Retrieving raw private key from openssl_pkey_get_p

2019-06-08 01:36发布

站内文章 / PHP
34 0 0

问题:

I've been spending quite some time trying to figure out how exactly to retrieve the raw private key data from openssl_pkey_get_private() using a passphrase. I feel like there's a simple thing I am missing.

Here's my code:

$config = array(
    "private_key_bits" => 2048, //size of private key
)

$privKey = openssl_pkey_new($config); //creating a private key resource
openssl_pkey_export($privKey, $pkeyout,"test123",$config); //obtaining an encrypted private key
$result = openssl_pkey_get_private($pkeyout, "test123"); //decrypting the encrypted private key
var_dump($result); //print results

Unfortunately all I'm getting from the var_dump() call is the following output: "resource(2) of type (OpenSSL key)"

So, pretty much after I call openssl_pkey_export, $pkeyout contains something like the following - consider the below data the INPUT for the decryption procedure I wish for openssl_pkey_get_private to perform:

-----BEGIN RSA PRIVATE KEY-----

Proc-Type: 4,ENCRYPTED DEK-Info: DES-EDE3-CBC,84AC553B6367CD10 BOVayTi4R9IZX0V1/lbX/YG16v87vQ1AX5apgcPEwOaJDRBUB07iiJwkSEOckR3w yW/2E27YXhJGaVjSMiBbBycu9AHQIgNhggUCXvzr6AMhDYNAu787c0EUsA7Ax4Yw Gixk9qX/iECcjVXqdoz2+pSrRUUB5l3T+JyRh8sgKkdcM74dEQ5UDTrMd1Ik26+N 4Ms8iA9SS9J1FdTBswx119+WTcybSCBsX0tWPkjf7SARzgL9ee02B61Mua2PypZy RO4UIRGeQy/0O/ySdUg1L42sTmmwY7odWnwbbYsIgFsSaijDGx14VohgnRbEZK++ 6Ix0w1ZYSzsKWiZEEuXXC6EvOIv6zOiUmJRW/0jGjuDIbz0MTtYgU/A99fK97EYo /xWNIm/kfs2gM4ccNVzE/fiVIZg+FVTpkriXPVUhjLUZVoB9vLLZd7RrC55p4tX/ 22pgh0RULF2i+wQn6NgeP29naa+3S1UyfN1USDfFyuZTWuctlK+c6r/yAefsat5X VvwIjdp+wjIbMUV7UmsPlc85O71bq3RjMVfJF/LLc9cOQCFOYacXD8IsYMJqngPz IbO5xBzCDFZuXcM6xvu1UWeGbNz2yG/kC2hiHSS1oMrA6S3JiHTmVSwzOUx5qMXl bYFz19Qqs/qAXj8G4PV5a0VN5m5hy1yAUHsau6oUl750PU5gHlMsFvF2LMAjtrAC VYvtqoLsyc5HBW7eOSa/vCeHuOKnpUvWF/CuthZYX0Uq58pcBbL4CfKRk1yUohRi utKILoMFRsNvKB4iLpMocxvps1clfgIHdPK9c0b6WaFaDjy3ZkCaVjTslosQCjUV DztkGRbCxqPu0M5erqPciO1JxGYCK5+U5G/FpChqwhwHQSSYxwUV9InZsc59Ogm/ qFIDRaJQMEeMi9oP4K5h4L8puvLpoJFAe5Y8GjGIqs7VLj96bjsyc7kyaWkaP4FZ aaDbP+nTqtPxSV4pLX+MGfrr/lZfULutPdXnu/Av3pt92dg7alPme56uzKfs/+We WIeSyQpvPHcUmnGJZABPagbehpiTe6T9LQ+wCgteZSRCRiEdTgwuKtklB3kC1Hvv GpFS2XGmguKa8qLZU4s1IWILeTcFqbcPLCevwSuy123D6CL4U2lT85Pv8ZHCOqND qvfloF8nVNwyM5NiAbIcxCYxNA8TfCQ6P9Rn4C83r/MYyiUc1ArtKSVgLDluDli9 A3F807Ont42CWCL4sr2aPjxzWUkRBteUUkLdvryYsg804NdD8oPGL5VEAdC435PR OMiD+ESmayXreMVCXWwLwTQS1M3yi96wTaSlSWHtSFmzXFI5tmzEDa52/5Pl6ksx tcI9dKbHUOj42ZrtWYZhR+K8XwrxEg8u4kkQv2U13bySBihx/WSuZURXSjULyI2h nd8wQddVPFGodxd8CTT/3gPP97oDC16i3YNj7apKJXrjXl8HvZIyE3yAHnf39dAG JWbC1roUcQfQs0AUrxlAe75Sh9zoV4FKpq4A7JM31zklVjJw3rqjxBmNIBUow586 4WPFsIgGJQ0Gp3PfoO4sl/BuIxVjhe31yYAaeK+jA5K48PCPgirE/nck/08cxZdZ

-----END RSA PRIVATE KEY---

What I really want is the raw, decrypted private key (the supposed OUTPUT of openssl_pkey_get_private(). Notice that the above is encrypted** (as denoted by the word 'ENCRYPTED' under "-----BEGIN RSA PRIVATE KEY-----").

