and outs of the Open SSL extension, the following may be of interest:



http://www.karenandalex.com/php_stuff/_class_OpenSSL.phps



This class was unavailable for a long while (server problems) but is now back up. Apologies to those who clicked through and got a 404



I hope it is useful to you...



Alex

beckman at purplecow dot com
08-Nov-2005 09:07


FreeBSD Ports tree php5-openssl uses openssl-0.9.8a.  This is a problem, as if you install these two ports and attempt to open an HTTPS URL within PHP, it will fail with this error from openssl_error_string(): error:140A90A1:SSL routines:func(169):reason(161) which is SSL_R_LIBRARY_HAS_NO_CIPHERS or "library has no ciphers"



This is because the openssl library now requires you to load your ciphers manually -- all ciphers are not automatically loaded for you.



I don't believe the php5-openssl module has been updated to do this before opening an SSL connection (as of 5.0.5). 



Using openssl-0.9.7i seems to work; symlinking libcrypto.so.3 to libcrypto.so.4 prevents the php5-openssl port from trying to install openssl-0.9.8a.  So install openssl-stable (0.9.7i) from ports first, symlink 2nd, then install php5-openssl 3rd, and you should be OK.

matt at NOSPAMopenflowsPLEASE dot org
08-Nov-2005 07:42


The openssl functions were disabled in Debian release 3.0 (woody), but as of release 3.1 (sarge) they're available again.

greensweater
31-Aug-2005 01:21


Sorry, the code in my previous note doesn't work... the last line should read:



$csr = openssl_csr_new(array('commonName'=>'MyCSR'),$pkey,$config);

greensweater
30-Aug-2005 06:54


"You need to have a valid openssl.cnf installed for this function to operate correctly" includes most openssl functions. You can force php to find your openssl.cnf file as follows:



$config = array('config'=>'/path/to/openssl.cnf');

$pkey = openssl_pkey_new($config);

$csr = openssl_csr_new('MyCSR',$pkey,$config);

skippy zuavra net
20-Oct-2004 02:38


In case you're wondering what's a "correctly hashed" directory for the use with cainfo: it's simply a directory which contains CA public certificates in PEM/X.509 format. You can get such certificates either from the CA's website (they advertise it in visible places) or from your browser. In Explorer for instance you can click on the little yellow padlock, go to the CA entry and export it.



The only trick with the directory is that file names must be in the form "hash.#". The "hash" part is the 8-digit hex hash of the certificate, while the # part is a number which serves to differentiate certificates which give the same hash (yes, it can happen with certificates coming from the same CA). Usually # is 0, but you also can use 1, 2 and so on when having more certs with the same hash.



In order to obtain the hash of a certificate you can use the openssl command line utility like this:



openssl x509 -hash -in certfile.cer | head -1

jaz at ensn dot net
16-Sep-2004 08:18


For newbies (as me):

If you want to try at home on win32, you can learn how to install apache+ssl on this url: http://tud.at/programm/apache-ssl-win32-howto.php3



Versions on English, Spanish and French.



Just I have read and install and run perfectly.

norman at rasmussen dot org
02-Feb-2004 07:43


Debian maintainers have disabled the openssl support because it seems to help break apache on startup.  (http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=193343 and http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=165699)



- Norman

add a note

openssl_cipher_iv_length

Zertifikatprüfung

Last updated: Sat, 07 Jan 2012