openssl_open

    (PHP 4 >= 4.0.4, PHP 5, PHP 7, PHP 8)

    openssl_openOpen sealed data

    Descrizione

    openssl_open(
        string $data,
        #[\SensitiveParameter] string &$output,
        string $encrypted_key,
        #[\SensitiveParameter] OpenSSLAsymmetricKey|OpenSSLCertificate|array|string $private_key,
        string $cipher_algo,
        ?string $iv = null
    ): bool

    openssl_open() opens (decrypts) data using an envelope key that is decrypted from encrypted_key using private_key. The decryption is done using cipher_algo and iv. The IV is required only if the cipher method requires it. The function fills output with the decrypted data. The envelope key is usually generated when the data are sealed using a public key that is associated with the private key. See openssl_seal() for more information.

    Elenco dei parametri

    data

    The sealed data.

    output

    If the call is successful the opened data is returned in this parameter.

    encrypted_key

    The encrypted symmetric key that can be decrypted using private_key.

    private_key

    The private key used for decrypting encrypted_key.

    cipher_algo

    The cipher method used for decryption of data.

    Attenzione

    The default value for PHP versions prior to 8.0 is ('RC4') which is considered insecure. It is strongly recommended to explicitly specify a secure cipher method.

    iv

    The initialization vector used for decryption of data. It is required if the cipher method requires IV. This can be found out by calling openssl_cipher_iv_length() with cipher_algo.

    Valori restituiti

    Restituisce true in caso di successo, false in caso di fallimento.

    Log delle modifiche

    Versione Descrizione
    8.0.0 private_key accepts an OpenSSLAsymmetricKey or OpenSSLCertificate instance now; previously, a resource of type OpenSSL key or OpenSSL X.509 CSR was accepted.
    8.0.0 cipher_algo is no longer an optional parameter.

    Esempi

    Example #1 openssl_open() example

    <?php

    // $sealed, $env_key and $iv are assumed to contain the sealed data, our
    // envelope key and IV. All given to us by the sealer.

    // Fetch private key from file located in private_key.pem
    $pkey = openssl_get_privatekey("file://private_key.pem");

    // Decrypt the data and store it in $open
    if (openssl_open($sealed, $open, $env_key, $pkey, 'AES256', $iv)) {
    echo     "Here is the opened data: ", $open;
    } else {
    echo     "Failed to open data";
    }

    ?>

    Vedere anche:

    Found A Problem?

    Learn How To Improve This PageSubmit a Pull RequestReport a Bug
    add a note

    User Contributed Notes 2 notes

    up
    2
    sdc
    14 years ago
    PHP compiled without OpenSSL support? Here's how you can call the openssl command-line utility to achieve the same goal:<?php// $sealed and $env_key are assumed to contain the sealed data// and our envelope key, both given to us by the sealer.// specify private key file and passphrase$pkey_file='key.pem';$pkey_pp='netsvc';// call openssl to decrypt envelope key$ph=proc_open('openssl rsautl -decrypt -inkey '. escapeshellarg($pkey_file).' -passin fd:3',array(  0 => array('pipe','r'), // stdin < envelope key  1 => array('pipe','w'), // stdout > decoded envelope key  2 => STDERR,  3 => array('pipe','r'), // < passphrase ),$pipes);// write envelope keyfwrite($pipes[0],$env_key);fclose($pipes[0]);// write private key passphrasefwrite($pipes[3],$pkey_pp);fclose($pipes[3]);// read decoded key, convert to hexadecimal$env_key='';while(!feof($pipes[1])){  $env_key.=sprintf("%02x",ord(fgetc($pipes[1])));}fclose($pipes[1]);if($xc=proc_close($ph)){  echo "Exit code: $xc\n";}// call openssl to decryp$ph=proc_open('openssl rc4 -d -iv 0 -K '.$env_key,array(  0 => array('pipe','r'), // stdin < sealed data  1 => array('pipe','w'), // stdout > opened data  2 => STDERR, ),$pipes);// write sealed datafwrite($pipes[0],$sealed);fclose($pipes[0]);// read opened data//$open=stream_get_contents($pipes[1]);$open='';while(!feof($pipes[1])){  $open.=fgets($pipes[1]);}fclose($pipes[1]);if($xc=proc_close($ph)){  echo "Exit code: $xc\n";}// display the decrypted dataecho $open;?>
    up
    0
    Gareth Owen
    16 years ago
    Example code, assume mycert.pem is a certificate containing both private and public key.$cert = file_get_contents("mycert.pem");$public = openssl_get_publickey($cert);$private = openssl_get_privatekey($cert);$data = "I'm a lumberjack and I'm okay.";echo "Data before: {$data}\n";openssl_seal($data, $cipher, $e, array($public));echo "Ciphertext: {$cipher}\n";openssl_open($cipher, $open, $e[0], $private);echo "Decrypted: {$open}\n";
    add a note
    To Top