2

I'm using a library that uses openssl_pkey_get_public, but it's returning false. It seems that openssl is enabled, and the key exists. Below are the few lines from the library I'm using, btw which I am debugging but cannot modify as it is not my code base:

protected function decrypt($encryptedData)
    {
        $publicKey = openssl_pkey_get_public($this->publicKey->getKeyPath());
        $publicKeyDetails = @openssl_pkey_get_details($publicKey);
        if ($publicKeyDetails === null) {
            throw new \LogicException(
                sprintf('Could not get details of public key: %s', $this->publicKey->getKeyPath())
            );
        }
.
.
.

I have the inserted the following debug code:

$keyPath = $this->publicKey->getKeyPath(); // returns file:///var/www/sso/website/storage/id_rsa.pub
var_dump(file_exists($keyPath)); // outputs true
var_dump(openssl_pkey_get_public($keyPath)); // returns false

Below shows the contents of $keyPath:

echo file_get_content($keyPath);

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQChY1gtF0Oeku62+4HCisIswcDu9fjZV7fImTlqQej/UsmsJH7jz5EF/ZXCWTKV/bgOwzV2oeHomukITqiR14D01W3mVcpTBAp5AP4JN25am57xdc6Nxd8Lo/NsCKKqQ4/uBmpYBVZm8Ye/hu3ixM6y/xbCGnw/ca4z0DKDa94z1XrRc6FrV1mXx5lItQEo/v8wVKX9NJVAANYZ/jJEk7jGTB9WkSTNR5l/tNBBF3MFuBigjSuaxUsnKT2IwOV5g2ewN4TzXARi2/BI7rweNsUFCWRbkUa7VJc3XOVZbS50TzUpAIqHI9Q8enBs95A1JvSTDvlT3efEHrM2T7KP7QOz ubuntu@ubuntu-xenial

I had previously created the keys with the following command:

ssh-keygen -f storage/id_rsa -t rsa -N ''

Some additional info if it help:

$ php -i | grep openssl
openssl
Openssl default config => /usr/lib/ssl/openssl.cnf
openssl.cafile => no value => no value
openssl.capath => no value => no value

$ php -m | grep openssl
openssl

Is there any reason why this might be happening?

neubert
  • 15,947
  • 24
  • 120
  • 212
Martyn
  • 6,031
  • 12
  • 55
  • 121
  • 2
    You're using an SSH formatted public key. OpenSSL doesn't support that format. But you know what does support that format? phpseclib. It'll auto-detect the format and, once loaded, will let you do whatever RSA operations you need to do. Be aware, tho, that phpseclib expects the actual key to be passed to it - not a path to the key on the file system but the key itself. Sample code: http://phpseclib.sourceforge.net/rsa/examples.html#encrypt,enc2 – neubert Jan 20 '17 at 20:55
  • 2
    Hi. Thanks! That was it. I create the kay pair with the following instead: `$ openssl genpkey -algorithm RSA -out storage/private.pem -pkeyopt rsa_keygen_bits:2048 $ openssl rsa -pubout -in storage/private.pem -out storage/public.pem` Feel free to create an answer about this if you want and I'll mark it as correct answer, you deserve your kudos ;) – Martyn Jan 21 '17 at 14:17

2 Answers2

4

You're using an SSH formatted public key. OpenSSL doesn't support that format. But you know what does support that format? phpseclib. It'll auto-detect the format and, once loaded, will let you do whatever RSA operations you need to do. Be aware, tho, that phpseclib expects the actual key to be passed to it - not a path to the key on the file system but the key itself.

Sample code: http://phpseclib.sourceforge.net/rsa/examples.html#encrypt,enc

neubert
  • 15,947
  • 24
  • 120
  • 212
2
$pub_key = openssl_pkey_get_public("-----BEGIN PUBLIC KEY-----\n".file_get_contents('public_key.pem')."\n-----END PUBLIC KEY-----"); 
var_dump($pub_key);
Federico klez Culloca
  • 26,308
  • 17
  • 56
  • 95
quinntsui
  • 31
  • 1
  • 5
    While this may answer the question, it would be a lot more useful if it explained how it does so. – Nick Sep 19 '18 at 10:27