This would look something like the following (notice that the data below does NOT have the header stating that it's encrypted as the data above does).

-----BEGIN RSA PRIVATE KEY-----

MIIEowIBAAKCAQEAzuhc4J08EiayUSpIQ9MG6FM5JwYm1d0UIaAZ9h2QV4r897Oo GxvxaQ/ceIY7Sdrpc6kWAF+cemKfA84WX6T+LgiimfZnSIDhF1xHFk2Yluc8cyqq gKswgewZi01dVz4nP+1w/kPUNvZCQr4zxlimp2RiJZEH1wS5ls41iOUqYufz7d2h /559eE2/Uh2QQo+LhZt30DtHfLJmjHrxwL6aNFNVKw1iZsEzp36U1iLlrj/+TVjr JlVju9mqeK/Y+eYtWNUVHCCcbhWKO+dJVy0+baRc8LhK6ogTj7ZYrriBFx6Y3sXY xEwTlvoLITZKvxFX4MH21fg7KSJN4/JawG4hDQIDAQABAoIBAH5RuFpdRE5kl5sb 8FCQJnhyTsM3a0BIH8FDqHXsqLH5peVoJqqeTa1xxI1Eji/R2ZMGWOtTdAn36dL9 4AT2i0P5e6P5nibSoBmN+cxxBUaj1/ELzFqPqSa4yQOV8PWReY763HAvYwFHKT7s NlnSx7QMgisjNyEbvl6GeIKiPlVw5CLp+SKDA4TkxyJfHJN9/En8Pgzx/SOBznYo shXQGCF3cuoW5Hblxl10Vcy+36SewjDMJKD0AYSEDI2znWEXPV567r80DvMazOug bbzWIk8lLiOhsUBCY8MdHRT9HxQs5tol6Xf84vM/wRX210USTfSo9IRuZxVYb+eD +qdthXUCgYEA5utux38mCEp7iroM8f4lZy8IU3zSuVOzUYJ0l1eYax0YNf7zWaAn rdYf1J3vZIXsfPkuup0jc6WJJ4h8aMlVroiY4Ekjh1rd1iM4x5gEM52knt0jIFTR s5zUYc4aHNEHLYCSxHgBkDQbqlzF2SvEhF1/F9E8n9DCbl2X+MqqZSMCgYEA5WFK 6g8rZ01CmmiC+WzuW0lVWpaNIi4luKsA6B2fiIjY4Xh46qkddYuwVUxLM3xym7Yo eoFfUu4kiTKGJdTMAkReIn+tqPTg9LwvvHSNH2GMp8/TjmxbQd+x9QVyGKNnTsLY aYrbcK7rh9fbvZsywNLeYrrt/VrmArpt2FMqPA8CgYBTm/D7WKU7oUREAYNIZ13B k3zvRaXCpnSp0ZNHbNbqCZnHiy0vSVa0kW/q+tg/zGHJCiwKM3UvnUMgxkFNa4CT di/sHW84xgTGUPBxDDCRQ8XkI2thfHSFFQas9wPrZR+1MPVzH4RpYwSVVYvpSviX eIbY59CMiPitH0Q0N6UkgwKBgQCktsHJ48zCKGu8X3I11DAxYy6kl1mPgt3Zhwpm o+cMb2B2QEFsGLar0vxztA6IUUQnZp4YolAmSBX6Y0qLXgyFUDzcvxygKABmHcCV rogsUatkUcvUCSFa41xx21A8OxKTLz2iRHEhsKo3aR1FQW4nowTIlv0RIrXqnZ8F aWr5pwKBgGngeK3PyoXvOZNZ5f9r3i4C3d7UHz9Aiwn2Ulh138dp1AW8d4a9AiTZ RBd9pQGsIsSzhPkTZ65Mx+R6X+v/xfnFjnShronfeNdkpkgACbgQvJTDbg8Asu9x ifwaEKu8+t1MqrmPh5vKY6Fhl2DdPkk2evp6eG1t1IO6pAkYb8L5

-----END RSA PRIVATE KEY-----

All in all, I guess what I'm trying to say is that I don't know how to retrieve the decrypted private key that openssl_pkey_get_private() is supposed to return. It's not returning FALSE, so it must be working... I just don't know where it puts it.

