Dutch PHP Conference 2025 - Call For Papers

    openssl_sign

    (PHP 4 >= 4.0.4, PHP 5, PHP 7, PHP 8)

    openssl_signGenerate signature

    Опис

    openssl_sign(
        string $data,
        string &$signature,
        #[\SensitiveParameter] OpenSSLAsymmetricKey|OpenSSLCertificate|array|string $private_key,
        string|int $algorithm = OPENSSL_ALGO_SHA1
    ): bool

    openssl_sign() computes a signature for the specified data by generating a cryptographic digital signature using the private key associated with private_key. Note that the data itself is not encrypted.

    Параметри

    data

    The string of data you wish to sign

    signature

    If the call was successful the signature is returned in signature.

    private_key

    OpenSSLAsymmetricKey - a key, returned by openssl_get_privatekey()

    string - a PEM formatted key

    algorithm

    int - one of these Signature Algorithms.

    string - a valid string returned by openssl_get_md_methods() example, "sha256WithRSAEncryption" or "sha384".

    Значення, що повертаються

    Повертає true у разі успіху або false в разі помилки.

    Журнал змін

    Версія Опис
    8.0.0 private_key accepts an OpenSSLAsymmetricKey or OpenSSLCertificate instance now; previously, a resource of type OpenSSL key or OpenSSL X.509 was accepted.

    Приклади

    Приклад #1 openssl_sign() example

    <?php
    // $data is assumed to contain the data to be signed

    // fetch private key from file and ready it
    $pkeyid = openssl_pkey_get_private("file://src/openssl-0.9.6/demos/sign/key.pem");

    // compute signature
    openssl_sign($data, $signature, $pkeyid);

    // free the key from memory
    openssl_free_key($pkeyid);
    ?>

    Приклад #2 openssl_sign() example

    <?php
    //data you want to sign
    $data = 'my data';

    //create new private and public key
    $new_key_pair = openssl_pkey_new(array(
    "private_key_bits" => 2048,
    "private_key_type" => OPENSSL_KEYTYPE_RSA,
    ));
    openssl_pkey_export($new_key_pair, $private_key_pem);

    $details = openssl_pkey_get_details($new_key_pair);
    $public_key_pem = $details['key'];

    //create signature
    openssl_sign($data, $signature, $private_key_pem, OPENSSL_ALGO_SHA256);

    //save for later
    file_put_contents('private_key.pem', $private_key_pem);
    file_put_contents('public_key.pem', $public_key_pem);
    file_put_contents('signature.dat', $signature);

    //verify signature
    $r = openssl_verify($data, $signature, $public_key_pem, "sha256WithRSAEncryption");
    var_dump($r);
    ?>

    Прогляньте також

    Improve This Page

    Learn How To Improve This PageSubmit a Pull RequestReport a Bug
    add a note

    User Contributed Notes 2 notes

    up
    11
    edmarw at yahoo dot com
    17 years ago
    This may help if you just want a real-simple private/public key pair:

    <?php

    $data     = "Beeeeer is really good.. hic...";

    // You can get a simple private/public key pair using:
    // openssl genrsa 512 >private_key.txt
    // openssl rsa -pubout <private_key.txt >public_key.txt

    // IMPORTANT: The key pair below is provided for testing only.
    // For security reasons you must get a new key pair
    // for production use, obviously.

    $private_key = <<<EOD
    -----BEGIN RSA PRIVATE KEY-----
    MIIBOgIBAAJBANDiE2+Xi/WnO+s120NiiJhNyIButVu6zxqlVzz0wy2j4kQVUC4Z
    RZD80IY+4wIiX2YxKBZKGnd2TtPkcJ/ljkUCAwEAAQJAL151ZeMKHEU2c1qdRKS9
    sTxCcc2pVwoAGVzRccNX16tfmCf8FjxuM3WmLdsPxYoHrwb1LFNxiNk1MXrxjH3R
    6QIhAPB7edmcjH4bhMaJBztcbNE1VRCEi/bisAwiPPMq9/2nAiEA3lyc5+f6DEIJ
    h1y6BWkdVULDSM+jpi1XiV/DevxuijMCIQCAEPGqHsF+4v7Jj+3HAgh9PU6otj2n
    Y79nJtCYmvhoHwIgNDePaS4inApN7omp7WdXyhPZhBmulnGDYvEoGJN66d0CIHra
    I2SvDkQ5CmrzkW5qPaE2oO7BSqAhRZxiYpZFb5CI
    -----END RSA PRIVATE KEY-----
    EOD;
    $public_key = <<<EOD
    -----BEGIN PUBLIC KEY-----
    MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDiE2+Xi/WnO+s120NiiJhNyIButVu6
    zxqlVzz0wy2j4kQVUC4ZRZD80IY+4wIiX2YxKBZKGnd2TtPkcJ/ljkUCAwEAAQ==
    -----END PUBLIC KEY-----
    EOD;

    $binary_signature = "";

    // At least with PHP 5.2.2 / OpenSSL 0.9.8b (Fedora 7)
    // there seems to be no need to call openssl_get_privatekey or similar.
    // Just pass the key as defined above
    openssl_sign($data, $binary_signature, $private_key, OPENSSL_ALGO_SHA1);

    // Check signature
    $ok = openssl_verify($data, $binary_signature, $public_key, OPENSSL_ALGO_SHA1);
    echo     "check #1: ";
    if (    $ok == 1) {
    echo     "signature ok (as it should be)\n";
    } elseif (    $ok == 0) {
    echo     "bad (there's something wrong)\n";
    } else {
    echo     "ugly, error checking signature\n";
    }

    $ok = openssl_verify('tampered'.$data, $binary_signature, $public_key, OPENSSL_ALGO_SHA1);
    echo     "check #2: ";
    if (    $ok == 1) {
    echo     "ERROR: Data has been tampered, but signature is still valid! Argh!\n";
    } elseif (    $ok == 0) {
    echo     "bad signature (as it should be, since data has beent tampered)\n";
    } else {
    echo     "ugly, error checking signature\n";
    }

    ?>
    up
    4
    tim at remitone dot com
    1 year ago
    It should be noted that the default signature algorithm used by openssl_sign() and openssl_verify (OPENSSL_ALGO_SHA1) is no longer supported by default in OpenSSL Version 3 series.

    With an up to date OpenSSL library, one has to run
    "update-crypto-policies --set LEGACY"
    on the server where the library resides in order to allow these functions to work without the optional alternative algorithm argument.
    add a note
    To Top