CloudWindMoonSun Posted May 16, 2017 Share Posted May 16, 2017 Hi, I created public key and exported it to a file. It looks like: -----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA498EWxuZK/KsUgIEusEtQOJulgTHwb8C4avtzJnzhosTeKooXvyGFPpex6HcQGSRqrWpNr2yhw1BvJvH2UyEJisl5BJA5Za+ofmbGifCFwCllZ37U1YpOmqpB2Yt+yYElGh5dp+lqs5Q3u3nPkndnLS3bxH7qlZBvR9YPWj9x7IuSXJyopAmdJato8xeNHzmBxWD8FgQKICFpLtGsPXqXRwT0imTs6/EcMqq6fdlp0OyBKyZjw6t47gMeqiuSYz6k41Nf/SbtIC4snUyoUgITvnHjWe1cY7js4kY62A9ZpHX0NpG7JXctxVb+aZOv1rS36bUjcP+bug1W3ZKrTG6hwIDAQAB-----END PUBLIC KEY----- On server side (OSX Sierra) I need to read the key file and use it for encryption/decryption using PHP. My PHP code is as following: $pub_key = file_get_contents("../user_pub_key.crt"); $public_key = openssl_pkey_get_public($pub_key); var_dump($public_key); echo openssl_error_string(); Although $public_key is apparently created and var_dump returns the resource number of it: resource(5) of type (OpenSSL key)but strangely enough, openssl_error_string() also shows the following error: error:0906D06C:PEM routines:PEM_read_bio:no start lineDoes it mean that OpenSSL and PHP on my Mac are not compatible? Or the problem is somewhere else?Thanks in advance,Hassan Quote Link to comment https://forums.phpfreaks.com/topic/303950-openssl-error-when-loading-public-key/ Share on other sites More sharing options...
Solution Jacques1 Posted May 17, 2017 Solution Share Posted May 17, 2017 The documentation is very clear: There's an error if and only if the function returns false. It doesn't matter what kind of error messages you're pulling out of the library; they say nothing about the result of this function call. My guess is that the message is simply coming from a sloppy implementation. The function supports many different input formats, and it looks like the extension authors use trial-and-error to figure out the right one. Chances are they aren't properly clearing the errors in between. And then of course you need to realize that the error storage is global, which means it will be affected by all prior actions. You can't just grab a message and assume it's related to the last function call. Quote Link to comment https://forums.phpfreaks.com/topic/303950-openssl-error-when-loading-public-key/#findComment-1546568 Share on other sites More sharing options...
CloudWindMoonSun Posted May 17, 2017 Author Share Posted May 17, 2017 Hi Jacques1,So to make sure if the error message is not from the previous calls, I clear the openssl error cache. So I tried: $pub_key = file_get_contents("../user_pub_key.crt"); while($message = openssl_error_string()){ echo 'Clear any openssl cache' . PHP_EOL; } $public_key = openssl_pkey_get_public($pub_key); while($message = openssl_error_string()){ echo 'openssl_pkey_get_public() -> ' . $message . PHP_EOL; } var_dump($public_key); Now this is what I get: openssl_pkey_get_public() -> error:0906D06C:PEM routines:PEM_read_bio:no start line resource(6) of type (OpenSSL key) So there can be a problem with openssl_pkey_get_public() perhaps due to trial-and-error logic behind it, although apparently the OpenSSL key is generated with success afterwards, hence I get a resource(6). Is there any way that I make sure the given public key file, has created a proper key? I tried using it in my code later one (like the following digital signature verification) and I got FALSE results. I've tested $hmac and $signature are okay, and the only suspect was $public_key? $result = openssl_verify($hmac, $signature, $public_key, "sha256WithRSAEncryption"); I'm not sure if my PHP and openssl are compatible or not? If they're not then how I can install (or even perhaps build) compatible ones.Thanks Quote Link to comment https://forums.phpfreaks.com/topic/303950-openssl-error-when-loading-public-key/#findComment-1546586 Share on other sites More sharing options...
Jacques1 Posted May 18, 2017 Share Posted May 18, 2017 So to make sure if the error message is not from the previous calls, I clear the openssl error cache. No. You need to stop printing error messages when there is no error. Is there any way that I make sure the given public key file, has created a proper key? As I already said: Check the return value. A resource means the key is valid. If signature verification fails nonetheless, that's likely your fault. Maybe the input parameters don't have the right format, maybe you used a different algorithm for creating the signature, maybe there's some other problem. It's impossible to tell without concrete (example) data. Try verification on the command line with OpenSSL itself. # foo.pub is the public key in PEM format, foo.sig the binary signature, foo.txt the original data openssl dgst -sha256 -verify foo.pub -signature foo.sig foo.txt I'm not sure if my PHP and openssl are compatible or not? Why should they not be compatible? I don't see any indication of a PHP or OpenSSL related problem. Like I said, the problem is likely on your end. 1 Quote Link to comment https://forums.phpfreaks.com/topic/303950-openssl-error-when-loading-public-key/#findComment-1546587 Share on other sites More sharing options...
CloudWindMoonSun Posted May 18, 2017 Author Share Posted May 18, 2017 As I already said: Check the return value. A resource means the key is valid. If signature verification fails nonetheless, that's likely your fault. Maybe the input parameters don't have the right format, maybe you used a different algorithm for creating the signature, maybe there's some other problem. It's impossible to tell without concrete (example) data. Try verification on the command line with OpenSSL itself. # foo.pub is the public key in PEM format, foo.sig the binary signature, foo.txt the original data openssl dgst -sha256 -verify foo.pub -signature foo.sig foo.txt Thanks Jacques1. I'm now convinced that the public key is OK and the problem is somewhere else. I tried your verification command on the command line and the result was :-( Verification Failure I've created the public key and also digital signature in C#. I need to verify signature on server side using PHP. Although I tried to have the identical signing parameter (in C#) and verification (in PHP). Still I get failures. My signing parameters in C# are: public byte[] SignData(byte[] hashOfDataToSign) { using (var rsa = new RSACryptoServiceProvider(2048)) { rsa.PersistKeyInCsp = false; rsa.ImportParameters(PrivateKey); var rsaFormatter = new RSAPKCS1SignatureFormatter(rsa); rsaFormatter.SetHashAlgorithm("SHA256"); return rsaFormatter.CreateSignature(hashOfDataToSign); } } My verification code in PHP side is: //verify signature $result = openssl_verify($hmac, $signature, $userSigningPublicKey, "sha256WithRSAEncryption"); Can you spot where the problem is, please? Quote Link to comment https://forums.phpfreaks.com/topic/303950-openssl-error-when-loading-public-key/#findComment-1546603 Share on other sites More sharing options...
CloudWindMoonSun Posted June 26, 2017 Author Share Posted June 26, 2017 My guess is that the message is simply coming from a sloppy implementation. The function supports many different input formats, and it looks like the extension authors use trial-and-error to figure out the right one. Chances are they aren't properly clearing the errors in between. Thanks @Jacques1, it turned out that problem with my code wasn't due to the public key. As you mentioned above, once PHP returned a 'resource' number, your key had been successfully imported. And that the error messages are just PHP trying to find an answer by testing different scenarios. Quote Link to comment https://forums.phpfreaks.com/topic/303950-openssl-error-when-loading-public-key/#findComment-1547744 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.