1

I need to sign PDF documents on PHP, I'm using TCPDF library to do it

The problem is my .CER and my .Key files are in DER format and openssl_pkcs7_sign() function can load the private key if is this format

If I use openssl commands on my terminal to convert my keys from binary DER format to ASCII everything works but I don't want to use exec function to call system functions through PHP.

After a little bit of research I found this question: Load a .key file from DER format to PEM with PHP On of the answers propose open the file, get the content and use convertion.

function der2pem($der_data, $type='CERTIFICATE') {
    $pem = chunk_split(base64_encode($der_data), 64, "\n");
    $pem = "-----BEGIN ".$type."-----\n".$pem."-----END ".$type."-----\n";
    return $pem;
}

But when I use this function to convert my data the result is different to the file generated by openssl on the console and the function openssl_pkcs7_sign() throws me again the error

UPDATE
This is my PHP code to convert my file:

<?php
$myKey = 'p-key.key';
$private_key = file_get_contents($myKey);

echo der2pem($private_key,'PRIVATE KEY');

file_put_contents('p-key.key.pem', der2pem($private_key,'PRIVATE KEY'));

function der2pem($der_data, $type = 'CERTIFICATE')
{
     $pem = chunk_split(base64_encode($der_data), 64, "\n");
     $pem = "-----BEGIN ".$type."-----\n".$pem."-----END ".$type."-----\n";
     return $pem;
}

This is my openssl command:

openssl pkcs8 -in p-key.key -out p-key.key.pem -inform DER -outform PEM


Is there an explanation for this?
How is the correct way to do it?
Should I use the exec to solve my problem?

Thanks a lot in advance
Let me know if you need more information

Community
  • 1
  • 1
Mirdrack
  • 780
  • 12
  • 28
  • Hi, Without a little more information, it's hard to comment here - When you say it's different - where are you seeing this difference..? Is the data all on one line? Is the data showing the correct characters? Are you having problems with the Private Key or both the CER and KEY? What are you doing with the der2pem function upon calling it? writing it to screen? writing it to file? pushing the results to some other variable? – Damien Jul 05 '16 at 17:46
  • Hi, when i convert my private key I got a valid file to perform the sign but when I use the PHP function to dump the result on a file I I got a different string, similar at the begin but different Im going to test the function coverting my CER file – Mirdrack Jul 05 '16 at 18:17
  • can you share the routine you are using? – Damien Jul 05 '16 at 18:19
  • I just update the information with the PHP code and the openssl command – Mirdrack Jul 05 '16 at 18:29
  • Im start to thinking is because Im using **pkcs8** with **openssl** to convert my file and the process throws me a different result than the PHP code – Mirdrack Jul 05 '16 at 18:51
  • You're probably better off looking at this: http://php.net/manual/en/book.openssl.php – Damien Jul 05 '16 at 19:02
  • I cannnot add -topk8 i recieve an **unable to load key** and another asn1 encoding routines – Mirdrack Jul 05 '16 at 19:02

1 Answers1

1

Without seeing what you are doing, I can tell you that the function you have there works. It may well depend on a few things as to why it's not working for you and without more information it's going to be hard to tell.

By default that function will convert your data to base64 and add a "BEGIN CERTIFICATE" Header and Footer - be aware that if you are calling that function to process a private key, you will need to call it like this:

$keyVal = der2pem($YOUR_KEY_DATA, 'PRIVATE KEY');
Damien
  • 1,490
  • 1
  • 8
  • 17