Cannot sign anything with PHP openssl_sign?

Question

I am attempting to use PHP-DKIM to send DKIM signed emails. Its a little old so I've had to change some things, but this stumps me:

Warning: openssl_sign() [function.openssl-sign]: supplied key param cannot be coerced into a private key in /.../pages/user/dkim.php on line 66
Cannot sign

Relevant section of code (note I've added the $pkeyid, originally the private key was just passed straight to the open_ssl function which also didn't work)

$pkeyid = openssl_get_privatekey($open_SSL_priv);
if (openssl_sign($s, $signature, $pkeyid))
    return base64_encode($signature) ;
else
    die("Cannot sign") ;

So obviously something really bad is going on here. However I know my private key and public key are valid. I even tried the example key provided in the comments for openssl_sign which didn't work

$open_SSL_pub=<<<EOD
-----BEGIN PUBLIC KEY-----
MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDiE2+Xi/WnO+s120NiiJhNyIButVu6
zxqlVzz0wy2j4kQVUC4ZRZD80IY+4wIiX2YxKBZKGnd2TtPkcJ/ljkUCAwEAAQ==
-----END PUBLIC KEY-----
EOD;

$open_SSL_priv=<<<EOD
-----BEGIN RSA PRIVATE KEY-----
MIIBOgIBAAJBANDiE2+Xi/WnO+s120NiiJhNyIButVu6zxqlVzz0wy2j4kQVUC4Z
RZD80IY+4wIiX2YxKBZKGnd2TtPkcJ/ljkUCAwEAAQJAL151ZeMKHEU2c1qdRKS9
sTxCcc2pVwoAGVzRccNX16tfmCf8FjxuM3WmLdsPxYoHrwb1LFNxiNk1MXrxjH3R
6QIhAPB7edmcjH4bhMaJBztcbNE1VRCEi/bisAwiPPMq9/2nAiEA3lyc5+f6DEIJ
h1y6BWkdVULDSM+jpi1XiV/DevxuijMCIQCAEPGqHsF+4v7Jj+3HAgh9PU6otj2n
Y79nJtCYmvhoHwIgNDePaS4inApN7omp7WdXyhPZhBmulnGDYvEoGJN66d0CIHra
I2SvDkQ5CmrzkW5qPaE2oO7BSqAhRZxiYpZFb5CI
-----END RSA PRIVATE KEY-----
EOD;

I'm at a loss of what to do. OpenSSL "0.9.8e-fips-rhel5 01 Jul 2008" is installed and active in PHP. Both the key I generated and that key are known working. So why does openssl_sign keep failing?

Have you tried checking `openssl_error_string()` for an error message? The code above more or less works for me. — , Dec 29 '11 at 19:58
I was able to get it working as well, but my SSL version is built from source and is the latest from the 0.9.8 branch (0.9.8r Feb 2011). Not sure it has anything to do with the version you are using but its possible this is a bug of some sort in PHP or OpenSSL. That error message is returned if a bogus private key is given, or if certain OpenSSL functions fail to read the key. It may be that the calls to `BIO_new_mem_buf` or `PEM_read_bio_PrivateKey` from the php source are failing. I take it the key is not password protected as that may cause problems as well? — drew010, Dec 29 '11 at 20:22
For what it's worth, also -- I get the same "supplied key parameter cannot be coerced..." error if I pass `false` as `$pkeyid`, which is what you'd get if `openssl_get_privatekey` was failing. — , Dec 29 '11 at 21:23
@duskwuff Added code to get all openssl errors, but for some strange reason apparently its empty. — TheLQ, Dec 30 '11 at 01:38
@drew010 All I know is the password isn't protected and I generated it on the server with essentially `openssl genrsa 512`. So unless something is different between the openssl executable I used and the openssl library PHP is using, I can't see why it would fail — TheLQ, Dec 30 '11 at 04:25
I got the same error, except that the way how I fixed it was to keep the private key in the original format (no removal of carriage returns etc). From looking at your code, it seems like you are already doing just fine, but my solution may help others — Antony, Mar 08 '12 at 22:23

score 3 · Answer 1 · edited Jul 16 '14 at 15:48

3

I had this issue today, and the problem was slightly different; I had my privateKey as string in PHP, rather than stored in a file and retrieved using file_get_contents. As soon as I switched to a file-based solution, everything started to work.

edited Jul 16 '14 at 15:48

Pete

57,112
28
117
166

answered Jul 16 '14 at 15:26

user2778850

83
2
6

score 2 · Answer 2 · answered Dec 30 '11 at 21:56

Personally, I would recommend phpseclib, a pure PHP RSA implementation, be used. eg.

<?php
$rsa = new Crypt_RSA();
$rsa->loadKey(file_get_contents('privatekey.txt'));
$rsa->setSignatureMode(CRYPT_RSA_SIGNATURE_PKCS1);
file_put_contents('signature.txt', $rsa->sign(file_get_contents('plaintext.txt')));
?>

That is fully interoperable with OpenSSL as the following demonstrates:

openssl dgst -sha1 -prverify privatekey.txt -signature signature plaintext.txt

score 1 · Accepted Answer · answered Aug 01 '13 at 08:23

1

I had the same error occur using PHP-DKIM

Without seeing the rest of your code, It's difficult to see if it is for the same reason.

However, my issue was that I was including the PHP-DKIM script inside a function.

ie

function sendEmail(){
require 'dkim.php';
//DO STUFF HERE
}

including the file outside the function stopped the error.

ie

require 'dkim.php';
function sendEmail(){
//DO STUFF HERE
}

I hope this helps.

answered Aug 01 '13 at 08:23

Matthew Andrianakos

220
1
2
7

That... might of actually been the problem. IIRC I included it inside the function to limit the scope. Unfortunately I can't confirm this since its an old project that I don't even have access to anymore. – TheLQ Aug 01 '13 at 09:22

Cannot sign anything with PHP openssl_sign?

3 Answers3

Linked