Download file
Line 2 : Line 3 : /* Line 4 : Class: OpenSSL Line 5 : Line 6 : Description: Line 7 : A wrapper class for a simple subset of the PHP OpenSSL functions: Line 8 : Line 9 : This code originates from site: Line 10 : http://www.karenandalex.com/php_stuff/classes/Openssl.php Line 11 : and is based from many contributors to the PHP.net manual Line 12 : Line 13 : Mobilefish.com has made several changes. Line 14 : Line 15 : This code is free for any use including commercial, but you use it at your own risk. Line 16 : No warranty is given or implied as to its fitness for any purpose. Line 17 : Line 18 : */ Line 19 : Line 20 : DEFINE("OPEN_SSL_CONF_PATH", $_SERVER["DOCUMENT_ROOT"]."/Tools/OpenSSL/bin/openssl.cnf"); // Point to your config file Line 21 : DEFINE("OPEN_SSL_CERT_DAYS_VALID", 365); // Number of days how long the certificate is valid Line 22 : DEFINE("FILE_LOCATION", $_SERVER["DOCUMENT_ROOT"]."/customer/tmp/openssl/"); // Location where to store the pem files. Line 23 : DEFINE("HTML_LOCATION", "http://".$_SERVER["SERVER_NAME"]."/customer/tmp/openssl/"); // Location where to store the pem files. Line 24 : DEFINE("DEBUG", 1); // Show debug messages Line 25 : Line 26 : class OpenSSL{ Line 27 : Line 28 : var $certificate_resource_file; //the certificate in a file Line 29 : var $csr_resource_file; //the csr in a file Line 30 : var $privatekey_resource_file; //the private key in a file Line 31 : Line 32 : var $certificate_resource; //the generated certificate Line 33 : var $csr_resource; //the certificate signing request Line 34 : var $privatekey_resource; //the private key Line 35 : Line 36 : var $certificate; //the certificate Line 37 : var $crypttext; //the encrypted (= secure) text Line 38 : var $csr; //the csr Line 39 : var $dn; //the DN Line 40 : var $plaintext; //the decrypted (= unsecure) text Line 41 : var $ppkeypair; //the private and public key pair Line 42 : var $signature; //the signature Line 43 : Line 44 : var $config; //openssl config settings Line 45 : var $ekey; //ekey aka envelope key is set by encryption, required by decryption Line 46 : //randomly generated secret key and encrypted by public key Line 47 : var $privkeypass; //password for private key Line 48 : var $random_filename; //randomly generated filename Line 49 : Line 50 : function OpenSSL($isFile=0){ Line 51 : $this->clear_debug_buffer(); Line 52 : if($isFile) { Line 53 : $this->config = array("config" => OPEN_SSL_CONF_PATH); Line 54 : } else { Line 55 : // Configuration overrides. Line 56 : $this->config = array( Line 57 : "digest_alg" => "md5", Line 58 : "x509_extensions" => "v3_ca", Line 59 : "req_extensions" => "usr_cert", Line 60 : "private_key_bits" => 1024, Line 61 : "private_key_type" => OPENSSL_KEYTYPE_RSA, Line 62 : "encrypt_key" => true Line 63 : ); Line 64 : } Line 65 : $this->debug("openssl"); Line 66 : } Line 67 : Line 68 : function check_certificate_purpose($purpose) { Line 69 : //$this->clear_debug_buffer(); Line 70 : $ok = openssl_x509_checkpurpose( $this->certificate_resource, $purpose); Line 71 : //$this->debug("check_certificate_purpose"); Line 72 : return $ok; Line 73 : } Line 74 : Line 75 : function check_privatekey_match_certificate() { Line 76 : $this->clear_debug_buffer(); Line 77 : $ok = openssl_x509_check_private_key ( $this->certificate_resource, $this->privatekey_resource ); Line 78 : $this->debug("check_privatekey_match_certificate"); Line 79 : return $ok; Line 80 : } Line 81 : Line 82 : function check_signature($plain=""){ Line 83 : $this->clear_debug_buffer(); Line 84 : if ($plain) $this->plaintext=$plain; Line 85 : $ok = openssl_verify($this->plaintext, $this->signature, $this->certificate_resource); Line 86 : $this->debug("check_signature"); Line 87 : return $ok; Line 88 : } Line 89 : Line 90 : function clear_debug_buffer() { Line 91 : if(DEBUG) { Line 92 : while ($e = openssl_error_string()); Line 93 : } Line 94 : } Line 95 : Line 96 : // Create a certificate signing request (CSR) Line 97 : function create_csr() { Line 98 : //$this->clear_debug_buffer(); Line 99 : $this->csr = openssl_csr_new($this->dn, $this->ppkeypair, $this->config); Line 100 : //$this->debug("create_csr"); Line 101 : } Line 102 : Line 103 : // Create a new private and public key pair Line 104 : function create_key_pair() { Line 105 : //$this->clear_debug_buffer(); Line 106 : $this->ppkeypair = openssl_pkey_new($this->config); Line 107 : //$this->debug("create_key_pair"); Line 108 : } Line 109 : Line 110 : // Create self-signed signed certificate. The certificate is valid for N days Line 111 : function create_self_signed_certificate($days=OPEN_SSL_CERT_DAYS_VALID) { Line 112 : //$this->clear_debug_buffer(); Line 113 : $this->certificate = openssl_csr_sign($this->csr, null, $this->ppkeypair, $days, $this->config); Line 114 : //$this->debug("create_self_signed_certificate"); Line 115 : } Line 116 : Line 117 : function create_signature($plain=""){ Line 118 : $this->clear_debug_buffer(); Line 119 : if ($plain) $this->plaintext=$plain; Line 120 : openssl_sign($this->plaintext, $this->signature, $this->privatekey_resource); Line 121 : $this->debug("create_signature"); Line 122 : } Line 123 : Line 124 : function debug($location) { Line 125 : if(DEBUG) { Line 126 : // Show any errors that occurred here Line 127 : while (($e = openssl_error_string()) !== false) { Line 128 : echo $location . " -- ". $e . "<br />"; Line 129 : } Line 130 : } Line 131 : } Line 132 : Line 133 : // Decrypt text for only 1 recipient Line 134 : function decrypt($crypt="", $ekey=""){ Line 135 : $this->clear_debug_buffer(); Line 136 : if ($crypt)$this->crypttext=$crypt; Line 137 : if ($ekey)$this->ekey=$ekey; Line 138 : openssl_open($this->crypttext, $this->plaintext, $this->ekey, $this->privatekey_resource); Line 139 : $this->debug("decrypt"); Line 140 : } Line 141 : Line 142 : // Decrypt text using private key Line 143 : function decrypt_private($crypt=""){ Line 144 : $this->clear_debug_buffer(); Line 145 : if ($crypt)$this->crypttext=$crypt; Line 146 : openssl_private_decrypt ($this->crypttext, $this->plaintext, $this->privatekey_resource); Line 147 : $this->debug("decrypt_private"); Line 148 : } Line 149 : Line 150 : // Decrypt text using public key Line 151 : function decrypt_public($crypt=""){ Line 152 : $this->clear_debug_buffer(); Line 153 : if ($crypt)$this->crypttext=$crypt; Line 154 : openssl_public_decrypt ($this->crypttext, $this->plaintext, $this->certificate_resource); Line 155 : $this->debug("decrypt_public"); Line 156 : } Line 157 : Line 158 : function display_certificate_information($shortnames){ Line 159 : $this->clear_debug_buffer(); Line 160 : $arr = openssl_x509_parse ( $this->certificate_resource, $shortnames); Line 161 : $this->debug("display_certificate_information"); Line 162 : return $arr; Line 163 : } Line 164 : Line 165 : // Encrypt text for only 1 recipient Line 166 : function encrypt($plain=""){ Line 167 : $this->clear_debug_buffer(); Line 168 : if ($plain) $this->plaintext=$plain; Line 169 : openssl_seal($this->plaintext, $this->crypttext, $ekey, array($this->certificate_resource)); Line 170 : $this->ekey=$ekey[0]; Line 171 : $this->debug("encrypt"); Line 172 : } Line 173 : Line 174 : // Encrypt text using public key Line 175 : // The function openssl_public_encrypt is not intended for general encryption and decryption. Line 176 : // For that, you want openssl_seal() and openssl_open() Line 177 : // The maximum limit on the size of the string to be encrypted is 117 characters. Line 178 : function encrypt_public($plain=""){ Line 179 : $this->clear_debug_buffer(); Line 180 : if ($plain) $this->plaintext=$plain; Line 181 : openssl_public_encrypt ($this->plaintext, $this->crypttext, $this->certificate_resource); Line 182 : $this->debug("encrypt_public"); Line 183 : } Line 184 : Line 185 : // Encrypt text using private key Line 186 : // The function openssl_private_encrypt is not intended for general encryption and decryption. Line 187 : // For that, you want openssl_seal() and openssl_open() Line 188 : // The maximum limit on the size of the string to be encrypted is 117 characters. Line 189 : function encrypt_private($plain=""){ Line 190 : $this->clear_debug_buffer(); Line 191 : if ($plain) $this->plaintext=$plain; Line 192 : openssl_private_encrypt ($this->plaintext, $this->crypttext, $this->privatekey_resource); Line 193 : $this->debug("encrypt_private"); Line 194 : } Line 195 : Line 196 : // Export the certificate as a file (PEM encoded format) Line 197 : function export_certificate_to_file(){ Line 198 : $this->clear_debug_buffer(); Line 199 : // Create empty certificate file; Line 200 : $this->set_certificate_file(); Line 201 : openssl_x509_export_to_file($this->certificate, FILE_LOCATION.$this->certificate_resource_file); Line 202 : $this->debug("export_certificate_to_file"); Line 203 : } Line 204 : Line 205 : // Export the certificate as a string (PEM encoded format) Line 206 : function export_certificate_to_string(){ Line 207 : $this->clear_debug_buffer(); Line 208 : openssl_x509_export($this->certificate, $this->certificate_resource); Line 209 : $this->debug("export_certificate_to_string"); Line 210 : } Line 211 : Line 212 : // Export the CSR as a file Line 213 : function export_csr_to_file(){ Line 214 : $this->clear_debug_buffer(); Line 215 : // Create empty csr file; Line 216 : $this->set_csr_file(); Line 217 : openssl_csr_export_to_file($this->csr, FILE_LOCATION.$this->csr_resource_file); Line 218 : $this->debug("export_csr_to_file"); Line 219 : } Line 220 : Line 221 : // Export the CSR as a string Line 222 : function export_csr_to_string(){ Line 223 : $this->clear_debug_buffer(); Line 224 : openssl_csr_export($this->csr, $this->csr_resource); Line 225 : $this->debug("export_csr_to_string"); Line 226 : } Line 227 : Line 228 : // Export the private key certificate as a file (PEM encoded format) Line 229 : function export_privatekey_to_file(){ Line 230 : //$this->clear_debug_buffer(); Line 231 : // Create empty private key file; Line 232 : $this->set_privatekey_file(); Line 233 : openssl_pkey_export_to_file($this->ppkeypair, FILE_LOCATION.