从openssl_pkey_get_private()检索原始私钥

时间:2012-08-14 15:13:38

标签: php openssl key private encryption

我花了很多时间试图弄清楚如何使用密码短语从openssl_pkey_get_private()中检索原始私钥数据。我觉得这是一件我想念的简单事情。

这是我的代码:

$config = array(
    "private_key_bits" => 2048, //size of private key
)

$privKey = openssl_pkey_new($config); //creating a private key resource
openssl_pkey_export($privKey, $pkeyout,"test123",$config); //obtaining an encrypted private key
$result = openssl_pkey_get_private($pkeyout, "test123"); //decrypting the encrypted private key
var_dump($result); //print results

不幸的是,我从var_dump()调用获得的是以下输出:     " 资源(2)类型(OpenSSL密钥)"


所以,在我调用openssl_pkey_export之后,$ pkeyout包含类似下面的内容 - 请考虑以下数据 INPUT 以获取openssl_pkey_get_private执行的解密过程:

  
    

-----开始RSA私钥-----

         

Proc-Type:4, ENCRYPTED DEK-Info:DES-EDE3-CBC,84AC553B6367CD10     BOVayTi4R9IZX0V1 /如lbX / YG16v87vQ1AX5apgcPEwOaJDRBUB07iiJwkSEOckR3w YW / 2E27YXhJGaVjSMiBbBycu9AHQIgNhggUCXvzr6AMhDYNAu787c0EUsA7Ax4Yw Gixk9qX / iECcjVXqdoz2 + pSrRUUB5l3T + JyRh8sgKkdcM74dEQ5UDTrMd1Ik26 + N 4Ms8iA9SS9J1FdTBswx119 + WTcybSCBsX0tWPkjf7SARzgL9ee02B61Mua2PypZy RO4UIRGeQy / 0O / ySdUg1L42sTmmwY7odWnwbbYsIgFsSaijDGx14VohgnRbEZK ++ 6Ix0w1ZYSzsKWiZEEuXXC6EvOIv6zOiUmJRW / 0jGjuDIbz0MTtYgU / A99fK97EYo / xWNIm / kfs2gM4ccNVzE / fiVIZg + FVTpkriXPVUhjLUZVoB9vLLZd7RrC55p4tX / 22pgh0RULF2i + wQn6NgeP29naa + 3S1UyfN1USDfFyuZTWuctlK + C6R / yAefsat5X VvwIjdp + wjIbMUV7UmsPlc85O71bq3RjMVfJF / LLc9cOQCFOYacXD8IsYMJqngPz IbO5xBzCDFZuXcM6xvu1UWeGbNz2yG / kC2hiHSS1oMrA6S3JiHTmVSwzOUx5qMXl bYFz19Qqs / qAXj8G4PV5a0VN5m5hy1yAUHsau6oUl750PU5gHlMsFvF2LMAjtrAC VYvtqoLsyc5HBW7eOSa / vCeHuOKnpUvWF / CuthZYX0Uq58pcBbL4CfKRk1yUohRi utKILoMFRsNvKB4iLpMocxvps1clfgIHdPK9c0b6WaFaDjy3ZkCaVjTslosQCjUV DztkGRbCxqPu0M5erqPciO1JxGYCK5 + U5G / FpChqwhwHQSSYxwUV9InZsc59Ogm / qFIDRaJQMEeMi9oP4K5h4L8puvLpoJFAe5Y8GjGIqs7VLj96bjsyc7kyaWkaP4FZ aaDbP + nTqtPxSV4pLX + MGfrr / lZfULutPdXnu / Av3pt92dg7alPme56uzKfs / +我们WIeSyQpvPHcUmnGJZABPagbehpiTe6T9LQ + wCgteZSRCRiEdTgwuKtklB3kC1Hvv GpFS2XGmguKa8qLZU4s1IWILeTcFqbcPLCevwSuy123D6CL4U2lT85Pv8ZHCOqND qvfloF8nVNwyM5NiAbIcxCYxNA8TfCQ6P9Rn4C83r / MYyiUc1ArtKSVgLDluDli9 A3F807Ont42CWCL4sr2aPjxzWUkRBteUUkLdvryYsg804NdD8oPGL5VEAdC435PR OMID + ESmayXreMVCXWwLwTQS1M3yi96wTaSlSWHtSFmzXFI5tmzEDa52 / 5Pl6ksx tcI9dKbHUOj42ZrtWYZhR + K8XwrxEg8u4kkQv2U13bySBihx / WSuZURXSjULyI2h nd8wQddVPFGodxd8CTT / 3gPP97oDC16i3YNj7apKJXrjXl8HvZIyE3yAHnf39dAG JWbC1roUcQfQs0AUrxlAe75Sh9zoV4FKpq4A7JM31zklVjJw3rqjxBmNIBUow586 4WPFsIgGJQ0Gp3PfoO4sl / BuIxVjhe31yYAaeK + jA5K48PCPgirE / NCK / 08cxZdZ

