Jul
7
PHP Warning: openssl_public_encrypt(): key parameter is not a valid public key in /script.php on line 175
If you experienced problems with OpenSSL and PHP, especially functions like openssl_pkey_get_public and openssl_pkey_get_private not willing to initialise from the provided public and private key strings, then you just need a few tweaks to get things running, because the key formats are not compatible. If you are used to using ssh-keygen command line tool to generate your key pair, you will need to manually edit the public key in order to make it php openssl compatible. For example your tmp_rsa.pub key looks like this:
ssh-rsa ABABB3NzaC1yc2EAAAABIwAAAQEAtO9f1rn1plAH5flOotX0NYFjfQH7xt0dukt7v 8Nt3g7GFijXsoc+/+1SNSusHbj4LfBPXgKQJJoaZaCoQIWjBIXXKlODv+z2pSMBvvCPRThSFetqeh /0pWcdiHPsmPOYpHby7zzwNKPCDyMrVrlC7FsaGmOC+F7FvSGA1PLdYEiOiJV/OmxQ 2HELrmhYPDc0vVPHfOETygNjjqMUuu8QwLvBgk3OUbT1m5NRNHMnpgPOID6+BBumLs M0t8jOp1/AQG3pQFtlLBNETOMe7nuBPuE5pPhr5HbyV+9FUGI2FiYlNl7G+d8VlibR2wZkGHsa p6mmzmJi64x4gNDdil+QDa== xyz@computer
That’s good for shell but not good enough for PHP openssl_pkey_get_public() function. You will need to manually edit it, and in the end it should look like this:
-----BEGIN PUBLIC KEY----- ABABB3NzaC1yc2EAAAABIwAAAQEAtO9f1rn1plAH5flOotX0NYFjfQH7xt0dukt7v 8Nt3g7GFijXsoc+/+1SNSusHbj4LfBPXgKQJJoaZaCoQIWjBIXXKlODv+z2pSMBvvC PRThSFetqeh/0pWcdiHPsmPOYpHby7zzwNKPCDyMrVrlC7FsaGmOC+F7FvSGA1 PLdYEiOiJV/OmxQ2HELrmhYPDc0vVPHfOETygNjjqMUuu8QwLvBgk3OUbT1m5N RNHMnpgPOID6+BBumLsM0t8jOp1/AQG3pQFtlLBNETOMe7nuBPuE5pPhr5HbyV +9FUGI2FiYlNl7G+d8VlibR2wZkGHsap6mmzmJi64x4gNDdil+QDa== -----END PUBLIC KEY-----
Don’t ask me why, it simply won’t work (or at least in my case didn’t work) if you don’t do it. It will still be complaining about some start line:
error:0906D06C:PEM routines:PEM_read_bio:no start line
But that is obviously a trivial error, which you can ignore. I haven’t figured out yet how to avoid it.
Another thing -
make sure you check for ssl errors after each ssl function. Here is a simple fn which can be helpful in your openSSL wrapper class:
//! Checks for recent OpenSSL errors, and logs them.
//! \return true if no errors found, otherwise false.
public static function check_ssl_error()
{
$ret = true;
while ($msg = openssl_error_string())
{
// --- todo : log the error in your log file
$ret = false;
}
return $ret;
}
So in the end you will init your openssl wrapper like this:
$public_key_str = file_get_contents("./public.key");
$private_key_str = file_get_contents("./private.key");
MY_ASSERT($public_key_str, "Public key not found.");
MY_ASSERT($private_key_str, "Private key not found.");
$this->public_key = openssl_pkey_get_public($public_key_str);
OpenSSLWrapper::check_ssl_error();
OpenSSLWrapper::check_ssl_error();
$this->private_key = openssl_pkey_get_private($private_key_str);
OpenSSLWrapper::check_ssl_error();
