PHP OpenSSL Functions

EditRocket provides the following information on OpenSSL functions in the PHP source code builder.

bool openssl_csr_export ( resource $csr , string &$out [, bool $notext ] ) - openssl_csr_export() takes the Certificate Signing Request represented by csr and stores it as ascii-armoured text into out, which is passed by reference.

bool openssl_csr_export_to_file ( resource $csr , string $outfilename [, bool $notext ] ) - openssl_csr_export_to_file() takes the Certificate Signing Request represented by csr and saves it as ascii-armoured text into the file named by outfilename.

resource openssl_csr_get_public_key ( mixed $csr [, bool $use_shortnames ] ) -

array openssl_csr_get_subject ( mixed $csr [, bool $use_shortnames ] ) -

mixed openssl_csr_new ( array $dn , resource &$privkey [, array $configargs [, array $extraattribs ]] ) - openssl_csr_new() generates a new CSR (Certificate Signing Request) based on the information provided by dn, which represents the Distinguished Name to be used in the certificate.

resource openssl_csr_sign ( mixed $csr , mixed $cacert , mixed $priv_key , int $days [, array $configargs [, int $serial ]] ) - openssl_csr_sign() generates an x509 certificate resource from the given CSR.

string openssl_error_string ( void ) - openssl_error_string() returns the last error from the openSSL library. Error messages are stacked, so this function should be called multiple times to collect all of the information.

void openssl_free_key ( resource $key_identifier ) - openssl_free_key() frees the key associated with the specified key_identifier from memory.



bool openssl_open ( string $sealed_data , string &$open_data , string $env_key , mixed $priv_key_id ) - openssl_open() opens (decrypts) sealed_data using the private key associated with the key identifier priv_key_id and the envelope key env_key, and fills open_data with the decrypted data. The envelope key is generated when the data are sealed and can only be used by one specific private key.

bool openssl_pkcs12_export ( mixed $x509 , string &$out , mixed $priv_key , string $pass [, array $args ] ) - openssl_pkcs12_export() stores x509 into a string named by out in a PKCS#12 file format.

bool openssl_pkcs12_export_to_file ( mixed $x509 , string $filename , mixed $priv_key , string $pass [, array $args ] ) - openssl_pkcs12_export_to_file() stores x509 into a file named by filename in a PKCS#12 file format.

bool openssl_pkcs12_read ( mixed $PKCS12 , array &$certs , string $pass ) - openssl_pkcs12_read() parses the PKCS#12 certificate store supplied by PKCS12 into a array named certs.

bool openssl_pkcs7_decrypt ( string $infilename , string $outfilename , mixed $recipcert [, mixed $recipkey ] ) - Decrypts the S/MIME encrypted message contained in the file specified by infilename using the certificate and its associated private key specified by recipcert and recipkey.

bool openssl_pkcs7_encrypt ( string $infile , string $outfile , mixed $recipcerts , array $headers [, int $flags [, int $cipherid ]] ) - openssl_pkcs7_encrypt() takes the contents of the file named infile and encrypts them using an RC2 40-bit cipher so that they can only be read by the intended recipients specified by recipcerts.

bool openssl_pkcs7_sign ( string $infilename , string $outfilename , mixed $signcert , mixed $privkey , array $headers [, int $flags [, string $extracerts ]] ) - openssl_pkcs7_sign() takes the contents of the file named infilename and signs them using the certificate and its matching private key specified by signcert and privkey parameters.

mixed openssl_pkcs7_verify ( string $filename , int $flags [, string $outfilename [, array $cainfo [, string $extracerts [, string $content ]]]] ) - openssl_pkcs7_verify() reads the S/MIME message contained in the given file and examines the digital signature.

bool openssl_pkey_export ( mixed $key , string &$out [, string $passphrase [, array $configargs ]] ) - openssl_pkey_export() exports key as a PEM encoded string and stores it into out (which is passed by reference).

bool openssl_pkey_export_to_file ( mixed $key , string $outfilename [, string $passphrase [, array $configargs ]] ) - openssl_pkey_export_to_file() saves an ascii-armoured (PEM encoded) rendition of key into the file named by outfilename.

void openssl_pkey_free ( resource $key ) -

array openssl_pkey_get_details ( resource $key ) - This function returns the key details (bits, key, type).

resource openssl_pkey_get_private ( mixed $key [, string $passphrase ] ) -

resource openssl_pkey_get_public ( mixed $certificate ) -

resource openssl_pkey_new ([ array $configargs ] ) - openssl_pkey_new() generates a new private and public key pair.

bool openssl_private_decrypt ( string $data , string &$decrypted , mixed $key [, int $padding ] ) -

bool openssl_private_encrypt ( string $data , string &$crypted , mixed $key [, int $padding ] ) - openssl_private_encrypt() encrypts data with private key and stores the result into crypted.

bool openssl_public_decrypt ( string $data , string &$decrypted , mixed $key [, int $padding ] ) -

bool openssl_public_encrypt ( string $data , string &$crypted , mixed $key [, int $padding ] ) - openssl_public_encrypt() encrypts data with public key and stores the result into crypted.

int openssl_seal ( string $data , string &$sealed_data , array &$env_keys , array $pub_key_ids ) - openssl_seal() seals (encrypts) data by using RC4 with a randomly generated secret key. The key is encrypted with each of the public keys associated with the identifiers in pub_key_ids and each encrypted key is returned in env_keys. This means that one can send sealed data to multiple recipients (provided one has obtained their public keys). Each recipient must receive both the sealed data and the envelope key that was encrypted with the recipient's public key.

bool openssl_sign ( string $data , string &$signature , mixed $priv_key_id [, int $signature_alg ] ) - openssl_sign() computes a signature for the specified data by using SHA1 for hashing followed by encryption using the private key associated with priv_key_id. Note that the data itself is not encrypted.

int openssl_verify ( string $data , string $signature , mixed $pub_key_id [, int $signature_alg ] ) - openssl_verify() verifies that the signature is correct for the specified data using the public key associated with pub_key_id. This must be the public key corresponding to the private key used for signing.

bool openssl_x509_check_private_key ( mixed $cert , mixed $key ) - Checks whether the given key is the private key that corresponds to cert.

int openssl_x509_checkpurpose ( mixed $x509cert , int $purpose [, array $cainfo [, string $untrustedfile ]] ) - openssl_x509_checkpurpose() examines a certificate to see if it can be used for the specified purpose.

bool openssl_x509_export ( mixed $x509 , string &$output [, bool $notext ] ) - openssl_x509_export() stores x509 into a string named by output in a PEM encoded format.

bool openssl_x509_export_to_file ( mixed $x509 , string $outfilename [, bool $notext ] ) - openssl_x509_export_to_file() stores x509 into a file named by outfilename in a PEM encoded format.

void openssl_x509_free ( resource $x509cert ) - openssl_x509_free() frees the certificate associated with the specified x509cert resource from memory.

array openssl_x509_parse ( mixed $x509cert [, bool $shortnames ] ) - openssl_x509_parse() returns information about the supplied x509cert, including fields such as subject name, issuer name, purposes, valid from and valid to dates etc.

resource openssl_x509_read ( mixed $x509certdata ) - openssl_x509_read() parses the certificate supplied by x509certdata and returns a resource identifier for it.