If you experienced problems with OpenSSL and PHP, especially functions like openssl_pkey_get_public and openssl_pkey_get_private not willing to initialise from the provided public and private key strings, then you just need a few tweaks to get things running, because the key formats are not compatible. If you are used to using ssh-keygen command line tool to generate your key pair, you will need to manually edit the public key in order to make it php openssl compatible. For example your tmp_rsa.pub key looks like this:

ssh-rsa ABABB3NzaC1yc2EAAAABIwAAAQEAtO9f1rn1plAH5flOotX0NYFjfQH7xt0dukt7v
8Nt3g7GFijXsoc+/+1SNSusHbj4LfBPXgKQJJoaZaCoQIWjBIXXKlODv+z2pSMBvvCPRThSFetqeh
/0pWcdiHPsmPOYpHby7zzwNKPCDyMrVrlC7FsaGmOC+F7FvSGA1PLdYEiOiJV/OmxQ
2HELrmhYPDc0vVPHfOETygNjjqMUuu8QwLvBgk3OUbT1m5NRNHMnpgPOID6+BBumLs
M0t8jOp1/AQG3pQFtlLBNETOMe7nuBPuE5pPhr5HbyV+9FUGI2FiYlNl7G+d8VlibR2wZkGHsa
p6mmzmJi64x4gNDdil+QDa== xyz@computer

That’s good for shell but not good enough for PHP openssl_pkey_get_public() function. You will need to manually edit it, and in the end it should look like this:

-----BEGIN PUBLIC KEY-----
ABABB3NzaC1yc2EAAAABIwAAAQEAtO9f1rn1plAH5flOotX0NYFjfQH7xt0dukt7v
8Nt3g7GFijXsoc+/+1SNSusHbj4LfBPXgKQJJoaZaCoQIWjBIXXKlODv+z2pSMBvvC
PRThSFetqeh/0pWcdiHPsmPOYpHby7zzwNKPCDyMrVrlC7FsaGmOC+F7FvSGA1
PLdYEiOiJV/OmxQ2HELrmhYPDc0vVPHfOETygNjjqMUuu8QwLvBgk3OUbT1m5N
RNHMnpgPOID6+BBumLsM0t8jOp1/AQG3pQFtlLBNETOMe7nuBPuE5pPhr5HbyV
+9FUGI2FiYlNl7G+d8VlibR2wZkGHsap6mmzmJi64x4gNDdil+QDa==
-----END PUBLIC KEY-----

Don’t ask me why, it simply won’t work (or at least in my case didn’t work) if you don’t do it. It will still be complaining about some start line:

error:0906D06C:PEM routines:PEM_read_bio:no start line

But that is obviously a trivial error, which you can ignore. I haven’t figured out yet how to avoid it.

Another thing -
make sure you check for ssl errors after each ssl function. Here is a simple fn which can be helpful in your openSSL wrapper class:

//! Checks for recent OpenSSL errors, and logs them.
//! \return true if no errors found, otherwise false.
public static function check_ssl_error()
{
  $ret = true;
  while ($msg = openssl_error_string())
  {
    // --- todo : log the error in your log file
    $ret = false;
  }
  return $ret;
}

So in the end you will init your openssl wrapper like this:

$public_key_str = file_get_contents("./public.key");
$private_key_str = file_get_contents("./private.key");

MY_ASSERT($public_key_str, "Public key not found.");
MY_ASSERT($private_key_str, "Private key not found.");

$this->public_key = openssl_pkey_get_public($public_key_str);
OpenSSLWrapper::check_ssl_error();
OpenSSLWrapper::check_ssl_error();
$this->private_key = openssl_pkey_get_private($private_key_str);
OpenSSLWrapper::check_ssl_error();

One of the things that was bothering me a lot was syncing Firefox and it’s bookmarks/passwords on different computers. Especially when I change a computer and forget to pickup whatever I needed on a USB stick(encrypted one). And I need my bookmarks. I’m one of those geeks who have been keeping a well organized bookmarks for the past 10+ years. I’ve been digging around a bit and found a perfect solution. It comes down to this: Lighttpd via WebDAV and HTTPS and one neat plugin for Firefox.

This short HOWTO assumes that you know your way around with Lighty. I won’t go too deep into details but if you need some additional help just let me know. So, you’ll need Lighttpd compiled with WebDAV support. Once that is done you need the following in your lighttpd.conf:

$HTTP["host"] == "sync.com" {
server.document-root = "/home/user/sync"
server.errorlog      = "/var/log/sync.error.log"
accesslog.filename   = "/var/log//sync.access.log"
webdav.activate = "enable"
webdav.is-readonly = "disable"
}

This will allow you to read and write data to /home/user/sync which will be our central location for keeping bookmarks and/or passwords. I suggest using this location only via HTTPS.

Give settings will allow anyone rw access. Not a good idea. Add something like this to your Lighttpd configuration:

$HTTP["host"] =~ "sync.com" {
auth.require = ("/" => (
"method"  => "digest",
"realm"   => "Datasphere entrance",
"require" => "user=username"
))
}

Or tweak this password protection in any other way available for Lighty –> http://redmine.lighttpd.net/projects/lighttpd/wiki/Docs:ModAuth

We’re almost done.

Next step is to install Syncplaces addon for Firefox.You can find it here: https://addons.mozilla.org/en-US/firefox/addon/8426

It’s pretty easy to setup. There are just a few things you need to change in the Options menu: Host should be whatever is the hostname of your sync site and paths to files for passwords and bookmarks. By default those are /syncplaces.xml, /syncplaces.html and /passwords. Change them to whatever you want. Syncplaces can be tweaked to do automatic syncing at whatever time you like. Or when you shut down Firefox thus making sure that the latest bookmarks and passwords will be on server once you go an pull the data from another computer.

I’ve tried to keep this HOWTO as simple as possible. If any part of it is not clear enough let me know and I’ll explain.

2010-03-05 10:23:01: (network.c.529) SSL: error:00000000:lib(0):func(0):reason(0)

And that’s it. Lighty will die. Well, here is a quick fix till new port is released:

cd /usr/ports/www/lighttpd
make install clean then Ctrl + C when it starts configuring
cd work/lighttpd-1..26/src/
rm network.c
fetch http://redmine.lighttpd.net/projects/lighttpd/repository/revisions/2716/
raw/branches/lighttpd-1.4.x/src/network.c
cd ../../ && make install clean

And that’s it. It will fix the issue.