openssl_pkey_get_private

(PHP 4 >= 4.2.0, PHP 5, PHP 7)

openssl_pkey_get_private — Get a private key

说明

resource openssl_pkey_get_private ( mixed $key [, string $passphrase = "" ] )

openssl_get_privatekey() parses key and prepares it for use by other functions.

参数

key

key can be one of the following:

a string having the format file://path/to/file.pem. The named file must contain a PEM encoded certificate/private key (it may contain both).
A PEM formatted private key.

passphrase

The optional parameter passphrase must be used if the specified key is encrypted (protected by a passphrase).

返回值

Returns a positive key resource identifier on success, or FALSE on error.

User Contributed Notes

geoff at hostfission dot com 22-Oct-2016 06:48


Since this function can be used to load a PEM encoded string also, those that are using it relying on user input should be sure to check that the passed data is indeed a PEM encoded string and not a malicious file path.



The following should be sufficient.



<?PHP

  $private = trim($_POST['private']);

  if (strpos($private, '-----') !== 0) return false;

?>

kristof1 at mailbox dot hu 11-May-2014 12:34


It's actually "file://key.pem" when you want to give a relative path using unix systems. It will be three '/' in case of absolute path (e.g "file:///home/username/..."). But this path consists of two '/' originated from "file://" and one '/' from the fact that home is a subfolder of the unix filesystem's root directory ("/home/username/..."). This two part will be concatenated and you will get three '/' characters following each other.



So you only have to concatenate "file://" with an existing path string in every case.

joelhy 28-Feb-2011 08:46


Please note that "file://path/to/file.pem" in documentation means file protocol + file path. In UNIX like OS, that is something like file:///rsa_private_key.pem. There is THREE slashes in the path string, not TWO.