Any help would be greatly appreciated as I am very stuck!

Thanks a lot!

回答1:

I hope this is what you're after.

$privKey = openssl_pkey_new($config); //retrieve priv key resource
openssl_pkey_export($privKey, $pkeyout); //obtained unencrypted private key.
var_dump($pkeyout); //print results

The newly generated key does not have a passphrase yet, so you can get the unencrypted key straight away.

Edit

Based on the comment, I generated my own keypair with 

openssl genrsa -des3 -out privkey.pem 2048

I was then able to dump out the unencrypted private key with the following:

$r = openssl_pkey_get_private('file://privkey.pem', 'temp123');
openssl_pkey_export($r, $pkeyout);
var_dump($pkeyout);

You can supply the key instead of the filename, as long as it is PEM formatted.

Edit 2

I couldn't get your supplied key working with the passphrase you included in the question, but it does work with the temporary key I generated.

The exact code I am using is as follows:

$k = <<<EOF
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,878E66CD01D1A379

RIAnkFVcUEfLXqopP/ywpF0yeYWE2LijOmWuGBRgXup/cIA42jrXuRF+WBR5Ni+2
8IWnbiMh9tseTYpAcAp32JeCvlNqes65qEh93qVLKU6K4uYg/rh170hdrUd6DL7R
mLrXWm3ciBCatxancok6uJcP1FksWrdjpR8z9thKAGXWOIVxvudBgK0Fpf/FtmJA
A5x84Zb8FiN+cyJyvYrQm89v9Une+7kA7x6T8Q/QSDvG1ik5efJAFg2vBqo6Jlht
nJjwDQKtTn7tpUANY7Y/aMoEllkEPOM4MFc3r9g59rGq16BTbhBMmI3TUkg0p2nx
tIOq1N568RYh8OVGtaHu5HJ0W7LKmtqhgvSj70i+ed4wOJotQ+OXCfS6SWQKrS4o
jLFNuH6K7uzO4GGnacSupFtyO29UiCYmV0LQpLCg599ffjuHI+iFBj1JeRrEDc4W
z+6jc4gnLdgAJVoTUD0skx3VinXrjf5q5/ctZOOWCHSFV3BeuatfuGj8w/oKM9Y2
ppYcI5uyA07+a0mVmSvpJIJMcAf8FlIRf3HfTkjkyaCD8h1SbDtaBSdlkKRZHqUX
f7jSe58MqwYZiLRcX0mYxZfv9oVDzT4AgIiTwFF33zQriBSer/TI57WLV+PZ3j9y
lolXdK6pkAPkMnJSbpcf0RcXvDrY646J5pxgylGgn/A1mgD1btmJSVBbcb75Wy3e
Heir6+VaQ/V/j8U9nZfNkGqnEv3TwGhj8u010tgeG/lfxA3eQMw04WlRac37GlRr
IrEbpOW88JZIknvY1w8/c+uzGDIRL8ucUkL1s5j626Z8UxN7KTuuXaWNdenPGzx/
pgAwNlkhS+f4uUajYDEbgy7o1v7L1K0xRDglqTTXmycr82mMTNZR0r/KRt7dlDI1
ZM/7BIT0iRsm+16ZBF/R9i0S3uu4ox87cBfaIOlo9h73tYM/6RMJ0NfsPJtSzzM+
dRZRuyNImA8PDQG2yTmIhOmDQbnzywBsNfWfFX+8SJtAHPnENMvdwkWrDgaVSvPK
K4PzRLqKG3oU9CdXk+y2fFxumFeMUbupLh/AgQWiVsEdA1Igz7jQ2iIrC8BB0Jy6
igOMn9Db/o/fJ4QMe0IIdw4ZIqhVt0IIt50ElZHd8ASLpQxhggXtafpcO/fn0Rpx
ZJ7hWff9hIGbGQtf5i3fy8RUjUpplPYkleQCQls6Dss5c31vTX4evEAWzfKLe0eA
Cuq1uTJ8aB13cRbcHTmR0i8GLiE/93U2oB+hPVCeZEWtPAaqOyVIsU8uD7/2xNa2
C73gtJ3N3Kr8SR5QSB3aRZEA1uxAbtvNRUl9Vo8ECw+S2l0iGmrzXtVY1+4sGu9K
57+kobM58y1eNuwyCuv8uryCoA2CdMBGwKZn2XgLPda7RBIfY52u7R/oM3Pm2JbT
iVL2PxeTCSuH/Z3FKbRdTQ/0+IvR/Xd70rnTTkQD6TdMa53UEg3xnftOfZr9JrWw
/mYvYAQdgwARddTlG2sS7dMG0erHlVzN+kKSC8CGEVgHMNpyjWdFT7rwksC4s85c
iJ/BIYymy2sCpr/YnzT2blE1hFCrLbyc1FuBh+SDr9jtnVvErndlMg==
-----END RSA PRIVATE KEY-----
EOF;