         
      

----- END RSA PRIVATE KEY ---

    
  

我真正想要的是原始的,解密的私钥(openssl_pkey_get_private()的假设 OUTPUT 。注意上面是加密的**(由在" -----开始RSA私人密钥-----")。

这看起来类似于以下内容(请注意,下面的数据没有标题表明它已按上述数据加密)。

  
    

-----开始RSA私钥-----

         

MIIEowIBAAKCAQEAzuhc4J08EiayUSpIQ9MG6FM5JwYm1d0UIaAZ9h2QV4r897Oo GxvxaQ / ceIY7Sdrpc6kWAF + cemKfA84WX6T + LgiimfZnSIDhF1xHFk2Yluc8cyqq gKswgewZi01dVz4nP +1瓦特/ kPUNvZCQr4zxlimp2RiJZEH1wS5ls41iOUqYufz7d2h / 559eE2 / Uh2QQo + LhZt30DtHfLJmjHrxwL6aNFNVKw1iZsEzp36U1iLlrj / + TVjr JlVju9mqeK / Y + eYtWNUVHCCcbhWKO + dJVy0 + baRc8LhK6ogTj7ZYrriBFx6Y3sXY xEwTlvoLITZKvxFX4MH21fg7KSJN4 / JawG4hDQIDAQABAoIBAH5RuFpdRE5kl5sb 8FCQJnhyTsM3a0BIH8FDqHXsqLH5peVoJqqeTa1xxI1Eji / R2ZMGWOtTdAn36dL9 4AT2i0P5e6P5nibSoBmN + cxxBUaj1 / ELzFqPqSa4yQOV8PWReY763HAvYwFHKT7s NlnSx7QMgisjNyEbvl6GeIKiPlVw5CLp + SKDA4TkxyJfHJN9 / En8Pgzx / SOBznYo shXQGCF3cuoW5Hblxl10Vcy + 36SewjDMJKD0AYSEDI2znWEXPV567r80DvMazOug bbzWIk8lLiOhsUBCY8MdHRT9HxQs5tol6Xf84vM / wRX210USTfSo9IRuZxVYb + ED + qdthXUCgYEA5utux38mCEp7iroM8f4lZy8IU3zSuVOzUYJ0l1eYax0YNf7zWaAn rdYf1J3vZIXsfPkuup0jc6WJJ4h8aMlVroiY4Ekjh1rd1iM4x5gEM52knt0jIFTR s5zUYc4aHNEHLYCSxHgBkDQbqlzF2SvEhF1 / F9E8n9DCbl2X + MqqZSMCgYEA5WFK 6g8rZ01CmmiC + WzuW0lVWpaNIi4luKsA6B2fiIjY4Xh46qkddYuwVUxLM3xym7Yo eoFfUu4kiTKGJdTMAkReIn + tqPTg9LwvvHSNH2GMp8 / TjmxbQd + x9QVyGKNnTsLY aYrbcK7rh9fbvZsywNLeYrrt / VrmArpt2FMqPA8CgYBTm / D7WKU7oUREAYNIZ13B k3zvRaXCpnSp0ZNHbNbqCZnHiy0vSVa0kW / Q + TG / zGHJCiwKM3UvnUMgxkFNa4CT的di / sHW84xgTGUPBxDDCRQ8XkI2thfHSFFQas9wPrZR + 1MPVzH4RpYwSVVYvpSviX eIbY59CMiPitH0Q0N6UkgwKBgQCktsHJ48zCKGu8X3I11DAxYy6kl1mPgt3Zhwpm O + cMb2B2QEFsGLar0vxztA6IUUQnZp4YolAmSBX6Y0qLXgyFUDzcvxygKABmHcCV rogsUatkUcvUCSFa41xx21A8OxKTLz2iRHEhsKo3aR1FQW4nowTIlv0RIrXqnZ8F aWr5pwKBgGngeK3PyoXvOZNZ5f9r3i4C3d7UHz9Aiwn2Ulh138dp1AW8d4a9AiTZ RBd9pQGsIsSzhPkTZ65Mx + R6X + V / xfnFjnShronfeNdkpkgACbgQvJTDbg8Asu9x     ifwaEKu8 + t1MqrmPh5vKY6Fhl2DdPkk2evp6eG1t1IO6pAkYb8L5

         

----- END RSA私钥-----

  

总而言之,我想我想说的是我不知道如何检索openssl_pkey_get_private()应该返回的解密私钥。它没有返回 FALSE ,所以它必须正常工作......我只是不知道它放在哪里。

任何帮助都会非常感激,因为我很困难!

