openssl_open

PHP compiled without OpenSSL support? Here's how you can call the openssl command-line utility to achieve the same goal:<?php// $sealed and $env_key are assumed to contain the sealed data// and our envelope key, both given to us by the sealer.// specify private key file and passphrase$pkey_file='key.pem';$pkey_pp='netsvc';// call openssl to decrypt envelope key$ph=proc_open('openssl rsautl -decrypt -inkey '. escapeshellarg($pkey_file).' -passin fd:3',array(  0 => array('pipe','r'), // stdin < envelope key  1 => array('pipe','w'), // stdout > decoded envelope key  2 => STDERR,  3 => array('pipe','r'), // < passphrase ),$pipes);// write envelope keyfwrite($pipes[0],$env_key);fclose($pipes[0]);// write private key passphrasefwrite($pipes[3],$pkey_pp);fclose($pipes[3]);// read decoded key, convert to hexadecimal$env_key='';while(!feof($pipes[1])){  $env_key.=sprintf("%02x",ord(fgetc($pipes[1])));}fclose($pipes[1]);if($xc=proc_close($ph)){  echo "Exit code: $xc\n";}// call openssl to decryp$ph=proc_open('openssl rc4 -d -iv 0 -K '.$env_key,array(  0 => array('pipe','r'), // stdin < sealed data  1 => array('pipe','w'), // stdout > opened data  2 => STDERR, ),$pipes);// write sealed datafwrite($pipes[0],$sealed);fclose($pipes[0]);// read opened data//$open=stream_get_contents($pipes[1]);$open='';while(!feof($pipes[1])){  $open.=fgets($pipes[1]);}fclose($pipes[1]);if($xc=proc_close($ph)){  echo "Exit code: $xc\n";}// display the decrypted dataecho $open;?>

Example code, assume mycert.pem is a certificate containing both private and public key.$cert = file_get_contents("mycert.pem");$public = openssl_get_publickey($cert);$private = openssl_get_privatekey($cert);$data = "I'm a lumberjack and I'm okay.";echo "Data before: {$data}\n";openssl_seal($data, $cipher, $e, array($public));echo "Ciphertext: {$cipher}\n";openssl_open($cipher, $open, $e[0], $private);echo "Decrypted: {$open}\n";