This library wraps the php openssl extension, allowing you to handle PKCS #12 keystores, X509 Certificates and OpenSSH keys in an object oriented way.
- PKCS #12 keystore handling
- X509 certificate information
- CRL check
- PrivateKey de/encryption
- Check signatures
All error reporting is based on exceptions. php_openssl usually requires you to check last_error after an operation, the library does this for you and throws an exception if something failed.
Given a PKCS #12 keystore the library can extract the private key and sign any message with it, returning the signature:
<?php
try {
$passphrase = 'keystore passphrase';
$keyStore = PKCS12::initFromFile('path/to/keystore.pkcs12', $passphrase);
$signature = $keyStore->privateKey->sign($message);
} catch(KeyStoreDecryptionFailedException $e) {
die('Wrong passphrase.');
}
return $signature;To verify a signature against a message you simply need the X509Certificate holding the public key that corresponds to the private key the message was signed with.
<?php
$pemCert = 'base64 encoded string';
$certificate = new X509Certificate($pemCert);
$valid = $certificate->publicKey->verify($message, $signature);
if($valid) {
echo 'Signature is valid';
} else {
echo 'Signature is invalid';
}OpenSSH private keys are also handled by this library.
<?php
try {
$passphrase = 'private key passphrase';
$privateKey = PrivateKey::initFromFile('~/.ssh/id_rsa', $passphrase);
$signature = $privateKey->sign($message);
} catch(PrivateKeyDecryptionFailedException $e) {
die('Wrong passphrase.');
}
return $signature;<?php
$pemCert = 'base64 encoded string';
$certificate = new X509Certificate($pemCert);<?php
$certificate->checkCRL(array('path/to/intermediate_certificates'));