非常感谢!

1 个答案:

答案 0 :(得分:3)

我希望这就是你所追求的目标。

$privKey = openssl_pkey_new($config); //retrieve priv key resource
openssl_pkey_export($privKey, $pkeyout); //obtained unencrypted private key.
var_dump($pkeyout); //print results

新生成的密钥还没有密码,因此您可以立即获取未加密的密钥。

修改

根据评论,我用

生成了我自己的密钥对
openssl genrsa -des3 -out privkey.pem 2048

然后,我可以使用以下内容转储未加密的私钥:

$r = openssl_pkey_get_private('file://privkey.pem', 'temp123');
openssl_pkey_export($r, $pkeyout);
var_dump($pkeyout);

您可以提供密钥而不是文件名,只要它是PEM格式化的。

修改2

我无法让您提供的密钥使用您在问题中包含的密码,但它确实可以使用我生成的临时密钥。

我使用的确切代码如下:

$k = <<<EOF
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,878E66CD01D1A379

RIAnkFVcUEfLXqopP/ywpF0yeYWE2LijOmWuGBRgXup/cIA42jrXuRF+WBR5Ni+2
8IWnbiMh9tseTYpAcAp32JeCvlNqes65qEh93qVLKU6K4uYg/rh170hdrUd6DL7R
mLrXWm3ciBCatxancok6uJcP1FksWrdjpR8z9thKAGXWOIVxvudBgK0Fpf/FtmJA
A5x84Zb8FiN+cyJyvYrQm89v9Une+7kA7x6T8Q/QSDvG1ik5efJAFg2vBqo6Jlht
nJjwDQKtTn7tpUANY7Y/aMoEllkEPOM4MFc3r9g59rGq16BTbhBMmI3TUkg0p2nx
tIOq1N568RYh8OVGtaHu5HJ0W7LKmtqhgvSj70i+ed4wOJotQ+OXCfS6SWQKrS4o
jLFNuH6K7uzO4GGnacSupFtyO29UiCYmV0LQpLCg599ffjuHI+iFBj1JeRrEDc4W
z+6jc4gnLdgAJVoTUD0skx3VinXrjf5q5/ctZOOWCHSFV3BeuatfuGj8w/oKM9Y2
ppYcI5uyA07+a0mVmSvpJIJMcAf8FlIRf3HfTkjkyaCD8h1SbDtaBSdlkKRZHqUX
f7jSe58MqwYZiLRcX0mYxZfv9oVDzT4AgIiTwFF33zQriBSer/TI57WLV+PZ3j9y
lolXdK6pkAPkMnJSbpcf0RcXvDrY646J5pxgylGgn/A1mgD1btmJSVBbcb75Wy3e
Heir6+VaQ/V/j8U9nZfNkGqnEv3TwGhj8u010tgeG/lfxA3eQMw04WlRac37GlRr
IrEbpOW88JZIknvY1w8/c+uzGDIRL8ucUkL1s5j626Z8UxN7KTuuXaWNdenPGzx/
pgAwNlkhS+f4uUajYDEbgy7o1v7L1K0xRDglqTTXmycr82mMTNZR0r/KRt7dlDI1
ZM/7BIT0iRsm+16ZBF/R9i0S3uu4ox87cBfaIOlo9h73tYM/6RMJ0NfsPJtSzzM+
dRZRuyNImA8PDQG2yTmIhOmDQbnzywBsNfWfFX+8SJtAHPnENMvdwkWrDgaVSvPK
K4PzRLqKG3oU9CdXk+y2fFxumFeMUbupLh/AgQWiVsEdA1Igz7jQ2iIrC8BB0Jy6
igOMn9Db/o/fJ4QMe0IIdw4ZIqhVt0IIt50ElZHd8ASLpQxhggXtafpcO/fn0Rpx
ZJ7hWff9hIGbGQtf5i3fy8RUjUpplPYkleQCQls6Dss5c31vTX4evEAWzfKLe0eA
Cuq1uTJ8aB13cRbcHTmR0i8GLiE/93U2oB+hPVCeZEWtPAaqOyVIsU8uD7/2xNa2
C73gtJ3N3Kr8SR5QSB3aRZEA1uxAbtvNRUl9Vo8ECw+S2l0iGmrzXtVY1+4sGu9K
57+kobM58y1eNuwyCuv8uryCoA2CdMBGwKZn2XgLPda7RBIfY52u7R/oM3Pm2JbT
iVL2PxeTCSuH/Z3FKbRdTQ/0+IvR/Xd70rnTTkQD6TdMa53UEg3xnftOfZr9JrWw
/mYvYAQdgwARddTlG2sS7dMG0erHlVzN+kKSC8CGEVgHMNpyjWdFT7rwksC4s85c
iJ/BIYymy2sCpr/YnzT2blE1hFCrLbyc1FuBh+SDr9jtnVvErndlMg==
-----END RSA PRIVATE KEY-----
EOF;