$this->privatekey_resource_file); Line 234 : //$this->debug("export_privatekey_to_file"); Line 235 : } Line 236 : Line 237 : // Export the private key certificate as a string (PEM encoded format) Line 238 : function export_privatekey_to_string(){ Line 239 : //$this->clear_debug_buffer(); Line 240 : openssl_pkey_export($this->ppkeypair, $this->privatekey_resource); Line 241 : //$this->debug("export_privatekey_to_string"); Line 242 : } Line 243 : Line 244 : // Create random characters Line 245 : function generateRandomString($size) { Line 246 : srand( ( (double) microtime() ) * 1000000 ); Line 247 : $string = ''; Line 248 : $signs = 'abcdefghijklmnopqrstuvwxyz'; Line 249 : $signs .= 'ABCDEFGHIJKLMNOPQRSTUWXYZ'; Line 250 : $signs .= '01234567890123456789'; Line 251 : for( $i = 0; $i < $size; $i++ ){ Line 252 : $string .= $signs{ rand( 0, ( strlen( $signs ) - 1 ) ) }; Line 253 : } Line 254 : $this->random_filename = $string; Line 255 : } Line 256 : Line 257 : function get_certificate(){ Line 258 : return $this->certificate_resource; Line 259 : } Line 260 : Line 261 : function get_certificate_file(){ Line 262 : return $this->certificate_resource_file; Line 263 : } Line 264 : Line 265 : function get_crypt(){ Line 266 : return $this->crypttext; Line 267 : } Line 268 : Line 269 : function get_csr(){ Line 270 : return $this->csr_resource; Line 271 : } Line 272 : Line 273 : function get_csr_file(){ Line 274 : return $this->csr_resource_file; Line 275 : } Line 276 : Line 277 : function get_ekey(){ Line 278 : return $this->ekey; Line 279 : } Line 280 : Line 281 : function get_plain(){ Line 282 : return $this->plaintext; Line 283 : } Line 284 : Line 285 : function get_privatekey(){ Line 286 : return $this->privatekey_resource; Line 287 : } Line 288 : Line 289 : function get_privatekey_file(){ Line 290 : return $this->privatekey_resource_file; Line 291 : } Line 292 : Line 293 : function get_privkeypass(){ Line 294 : return $this->privkeypass; Line 295 : } Line 296 : Line 297 : function get_signature(){ Line 298 : return $this->signature; Line 299 : } Line 300 : Line 301 : function load_certificate($cert) { Line 302 : $this->clear_debug_buffer(); Line 303 : if(DEBUG) echo "Certificate loaded from =" .$cert . "<br />"; Line 304 : if($this->certificate_resource = openssl_x509_read ($cert)){ Line 305 : if(DEBUG) echo "Certificate loaded<br /><br />"; Line 306 : } else { Line 307 : if(DEBUG) echo "Certificate not loaded <br /><br />"; Line 308 : } Line 309 : $this->debug("load_certificate"); Line 310 : } Line 311 : Line 312 : function load_privatekey($arr) { Line 313 : $this->clear_debug_buffer(); Line 314 : if(DEBUG) echo "Source loaded from =" .$arr[0] . "<br />"; Line 315 : if($this->privatekey_resource = openssl_pkey_get_private($arr)){ Line 316 : if(DEBUG) echo "Private key loaded<br /><br />"; Line 317 : } else { Line 318 : if(DEBUG) echo "Private key not loaded <br /><br />"; Line 319 : } Line 320 : $this->debug("load_privatekey"); Line 321 : } Line 322 : Line 323 : function readf($path){ Line 324 : //return file contents Line 325 : $fp=fopen($path,"r"); Line 326 : $ret=fread($fp,8192); Line 327 : fclose($fp); Line 328 : return $ret; Line 329 : } Line 330 : Line 331 : function set_certificate($cert){ Line 332 : $this->certificate_resource=$cert; Line 333 : } Line 334 : Line 335 : // Certificate stored in file Line 336 : function set_certificate_file(){ Line 337 : $this->certificate_resource_file="certificate_".