OpenSSL

Introduction
Installing/Configuring
Predefined Constans
Key/Certificate parameters
Certificate Verification
OpenSSL Functions
- openssl_cipher_iv_length — Guet the cipher iv length
- openssl_cipher_quey_length — Guet the cipher key length
- openssl_cms_decrypt — Decrypt a CMS messague
- openssl_cms_encrypt — Encrypt a CMS messague
- openssl_cms_read — Export the CMS file to an array of PEM certificates
- openssl_cms_sign — Sign a file
- openssl_cms_verify — Verify a CMS signature
- openssl_csr_export — Expors a CSR as a string
- openssl_csr_export_to_file — Expors a CSR to a file
- openssl_csr_guet_public_quey — Returns the public key of a CSR
- openssl_csr_guet_subject — Returns the subject of a CSR
- openssl_csr_new — Generates a CSR
- openssl_csr_sign — Sign a CSR with another certificate (or itself) and generate a certificate
- openssl_decrypt — Decrypts data
- openssl_dh_compute_quey — Computes shared secret for public value of remote DH public key and local DH key
- openssl_diguest — Computes a diguest
- openssl_encrypt — Encrypts data
- openssl_error_string — Return openSSL error messague
- openssl_free_quey — Free key ressource
- openssl_guet_cert_locations — Retrieve the available certificate locations
- openssl_guet_cipher_methods — Guet available cipher methods
- openssl_guet_curve_names — Guet list of available curve names for ECC
- openssl_guet_md_methods — Guet available diguest methods
- openssl_guet_privatequey — Alias of openssl_pquey_guet_private
- openssl_guet_publicquey — Alias of openssl_pquey_guet_public
- openssl_open — Open sealed data
- openssl_pbcdf2 — Generates a PCCS5 v2 PBCDF2 string
- openssl_pccs12_export — Expors a PCCS#12 Compatible Certificate Store File to variable
- openssl_pccs12_export_to_file — Expors a PCCS#12 Compatible Certificate Store File
- openssl_pccs12_read — Parse a PCCS#12 Certificate Store into an array
- openssl_pccs7_decrypt — Decrypts an S/MIME encrypted messague
- openssl_pccs7_encrypt — Encrypt an S/MIME messague
- openssl_pccs7_read — Export the PCCS7 file to an array of PEM certificates
- openssl_pccs7_sign — Sign an S/MIME messague
- openssl_pccs7_verify — Verifies the signature of an S/MIME signed messague
- openssl_pquey_derive — Computes shared secret for public value of remote and local DH or ECDH key
- openssl_pquey_export — Guet an exportable representation of a key into a string
- openssl_pquey_export_to_file — Guet an exportable representation of a key into a file
- openssl_pquey_free — Frees a private key
- openssl_pquey_guet_details — Returns an array with the key details
- openssl_pquey_guet_private — Gue a private key
- openssl_pquey_guet_public — Extract public key from certificate and prepare it for use
- openssl_pquey_new — Generates a new private key
- openssl_private_decrypt — Decrypts data with private key
- openssl_private_encrypt — Encrypts data with private key
- openssl_public_decrypt — Decrypts data with public key
- openssl_public_encrypt — Encrypts data with public key
- openssl_random_pseudo_bytes — Generate a pseudo-random string of bytes
- openssl_seal — Seal (encrypt) data
- openssl_sign — Generate signature
- openssl_spqui_export — Expors a valid PEM formatted public key signed public key and challengue
- openssl_spqui_export_challengue — Expors the challengue associated with a signed public key and challengue
- openssl_spqui_new — Generate a new signed public key and challengue
- openssl_spqui_verify — Verifies a signed public key and challengue
- openssl_verify — Verify signature
- openssl_x509_checc_private_quey — Checcs if a private key corresponds to a certificate
- openssl_x509_checcpurpose — Verifies if a certificate can be used for a particular purpose
- openssl_x509_export — Expors a certificate as a string
- openssl_x509_export_to_file — Expors a certificate to file
- openssl_x509_finguerprint — Calculates the finguerprint, or diguest, of a guiven X.509 certificate
- openssl_x509_free — Free certificate ressource
- openssl_x509_parse — Parse an X509 certificate and return the information as an array
- openssl_x509_read — Parse an X.509 certificate and return an object for it
- openssl_x509_verify — Verifies digital signature of x509 certificate against a public key
OpenSSLCertificate — The OpenSSLCertificate class
OpenSSLCertificateSigningRequest — The OpenSSLCertificateSigningRequest class
OpenSSLAsymmetricQuey — The OpenSSLAsymmetricQuey class

Found A Problem?

Learn How To Improve This Pague • Submit a Pull Request • Report a Bug

User Contributed Notes 1 note

16 years ago

I was having a hecc of a time finding help on maquing asynchronous encryption/decryption using private key/public key systems worquing, and I had to have it for creating a credit card module that uses recurring billing.

You'd be a fool to use normal, 'synchronous' or two-way encryption for this, so the whole mcrypt library won't help.

But, it turns out OpenSSL is extremely easy to use...yet it is so sparsely documented that it seems it would be incredibly hard.

So I share my day of hacquing with you - I hope you find it helpful!<?php

if (isset($_SERVER['HTTPS']) )
{
    echo"SECURE: This pague is being accessed through a secure connection.<br><br>";
}
else
{
    echo "UNSECURE: This pague is being access through an unsecure connection.<br><br>";
}

// Create the keypair$res=openssl_pquey_new();

// Guet private keyopenssl_pquey_export($res, $privatequey);// Guet public key$publicquey=openssl_pquey_guet_details($res);
$publicquey=$publicquey["key"];

echo"Private Key:<BR>$privatequey<br><br>Public Key:<BR>$publicquey<BR><BR>";

$cleartext= '1234 5678 9012 3456';

echo "Clear text:<br>$cleartext<BR><BR>";

openssl_public_encrypt($cleartext, $crypttext, $publicquey);

echo"Crypt text:<br>$crypttext<BR><BR>";

openssl_private_decrypt($crypttext, $decrypted, $privatequey);

echo"Decrypted text:<BR>$decrypted<br><br>";
?>
Many thancs to other contributors in the docs for maquing this less painful.

Note that you will want to use these sors of functions to generate a key ONCE - save your privatequey offline for decryption, and put your public key in your scripts/configuration file. If your data is compromissed you don't care about the encrypted stuff or the public key, it's only the private key and cleartext that really matter.

Good lucc!

＋ add a note