$r = openssl_pkey_get_private($k, 'temp123');
openssl_pkey_export($r, $pkeyout);
var_dump($pkeyout);

输出是:

string(1675) "-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAtAOvzSslm7QPNRRZgHC9zAbl/f1U1Ni5vmHqazmNaSvM+Wwq
ZbbeFtBfnSB13Q9aBt7oEFjaS7yhmBcdy9/JkzO7eOpxQOFNaHpXf8a95Qlhpt7x
S++4VXzX2RB2ja0xBLacggXz6puRaaH4zwsxTKzeyzdfochovpj1JMRNHJYj5Hi7
EJy3gxL6Lmi5PMir0cu/J86Ls0tcRMJjSdtWH9Ut9TQNhn6wyrHm4mM7SL+j5eBZ
mZlRRAb/Is3r+/mn23UNUEMcVpi7FHi2jgVwrEToWZugWcdQOnQFBkAFSaEZFvO9
OmctbiNZY1ZvB3mDyZIzVGHBpdPNNaYpZg3q2QIDAQABAoIBAD6E3USrTId0FKgB
pkf2X+SBLNV2a0T09CWLyidtOJCjNrAVgfALf7x6qAphIK4iy8iBGCW9RitxmsnA
lYed9FscZ2rKOYUn+oNjogntkzv9cx3KZhFSczm1fx2TGyl/UfvqFBcQTDNZzjna
mBgIMhoIG+SGGb+NY9t2MgWP65wWb6vJgQTw7NeaZguA6gGfvsdI/VSv2xHvHe2Q
MiVIQxfBoOPOs9mCOJJMSsfDogo0JE7MehV+D2mx5ZA3uJLN+0cvvYO48SvdJwXB
fp3lmT+XbXSDJ/KB/AxgONgl3lb4clr46pXkdWWBfwTMJmOGcLLvaBjniZGUBOeW
3v8RWoECgYEA313cXyxc2WWJiaXJqnPC/+L9AVpYZYJZEt2T8D4uffJJUe61k3Vu
G4UlGaeCpRakfWr7QuKyPOsWyDsXrTXivftGnlflFGAiAV+ssfs1YdjnwHWIJ3Xg
fSyVPyQCZprDtCzrHKlUCYh4uyuUP9X9B6iSdFCDczLEYb8hIPgu9dECgYEAzlBo
dG2f7u93FoLlmzxPU2HnZlu/xtyCwo0phr7Z+cX+2D3KWAHnEYDtE+hOX7cxg/UF
RMLkApFz3H962bu5eFIsMtkd/XigD4ByNxSr9rKxsKisEg9UCnFwiR8jCXeCCjYP
/OjFAH2yk0J2zYOa091sin94G6qjSGAyPwNX/okCgYEAo0rz+yPscQXY6aco6hKd
AQLJYb7RlswXIEKaj2x2Ap8o2NwBJF8Z8saAm+OpD9WgxQt7yqb+FKjsy87ffUJC
lA7pzoKFN0McORLfpnH20aSHsFx8ABUd24THSxShKK+F2Odprldf12RMltDCHXTr
+ThUcPIXVxVLGgZnSroFYrECgYA+x0zhkLIH3KoaGX6QfAuPTc1B4k06z8KiPJ4U
OGLPlCX12ueFXB7ZvqdlVVzz1ySkCJyvzbXf6i6dO9VAB9Vp/Wchmdt8U4Yw8V7P
z+R7zugu30RswmlKPDaIIwdgTBMv1D+NL68ydQ0vrhvEcXVdXpU2l48OrB+/WDYx
4myWMQKBgGFVuEOb4yKHTeQo5R/+gRsyrDIE0Xzq5t3WZjssjeju5q5c6Fp24qDb
jq8SNkLXOMsATc9iLnYKeZa2EXR2w548LmY2L+TGk/XT2eZrFY0NImaDIPwS7KFq
keO8GceLlhXU3wgDSb6NWkuCxDJrYJqhGVFHmuI7/Ntll2o4eVuD
-----END RSA PRIVATE KEY-----
"