$this->random_filename.".pem"; Line 338 : } Line 339 : Line 340 : function set_crypttext($txt){ Line 341 : $this->crypttext=$txt; Line 342 : } Line 343 : Line 344 : // CSR stored in file Line 345 : function set_csr_file(){ Line 346 : $this->csr_resource_file="csr_".$this->random_filename.".pem"; Line 347 : } Line 348 : Line 349 : function set_dn($countryName = "NL", Line 350 : $stateOrProvinceName = "Noord-Holland", Line 351 : $localityName = "Zaandam", Line 352 : $organizationName = "Mobilefish.com", Line 353 : $organizationalUnitName = "Certification Services", Line 354 : $commonName = "Mobilefish.com CA", Line 355 : $emailAddress = "[email protected]"){ Line 356 : Line 357 : $this->dn=Array( Line 358 : "countryName" => $countryName, Line 359 : "stateOrProvinceName" => $stateOrProvinceName, Line 360 : "localityName" => $localityName, Line 361 : "organizationName" => $organizationName, Line 362 : "organizationalUnitName" => $organizationalUnitName, Line 363 : "commonName" => $commonName, Line 364 : "emailAddress" => $emailAddress ); Line 365 : } Line 366 : Line 367 : function set_ekey($ekey){ Line 368 : $this->ekey=$ekey; Line 369 : } Line 370 : Line 371 : function set_plain($txt){ Line 372 : $this->plaintext=$txt; Line 373 : } Line 374 : Line 375 : // Privatekey can be text or file path Line 376 : function set_privatekey($privatekey, $isFile=0, $key_password=""){ Line 377 : $this->clear_debug_buffer(); Line 378 : if ($key_password) $this->privkeypass=$key_password; Line 379 : if ($isFile)$privatekey=$this->readf($privatekey); Line 380 : $this->privatekey_resource=openssl_get_privatekey($privatekey, $this->privkeypass); Line 381 : $this->debug("set_privatekey"); Line 382 : } Line 383 : Line 384 : // Privatekey stored in file Line 385 : function set_privatekey_file(){ Line 386 : $this->privatekey_resource_file="privatekey_".$this->random_filename.".pem"; Line 387 : } Line 388 : Line 389 : // Set password for private key Line 390 : function set_privkeypass($pass){ Line 391 : $this->privkeypass=$pass; Line 392 : } Line 393 : Line 394 : function set_signature($signature){ Line 395 : $this->signature=$signature; Line 396 : } Line 397 : } Line 398 : Line 399 : //=============== START USING THE CLASS ========= Line 400 : Line 401 : //=============== Initial setup ================== Line 402 : echo "<h2><u>1. Initial setup</u></h2>\n"; Line 403 : $ossl = new OpenSSL(); Line 404 : Line 405 : // Set password Line 406 : $pass="zPUp9mCzIrM7xQOEnPJZiDkBwPBV9UlITY0Xd3v4bfIwzJ12yPQCAkcR5BsePGVw Line 407 : RK6GS5RwXSLrJu9Qj8+fk0wPj6IPY5HvA9Dgwh+dptPlXppeBm3JZJ+92l0DqR2M Line 408 : ccL43V3Z4JN9OXRAfGWXyrBJNmwURkq7a2EyFElBBWK03OLYVMevQyRJcMKY0ai+ Line 409 : tmnFUSkH2zwnkXQfPUxg9aV7TmGQv/3TkK1SziyDyNm7GwtyIlfcigCCRz3uc77U Line 410 : Izcez5wgmkpNElg/D7/VCd9E+grTfPYNmuTVccGOes+n8ISJJdW0vYX1xwWv5l Line 411 : bK22CwD/l7SMBOz4M9XH0Jb0OhNxLza4XMDu0ANMIpnkn1KOcmQ4gB8fmAbBt"; Line 412 : Line 413 : $ossl->set_privkeypass($pass); Line 414 : $ossl->generateRandomString(5); Line 415 : Line 416 : $ossl->create_key_pair(); Line 417 : Line 418 : $ossl->set_dn(); Line 419 : $ossl->create_csr(); Line 420 : $ossl->export_csr_to_string(); Line 421 : echo "The Certificate Signing Request (CSR):<br />\n"; Line 422 : echo "<textarea rows='15' cols='65'>".HTMLENTITIES($ossl->get_csr())."