openssl_pkey_new

    (PHP 4 >= 4.2.0, PHP 5, PHP 7, PHP 8)

    openssl_pkey_newYeni bir gizli anahtar üretir

    Açıklama

    openssl_pkey_new(?array $seçenekler = ?): OpenSSLAsymmetricKey|false

    Yeni bir gizli anahtar üretir. Genel anahtarın elde edilişi aşağıdaki örnekte gösterilmiştir.

    Bilginize: Bu işlevin gerektiği gibi çalışması için geçerli bir openssl.cnf kurulu olmalıdır. Daha ayrıntılı bilgi için kurulum bölümüne bakılabilir.

    Bağımsız Değişkenler

    seçenekler

    Anahtar üretimine ince ayar çekmek için (bit sayısını belirtmek gibi) kullanılabilir. Daha ayrıntılı bilgi için openssl_csr_new() işlevine bakınız.

    Dönen Değerler

    İşlem başarısız olursa false yoksa OpenSSLAsymmetricKey örneği döner.

    Sürüm Bilgisi

    Sürüm: Açıklama
    8.0.0 Başarı durumunda işlev artık OpenSSLAsymmetricKey örneği döndürüyor; evvelce OpenSSL key özkaynağı dönerdi.
    7.1.0 EC anahtarlarının üretilebilmesi için curve_name seçeneği eklendi.

    Örnekler

    Örnek 1 - Genel anahtarın gizli anahtardan elde edilmesi

    <?php
    $private_key     = openssl_pkey_new();
    $public_key_pem = openssl_pkey_get_details($private_key)['key'];
    echo     $public_key_pem;
    $public_key = openssl_pkey_get_public($public_key_pem);
    var_dump($public_key);
    ?>

    Yukarıdaki örnek şuna benzer bir çıktı üretir:

    -----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArZFsmN2P6rx1Xt7YV95o
gcdlal0k3ryiIhFNzjwtRNNTXfEfBr6lUuaIJYQ8/XqEBX0hpcfuuF6tTRlonA3t
WLME0QFD93YVsAaXcy76YqjjqcRRodIBphAbYyyMI/lXkQAdn7kbAmr7neSOsMYJ
El9Wo4Hl4oG6e52ZnYHyqW9dxh4hX93eupR2TmcCdVf+r9xoHewP0KJYSHt7vDUX
AQlWYcQiWHIadFsmL0orr6mutlXFReoHbesgKY9/3YLOu0JfxflSjIZ2JeL1NTl1
MsmODsUwgAUrwnWKKx+eQUP5g3GnSB3dPkRh9zRVRiLNWbCugyjrf3e6DgQWrW7j
pwIDAQAB
-----END PUBLIC KEY-----
resource(5) of type (OpenSSL key)

    Found A Problem?

    Learn How To Improve This PageSubmit a Pull RequestReport a Bug
    add a note

    User Contributed Notes 8 notes

    up
    49
    dirt at awoms dot com
    11 years ago
    Working example:

    $config = array(
    "digest_alg" => "sha512",
    "private_key_bits" => 4096,
    "private_key_type" => OPENSSL_KEYTYPE_RSA,
    );

    // Create the private and public key
    $res = openssl_pkey_new($config);

    // Extract the private key from $res to $privKey
    openssl_pkey_export($res, $privKey);

    // Extract the public key from $res to $pubKey
    $pubKey = openssl_pkey_get_details($res);
    $pubKey = $pubKey["key"];

    $data = 'plaintext data goes here';

    // Encrypt the data to $encrypted using the public key
    openssl_public_encrypt($data, $encrypted, $pubKey);

    // Decrypt the data using the private key and store the results in $decrypted
    openssl_private_decrypt($encrypted, $decrypted, $privKey);

    echo $decrypted;
    up
    18
    gomez dot alejandre at gmail dot com
    6 years ago
    Not forget the $configArgs for windows users :D, or the method throws a error with the primary key