$r = openssl_pkey_get_private($k, 'temp123');
openssl_pkey_export($r, $pkeyout);
var_dump($pkeyout);

And the output is:

string(1675) "-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAtAOvzSslm7QPNRRZgHC9zAbl/f1U1Ni5vmHqazmNaSvM+Wwq
ZbbeFtBfnSB13Q9aBt7oEFjaS7yhmBcdy9/JkzO7eOpxQOFNaHpXf8a95Qlhpt7x
S++4VXzX2RB2ja0xBLacggXz6puRaaH4zwsxTKzeyzdfochovpj1JMRNHJYj5Hi7
EJy3gxL6Lmi5PMir0cu/J86Ls0tcRMJjSdtWH9Ut9TQNhn6wyrHm4mM7SL+j5eBZ
mZlRRAb/Is3r+/mn23UNUEMcVpi7FHi2jgVwrEToWZugWcdQOnQFBkAFSaEZFvO9
OmctbiNZY1ZvB3mDyZIzVGHBpdPNNaYpZg3q2QIDAQABAoIBAD6E3USrTId0FKgB
pkf2X+SBLNV2a0T09CWLyidtOJCjNrAVgfALf7x6qAphIK4iy8iBGCW9RitxmsnA
lYed9FscZ2rKOYUn+oNjogntkzv9cx3KZhFSczm1fx2TGyl/UfvqFBcQTDNZzjna
mBgIMhoIG+SGGb+NY9t2MgWP65wWb6vJgQTw7NeaZguA6gGfvsdI/VSv2xHvHe2Q
MiVIQxfBoOPOs9mCOJJMSsfDogo0JE7MehV+D2mx5ZA3uJLN+0cvvYO48SvdJwXB
fp3lmT+XbXSDJ/KB/AxgONgl3lb4clr46pXkdWWBfwTMJmOGcLLvaBjniZGUBOeW
3v8RWoECgYEA313cXyxc2WWJiaXJqnPC/+L9AVpYZYJZEt2T8D4uffJJUe61k3Vu
G4UlGaeCpRakfWr7QuKyPOsWyDsXrTXivftGnlflFGAiAV+ssfs1YdjnwHWIJ3Xg
fSyVPyQCZprDtCzrHKlUCYh4uyuUP9X9B6iSdFCDczLEYb8hIPgu9dECgYEAzlBo
dG2f7u93FoLlmzxPU2HnZlu/xtyCwo0phr7Z+cX+2D3KWAHnEYDtE+hOX7cxg/UF
RMLkApFz3H962bu5eFIsMtkd/XigD4ByNxSr9rKxsKisEg9UCnFwiR8jCXeCCjYP
/OjFAH2yk0J2zYOa091sin94G6qjSGAyPwNX/okCgYEAo0rz+yPscQXY6aco6hKd
AQLJYb7RlswXIEKaj2x2Ap8o2NwBJF8Z8saAm+OpD9WgxQt7yqb+FKjsy87ffUJC
lA7pzoKFN0McORLfpnH20aSHsFx8ABUd24THSxShKK+F2Odprldf12RMltDCHXTr
+ThUcPIXVxVLGgZnSroFYrECgYA+x0zhkLIH3KoaGX6QfAuPTc1B4k06z8KiPJ4U
OGLPlCX12ueFXB7ZvqdlVVzz1ySkCJyvzbXf6i6dO9VAB9Vp/Wchmdt8U4Yw8V7P
z+R7zugu30RswmlKPDaIIwdgTBMv1D+NL68ydQ0vrhvEcXVdXpU2l48OrB+/WDYx
4myWMQKBgGFVuEOb4yKHTeQo5R/+gRsyrDIE0Xzq5t3WZjssjeju5q5c6Fp24qDb
jq8SNkLXOMsATc9iLnYKeZa2EXR2w548LmY2L+TGk/XT2eZrFY0NImaDIPwS7KFq
keO8GceLlhXU3wgDSb6NWkuCxDJrYJqhGVFHmuI7/Ntll2o4eVuD
-----END RSA PRIVATE KEY-----
"


标签: php openssl key private encryption
举报

收藏的人(0)

Ta的文章 更多文章
登录 后发表评论
0条评论
还没有人评论过~