</textarea><br />\n"; Line 423 : $ossl->export_csr_to_file(); Line 424 : echo "Certificate Signing Request as a file: <a href='".HTML_LOCATION.$ossl->get_csr_file()."' >".$ossl->get_csr_file()."</a><br /><br />\n"; Line 425 : Line 426 : $ossl->create_self_signed_certificate(); Line 427 : $ossl->export_certificate_to_string(); Line 428 : echo "The Certificate:<br />\n"; Line 429 : echo "<textarea rows='20' cols='65'>".HTMLENTITIES($ossl->get_certificate())."</textarea><br />\n"; Line 430 : $ossl->export_certificate_to_file(); Line 431 : echo "Certificate as a file: <a href='".HTML_LOCATION.$ossl->get_certificate_file()."' >".$ossl->get_certificate_file()."</a><br /><br />\n"; Line 432 : Line 433 : $ossl->export_privatekey_to_string(); Line 434 : echo "The Private Key:<br />\n"; Line 435 : echo "<textarea rows='15' cols='65'>".HTMLENTITIES($ossl->get_privatekey())."</textarea><br />\n"; Line 436 : $ossl->export_privatekey_to_file(); Line 437 : echo "Private Key as a file: <a href='".HTML_LOCATION.$ossl->get_privatekey_file()."' >".$ossl->get_privatekey_file()."</a><br /><br />\n"; Line 438 : Line 439 : Line 440 : // Store the private key and certificate in a variable. No need to create them each time. Line 441 : $privatekey=$ossl->get_privatekey(); Line 442 : $privatekey_file=$ossl->get_privatekey_file(); Line 443 : $certificate=$ossl->get_certificate(); Line 444 : $certificate_file=$ossl->get_certificate_file(); Line 445 : Line 446 : //=============== Method A ================== Line 447 : echo "<h2><u>2. Encrypt and Decrypt text (Method A)</u></h2>\n"; Line 448 : echo "The following function is used:<br />\n"; Line 449 : echo "openssl_seal() <br />\n"; Line 450 : echo "The function openssl_seal is intended for general encryption and decryption.<br />\n"; Line 451 : echo "There is no limit on the size of the string to be encrypted.\n"; Line 452 : Line 453 : Line 454 : echo "<h3><u>2.1. Encrypt text</u></h3>\n"; Line 455 : // Wipe clean and start again Line 456 : unset($ossl); Line 457 : $ossl = new OpenSSL(); Line 458 : // Get the certificate Line 459 : $ossl->set_certificate($certificate); Line 460 : Line 461 : $testtext="It is the policy of the United States to deter, defeat and respond vigorously to all terrorist attacks on our territory and against our citizens, or facilities, whether they occur domestically, in international waters or airspace or on foreign territory. The United States regards all such terrorism as a potential threat to national security as well as a criminal act and will apply all appropriate means to combat it. In doing so, the U.S. shall pursue vigorously efforts to deter and preempt, apprehend and prosecute, or assist other governments to prosecute, individuals who perpetrate or plan to perpetrate such attacks.\n"; Line 462 : Line 463 : echo "The following text will be encrypted:<br />\n"; Line 464 : echo "<textarea rows='10' cols='65'>".htmlentities($testtext)."</textarea><br /><br />\n"; Line 465 : Line 466 : // Encrypt the text Line 467 : $ossl->encrypt($testtext); Line 468 : // Get the encrypted text Line 469 : $crypt=$ossl->get_crypt(); Line 470 : echo "The encrypted text looks like:<br />\n"; Line 471 : echo "<textarea rows='10' cols='65'>".htmlentities($crypt)."