    //write your configurations :D
    $configargs = array(
    "config" => "C:/xampp/php/extras/openssl/openssl.cnf",
    'private_key_bits'=> 2048,
    'default_md' => "sha256",
    );

    // Create the keypair
    $res=openssl_pkey_new($configargs);
    // Get private key
    openssl_pkey_export($res, $privKey,NULL,$configargs);

    and it's for all methods ._ .

    a full implementation example here.

    https://gist.github.com/DuckHunter213/269a0efd17e709f7f1f177ae7da46ad1

    this error take me 3 full days you'r welcome :)
    up
    12
    scott at brynen dot com
    9 years ago
    If you try and generate a new key using openssl_pkey_new(), and need to specify the size of the key, the key MUST be type-bound to integer

    // works
    $keysize = 1024;
    $ssl = openssl_pkey_new (array('private_key_bits' => $keysize));

    // fails
    $keysize = "1024";
    $ssl = openssl_pkey_new (array('private_key_bits' => $keysize));

    // works (force to int)
    $keysize = "1024";
    $ssl = openssl_pkey_new (array('private_key_bits' => (int)$keysize));
    up
    3
    Andrew
    3 years ago
    It's not documented here but you can also create ECC keys from existing key parameters (e.g. from JWK):

    <?php
    $key     = openssl_pkey_new([
    'ec' => [
    'curve_name' => 'prime256v1',
    'x' => $someXValue,
    'y' => $someYValue,
    'd' => $someDValue
    ]
    ]);
    ?>

    You can just provide x/y if it's a public key, or you can just provide d if it's a private key.
    up
    5
    Brad
    16 years ago
    It's easier than all that, if you just want the keys:

    <?php
    // Create the keypair
    $res=openssl_pkey_new();

    // Get private key
    openssl_pkey_export($res, $privkey);

    // Get public key
    $pubkey=openssl_pkey_get_details($res);
    $pubkey=$pubkey["key"];
    ?>
    up
    1
    Eno_CN at qq dot com
    23 hours ago
    Some examples for generating EC keypair

    EC - generate keypair with curve_name

    <?php
    /*
    * Custom parameters x, y, and d are not supported with SM2 in OpenSSL 3.x.
    * Directly creating EVP_PKEY_CTX using EVP_PKEY_CTX_new_from_name(NULL, "SM2", NULL)
    * will result in generating incorrect private keys (which cannot be correctly recognized
    * by existing external applications based on the SM2 algorithm).
    */
    $curve_name = 'SM2';
    $pkey = openssl_pkey_new(array(
    'ec'=> array(
    'curve_name' => $curve_name,
    )
    ));

    $details = openssl_pkey_get_details($pkey);
    var_dump($details);
    $pubkey = $details['key'];
    openssl_pkey_export($pkey, $prikey);
    echo     'Private Key:', PHP_EOL, $prikey, PHP_EOL;
    echo     'Public Key:', PHP_EOL, $pubkey, PHP_EOL;
    ?>

    EC - generate keypair with custom params (OSCCA WAPIP192v1 Elliptic curve)

    <?php
    $d     = hex2bin('8D0AC65AAEA0D6B96254C65817D4A143A9E7A03876F1A37D'); // private key binary
    $x = hex2bin('98E07AAD50C31F9189EBE6B8B5C70E5DEE59D7A8BC344CC6'); // public key x binary
    $y = hex2bin('6109D3D96E52D0867B9D05D72D07BE5876A3D973E0E96792'); // public key y binary

    $p = hex2bin('BDB6F4FE3E8B1D9E0DA8C0D46F4C318CEFE4AFE3B6B8551F');
    $a = hex2bin('BB8E5E8FBC115E139FE6A814FE48AAA6F0ADA1AA5DF91985');
    $b = hex2bin('1854BEBDC31B21B7AEFC80AB0ECD10D5B1B3308E6DBF11C1');
    $g_x = hex2bin('4AD5F7048DE709AD51236DE65E4D4B482C836DC6E4106640');
    $g_y = hex2bin('02BB3A02D4AAADACAE24817A4CA3A1B014B5270432DB27D2');
    $order = hex2bin('BDB6F4FE3E8B1D9E0DA8C0D40FC962195DFAE76F56564677');

