Chaos Engine » public key http://dev.modmancer.com Sometimes I drink to forget.. but then I forget to drink.. Mon, 06 Feb 2012 16:11:00 +0000 en hourly 1 http://wordpress.org/?v=3.3.1 PHP and OpenSSL key format (“key parameter is not a valid public key”) http://dev.modmancer.com/index.php/2010/07/07/php-and-openssl-key-format/ http://dev.modmancer.com/index.php/2010/07/07/php-and-openssl-key-format/#comments Wed, 07 Jul 2010 22:27:34 +0000 akiko http://dev.modmancer.com/?p=73 PHP Warning: openssl_public_encrypt(): key parameter is not a valid public key in /script.php on line 175

If you experienced problems with OpenSSL and PHP, especially functions like openssl_pkey_get_public and openssl_pkey_get_private not willing to initialise from the provided public and private key strings, then you just need a few tweaks to get things running, because the key formats are not compatible. If you are used to using ssh-keygen command line tool to generate your key pair, you will need to manually edit the public key in order to make it php openssl compatible. For example your tmp_rsa.pub key looks like this:

ssh-rsa ABABB3NzaC1yc2EAAAABIwAAAQEAtO9f1rn1plAH5flOotX0NYFjfQH7xt0dukt7v
8Nt3g7GFijXsoc+/+1SNSusHbj4LfBPXgKQJJoaZaCoQIWjBIXXKlODv+z2pSMBvvCPRThSFetqeh
/0pWcdiHPsmPOYpHby7zzwNKPCDyMrVrlC7FsaGmOC+F7FvSGA1PLdYEiOiJV/OmxQ
2HELrmhYPDc0vVPHfOETygNjjqMUuu8QwLvBgk3OUbT1m5NRNHMnpgPOID6+BBumLs
M0t8jOp1/AQG3pQFtlLBNETOMe7nuBPuE5pPhr5HbyV+9FUGI2FiYlNl7G+d8VlibR2wZkGHsa
p6mmzmJi64x4gNDdil+QDa== xyz@computer

That’s good for shell but not good enough for PHP openssl_pkey_get_public() function. You will need to manually edit it, and in the end it should look like this:

-----BEGIN PUBLIC KEY-----
ABABB3NzaC1yc2EAAAABIwAAAQEAtO9f1rn1plAH5flOotX0NYFjfQH7xt0dukt7v
8Nt3g7GFijXsoc+/+1SNSusHbj4LfBPXgKQJJoaZaCoQIWjBIXXKlODv+z2pSMBvvC
PRThSFetqeh/0pWcdiHPsmPOYpHby7zzwNKPCDyMrVrlC7FsaGmOC+F7FvSGA1
PLdYEiOiJV/OmxQ2HELrmhYPDc0vVPHfOETygNjjqMUuu8QwLvBgk3OUbT1m5N
RNHMnpgPOID6+BBumLsM0t8jOp1/AQG3pQFtlLBNETOMe7nuBPuE5pPhr5HbyV
+9FUGI2FiYlNl7G+d8VlibR2wZkGHsap6mmzmJi64x4gNDdil+QDa==
-----END PUBLIC KEY-----

Don’t ask me why, it simply won’t work (or at least in my case didn’t work) if you don’t do it. It will still be complaining about some start line:

error:0906D06C:PEM routines:PEM_read_bio:no start line

But that is obviously a trivial error, which you can ignore. I haven’t figured out yet how to avoid it.

Another thing -
make sure you check for ssl errors after each ssl function. Here is a simple fn which can be helpful in your openSSL wrapper class:

//! Checks for recent OpenSSL errors, and logs them.
//! \return true if no errors found, otherwise false.
public static function check_ssl_error()
{
  $ret = true;
  while ($msg = openssl_error_string())
  {
    // --- todo : log the error in your log file
    $ret = false;
  }
  return $ret;
}

So in the end you will init your openssl wrapper like this:

$public_key_str = file_get_contents("./public.key");
$private_key_str = file_get_contents("./private.key");

MY_ASSERT($public_key_str, "Public key not found.");
MY_ASSERT($private_key_str, "Private key not found.");

$this->public_key = openssl_pkey_get_public($public_key_str);
OpenSSLWrapper::check_ssl_error();
OpenSSLWrapper::check_ssl_error();
$this->private_key = openssl_pkey_get_private($private_key_str);
OpenSSLWrapper::check_ssl_error();
]]> http://dev.modmancer.com/index.php/2010/07/07/php-and-openssl-key-format/feed/ 1