Jump to content

Recommended Posts

Hi guys, new here. New to php as well.

 

Need to sign profile using openSSL. Bumping into the an error that I can't resolve.

 

Any insights would be appreciated.

 

Functions.php

function signProfile()
{
    $filename = "./template.mobileconfig";
    $filename = realpath($filename);
    $outFilename = $filename . ".tmp";
    $pkey = dirname(__FILE__) . "/PteKey.key";
    $pkey = realpath($pkey);
    $certFile = dirname(__FILE__) . "/CertToSign.crt";
    $certFile = realpath($certFile);

    // try signing the plain XML profile
    if (openssl_pkcs7_sign($filename, $outFilename, 'file://'.$certFile, array('file://'.$pkey, ""), array(), 0, "")) 
    {
        // get the data back from the filesystem
        $signedString = file_get_contents($outFilename);
        // trim the fat
        $trimmedString = preg_replace('/(.+\n)+\n/', '', $signedString, 1);
        // convert to binary (DER)
        $decodedString = base64_decode($trimmedString);
        // write the file back to the filesystem (using the filename originally given)
        $fh = fopen($filename, 'w');
        fwrite($fh, $decodedString);
        fclose($fh);
        // delete the temporary file
        unlink($outFilename);
        return TRUE;
    } 
    else
    {
        return FALSE;
    }
}

From IDE:

 

Ok1DbUx.png

 

Error message:

 

EcHTi.png

 

File Dir:

 

tGuqe.png

Link to comment
https://forums.phpfreaks.com/topic/305221-openssl_pkcs7_sign-error-opening-file/
Share on other sites

Your private key is web-accessible! Don't do that!

 

And

openssl_pkcs7_sign($filename, $outFilename, 'file://'.$certFile, array('file://'.$pkey, ""), array(), 0, "")
don't pass extra parameters when you aren't using them: the last two are optional so leave them out or else PHP will think it should try to use them.

Your private key is web-accessible! Don't do that!

 

And

openssl_pkcs7_sign($filename, $outFilename, 'file://'.$certFile, array('file://'.$pkey, ""), array(), 0, "")
don't pass extra parameters when you aren't using them: the last two are optional so leave them out or else PHP will think it should try to use them.

 

 

How can I edit my question? I don't have the power to do so. Could you remove what's considered information that's private?

You didn't post it here - I mean

tGuqe.png

the private key is C:\wamp64\www\common\PteKey.key, which means if someone went to

http://localhost/common/PteKey.key
they could download your key.

 

I know it's not a real site now and only you can get to it, but you still need to fix it as soon as you can.

If you don't want the public key to be public (you might not) or the certificate to sign (probably shouldn't) then those need to move too.

 

 

[edit] With my magic admin powers I've discovered that your web server is open to the internet. Like I can tell you the private key is named SGPCCS.key. That's really, really bad. Remove the keys immediately, revoke them if applicable, and create a new key pair that isn't available to the world.

Edited by requinix
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.