    $pkey = openssl_pkey_new(array(
    'ec'=> array(
    'p' => $p,
    'a' => $a,
    'b' => $b,
    'order' => $order,
    'g_x' => $g_x,
    'g_y' => $g_y,
    //'d' => $d, // import the private key to generate keypairs
    )
    ));

    $details = openssl_pkey_get_details($pkey);
    var_dump($details);
    $pubkey = $details['key'];
    openssl_pkey_export($pkey, $prikey);
    echo     'Private Key:', PHP_EOL, $prikey, PHP_EOL;
    echo     'Public Key:', PHP_EOL, $pubkey, PHP_EOL;
    ?>

    EC - generate keypair with custom params (SM2 curve)

    <?php
    $p     = hex2bin('FFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00000000FFFFFFFFFFFFFFFF');
    $a = hex2bin('FFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00000000FFFFFFFFFFFFFFFC');
    $b = hex2bin('28E9FA9E9D9F5E344D5A9E4BCF6509A7F39789F515AB8F92DDBCBD414D940E93');
    $g_x = hex2bin('32C4AE2C1F1981195F9904466A39C9948FE30BBFF2660BE1715A4589334C74C7');
    $g_y = hex2bin('BC3736A2F4F6779C59BDCEE36B692153D0A9877CC62A474002DF32E52139F0A0');
    $order = hex2bin('FFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFF7203DF6B21C6052B53BBF40939D54123');

    /*
    * Custom parameters x, y, and d are not supported with SM2 in OpenSSL 3.x.
    * Directly creating EVP_PKEY_CTX using EVP_PKEY_CTX_new_from_name(NULL, "SM2", NULL)
    * will result in generating incorrect private keys (which cannot be correctly recognized
    * by existing external applications based on the SM2 algorithm).
    */
    $pkey = openssl_pkey_new(array(
    'ec'=> array(
    'p' => $p,
    'a' => $a,
    'b' => $b,
    'order' => $order,
    'g_x' => $g_x,
    'g_y' => $g_y,
    )
    ));

    /*
    * It is not entirely the same as generating keys through the SM2 curve naming method.
    * So the generated key will be in PKCS8 format to store algorithm information.
    */
    $details = openssl_pkey_get_details($pkey);
    var_dump($details);
    $pubkey = $details['key'];
    openssl_pkey_export($pkey, $prikey);
    echo     'Private Key:', PHP_EOL, $prikey, PHP_EOL;
    echo     'Public Key:', PHP_EOL, $pubkey, PHP_EOL;
    ?>
    up
    0
    Jan
    6 years ago
    In case this function returns false, then check your openssl.cnf and make sure that in the [req] section of this file the entry default_bits is not commented out.
    up
    -1
    dodginess at yahoo dot com
    7 years ago
    If you're using openssl_pkey_new() in conjunction with openssl_csr_new() and want to change the CSR digest algorithm as well as specify a custom key size, the configuration override should be defined once and sent to both functions:

    <?php
    $config     = array(
    'digest_alg' => 'sha1',
    'private_key_bits' => 2048,
    'private_key_type' => OPENSSL_KEYTYPE_RSA,
    );

    $privkey = openssl_pkey_new($config);

    $csr = openssl_csr_new($dn, $privkey, $config);
    ?>

    Although openssl_pkey_new() will accept the 'digest_alg' argument it won't use it, and setting the value has no effect unless you also set this value for openssl_csr_new(). The reason for this is that the $config array is acting as a drop-in replacement for the values found in the openssl.cnf file, so it must contain all of the override values that you need even if the function they're being sent to won't use them.

    Also, if you change the 'digest_alg' to something like 'sha256' and still get an MD5 signed CSR check your openssl.cnf file to see whether the digest algorithm you want to use is actually supported.
    add a note
    To Top