Can PHP OpenSSL generate private/public key/certificate pairs?

Question

I wonder if PHP\'s OpenSSL extension can be used to generate private/public key/certificate pairs?

Answer 1

Sure, use openssl_pkey_new:

$privateKey = openssl_pkey_new(array('private_key_bits' => 2048));
$details = openssl_pkey_get_details($privateKey);
$publicKey = $details['key'];

You can export the keys with openssl_pkey_export or openssl_pkey_export_to_file.

Answer 2

I really appreciate the answer from phihag but was still struggling.

Ultimately, this helped:

$privateKeyResource = openssl_pkey_new([
    'private_key_bits' => 2048,
    'private_key_type' => OPENSSL_KEYTYPE_RSA
]);

// Save the private key to a file. Never share this file with anyone. See https://serverfault.com/questions/9708/what-is-a-pem-file-and-how-does-it-differ-from-other-openssl-generated-key-file
openssl_pkey_export_to_file($privateKeyResource, '/path/to/myNewPrivateKey.key');

// Generate the public key for the private key
$privateKeyDetailsArray = openssl_pkey_get_details($privateKeyResource);

// Save the public key to another file. Make this file available to anyone (especially anyone who wants to send you encrypted data).
file_put_contents('/path/to/myNewPublicKey.key', $privateKeyDetailsArray['key']);

// Free the key from memory.
openssl_free_key($privateKeyResource);

See docs:

• https://www.php.net/manual/en/function.openssl-pkey-new.php
• https://www.php.net/manual/en/function.openssl-pkey-get-details.php