问题
I want to generate example.com.crt and example.com.pem using php. The Linux command to get the files is given:
openssl req -newkey rsa:2048 -new -x509 -days 3652 -nodes
-out example.com.crt -keyout example.com.pem
I want to get the two file contents in two string in php. What is the php equivalent code for this?
UPDATE: Please don't ask to execute the Linux command.
回答1:
You could use phpseclib, a pure PHP X.509 implementation:
http://phpseclib.sourceforge.net/x509/examples.html#selfsigned
<?php
include('File/X509.php');
include('Crypt/RSA.php');
// create private key / x.509 cert for stunnel / website
$privKey = new Crypt_RSA();
extract($privKey->createKey());
$privKey->loadKey($privatekey);
$pubKey = new Crypt_RSA();
$pubKey->loadKey($publickey);
$pubKey->setPublicKey();
$subject = new File_X509();
$subject->setDNProp('id-at-organizationName', 'phpseclib demo cert');
//$subject->removeDNProp('id-at-organizationName');
$subject->setPublicKey($pubKey);
$issuer = new File_X509();
$issuer->setPrivateKey($privKey);
$issuer->setDN($subject->getDN());
$x509 = new File_X509();
//$x509->setStartDate('-1 month'); // default: now
//$x509->setEndDate('+1 year'); // default: +1 year
$result = $x509->sign($issuer, $subject);
echo "the stunnel.pem contents are as follows:\r\n\r\n";
echo $privKey->getPrivateKey();
echo "\r\n";
echo $x509->saveX509($result);
echo "\r\n";
?>
That'll create a private key and a self-signed X.509 cert (as your CLI example does) with the private keys corresponding public key.
回答2:
here another command:
<?php
// generate 2048-bit RSA key
$pkGenerate = openssl_pkey_new(array(
'private_key_bits' => 2048,
'private_key_type' => OPENSSL_KEYTYPE_RSA
));
// get the private key
openssl_pkey_export($pkGenerate,$pkGeneratePrivate); // NOTE: second argument is passed by reference
// get the public key
$pkGenerateDetails = openssl_pkey_get_details($pkGenerate);
$pkGeneratePublic = $pkGenerateDetails['key'];
// free resources
openssl_pkey_free($pkGenerate);
// fetch/import public key from PEM formatted string
// remember $pkGeneratePrivate now is PEM formatted...
// this is an alternative method from the public retrieval in previous
$pkImport = openssl_pkey_get_private($pkGeneratePrivate); // import
$pkImportDetails = openssl_pkey_get_details($pkImport); // same as getting the public key in previous
$pkImportPublic = $pkImportDetails['key'];
openssl_pkey_free($pkImport); // clean up
// let's see 'em
echo "\n".$pkGeneratePrivate
."\n".$pkGeneratePublic
."\n".$pkImportPublic
."\n".'Public keys are '.(strcmp($pkGeneratePublic,$pkImportPublic)?'different':'identical').'.';
?>
回答3:
Execute the command with the exec() or system() function, then read the output files with file_get_contents().
回答4:
There is OpenSSL extension to PHP, you should check if it is not enough for you as it would be better to use it insteaf of exec():
http://php.net/manual/en/book.openssl.php
回答5:
Perhaps it's not the finest solution, but you can use exec() and file_get_contents(), something like:
exec("openssl req -newkey rsa:2048 -new -x509 -days 3652 -nodes -out example.com.crt -keyout example.com.pem");
$crtFile = file_get_contents("example.com.crt");
$pemFile = file_get_contents("example.com.pem");
Be aware file permissions and obviously file paths. Better if you add some error handling around these commands.
Read more: http://php.net/manual/en/function.exec.php
And: http://php.net/manual/en/function.file-get-contents.php
来源:https://stackoverflow.com/questions/13622630/openssl-command-in-php