wujh Posted October 6, 2017 Share Posted October 6, 2017 Hi guys, new here. New to php as well. Need to sign profile using openSSL. Bumping into the an error that I can't resolve. Any insights would be appreciated. Functions.php function signProfile() { $filename = "./template.mobileconfig"; $filename = realpath($filename); $outFilename = $filename . ".tmp"; $pkey = dirname(__FILE__) . "/PteKey.key"; $pkey = realpath($pkey); $certFile = dirname(__FILE__) . "/CertToSign.crt"; $certFile = realpath($certFile); // try signing the plain XML profile if (openssl_pkcs7_sign($filename, $outFilename, 'file://'.$certFile, array('file://'.$pkey, ""), array(), 0, "")) { // get the data back from the filesystem $signedString = file_get_contents($outFilename); // trim the fat $trimmedString = preg_replace('/(.+\n)+\n/', '', $signedString, 1); // convert to binary (DER) $decodedString = base64_decode($trimmedString); // write the file back to the filesystem (using the filename originally given) $fh = fopen($filename, 'w'); fwrite($fh, $decodedString); fclose($fh); // delete the temporary file unlink($outFilename); return TRUE; } else { return FALSE; } } From IDE: Error message: File Dir: Quote Link to comment https://forums.phpfreaks.com/topic/305221-openssl_pkcs7_sign-error-opening-file/ Share on other sites More sharing options...
requinix Posted October 6, 2017 Share Posted October 6, 2017 Your private key is web-accessible! Don't do that! And openssl_pkcs7_sign($filename, $outFilename, 'file://'.$certFile, array('file://'.$pkey, ""), array(), 0, "")don't pass extra parameters when you aren't using them: the last two are optional so leave them out or else PHP will think it should try to use them. Quote Link to comment https://forums.phpfreaks.com/topic/305221-openssl_pkcs7_sign-error-opening-file/#findComment-1552443 Share on other sites More sharing options...
wujh Posted October 6, 2017 Author Share Posted October 6, 2017 "Posted Today, 09:30 AM Your private key is web-accessible! Don't do that!" Sorry, I'm not familiar what it means? How have I leaked it? Quote Link to comment https://forums.phpfreaks.com/topic/305221-openssl_pkcs7_sign-error-opening-file/#findComment-1552444 Share on other sites More sharing options...
wujh Posted October 6, 2017 Author Share Posted October 6, 2017 Your private key is web-accessible! Don't do that! And openssl_pkcs7_sign($filename, $outFilename, 'file://'.$certFile, array('file://'.$pkey, ""), array(), 0, "")don't pass extra parameters when you aren't using them: the last two are optional so leave them out or else PHP will think it should try to use them. How can I edit my question? I don't have the power to do so. Could you remove what's considered information that's private? Quote Link to comment https://forums.phpfreaks.com/topic/305221-openssl_pkcs7_sign-error-opening-file/#findComment-1552445 Share on other sites More sharing options...
requinix Posted October 6, 2017 Share Posted October 6, 2017 (edited) You didn't post it here - I mean the private key is C:\wamp64\www\common\PteKey.key, which means if someone went to http://localhost/common/PteKey.keythey could download your key. I know it's not a real site now and only you can get to it, but you still need to fix it as soon as you can. If you don't want the public key to be public (you might not) or the certificate to sign (probably shouldn't) then those need to move too. [edit] With my magic admin powers I've discovered that your web server is open to the internet. Like I can tell you the private key is named SGPCCS.key. That's really, really bad. Remove the keys immediately, revoke them if applicable, and create a new key pair that isn't available to the world. Edited October 6, 2017 by requinix Quote Link to comment https://forums.phpfreaks.com/topic/305221-openssl_pkcs7_sign-error-opening-file/#findComment-1552446 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.