</textarea><br /><br />\n"; Line 472 : echo "The envelope key, returned during encryption, looks like:<br />\n"; Line 473 : // Get the envelope key also needed to decrypt the encrypted text Line 474 : Line 475 : Line 476 : $ekey=$ossl->get_ekey(); Line 477 : echo "<textarea rows='5' cols='65'>".htmlentities($ekey)."</textarea><br /><br />\n"; Line 478 : Line 479 : echo "<h3><u>2.2. Decrypt text</u></h3>\n"; Line 480 : // Wipe clean and start again Line 481 : unset($ossl); Line 482 : $ossl = new OpenSSL(); Line 483 : // Get the private key Line 484 : $ossl->set_privatekey($privatekey, false, $pass); Line 485 : $ossl->decrypt($crypt, $ekey); Line 486 : echo "The decrypted text looks like:<br />\n"; Line 487 : echo "<textarea rows='10' cols='65'>".htmlentities($ossl->get_plain())."</textarea><br /><br />\n"; Line 488 : Line 489 : Line 490 : //=============== Method B ================== Line 491 : echo "<h2><u>3. Encrypt and Decrypt text (Method B)</u></h2>\n"; Line 492 : echo "The following functions are used:<br />\n"; Line 493 : echo "openssl_public_encrypt() <br />\n"; Line 494 : echo "openssl_private_decrypt() <br />\n"; Line 495 : echo "Both functions are not intended for general encryption and decryption.<br />\n"; Line 496 : echo "For that, you must use openssl_seal() and openssl_open().<br />\n"; Line 497 : echo "A maximum limit on the size of the string to be encrypted is 117 characters.\n"; Line 498 : Line 499 : echo "<h3><u>3.1. Encrypt text</u></h3>\n"; Line 500 : // Wipe clean and start again Line 501 : unset($ossl); Line 502 : $ossl = new OpenSSL(); Line 503 : // Get the certificate Line 504 : $ossl->set_certificate($certificate); Line 505 : Line 506 : $testtext="123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567"; Line 507 : Line 508 : echo "The following text will be encrypted:<br />\n"; Line 509 : echo "<textarea rows='5' cols='65'>".htmlentities($testtext)."</textarea><br /><br />\n"; Line 510 : Line 511 : // Encrypt the text Line 512 : $ossl->encrypt_public($testtext); Line 513 : Line 514 : // Get the encrypted text Line 515 : $crypt=$ossl->get_crypt(); Line 516 : echo "The encrypted text looks like:<br />\n"; Line 517 : echo "<textarea rows='5' cols='65'>".htmlentities($crypt)."</textarea><br /><br />\n"; Line 518 : Line 519 : echo "<h3><u>3.2. Decrypt text</u></h3>\n"; Line 520 : // Wipe clean and start again Line 521 : unset($ossl); Line 522 : $ossl = new OpenSSL(); Line 523 : // Get just the certificate Line 524 : $ossl->set_privatekey($privatekey); Line 525 : $ossl->decrypt_private($crypt); Line 526 : echo "The decrypted text looks like:<br />\n"; Line 527 : echo "<textarea rows='5' cols='65'>".htmlentities($ossl->get_plain())."</textarea><br /><br />\n"; Line 528 : Line 529 : //=============== Method C ================== Line 530 : echo "<h2><u>4. Encrypt and Decrypt text (Method C)</u></h2>\n"; Line 531 : echo "The following functions are used:<br />\n"; Line 532 : echo "openssl_private_encrypt() <br />\n"; Line 533 : echo "openssl_public_decrypt() <br />\n"; Line 534 : echo "Both functions are not intended for general encryption and decryption.<br />\n"; Line 535 : echo "For that, you must use openssl_seal() and openssl_open().<br />\n"; Line 536 : echo "A maximum limit on the size of the string to be encrypted is 117 characters.\n"; Line 537 : Line 538 : echo "<h3><u>4.1. Encrypt text</u></h3>\n"; Line 539 : // Wipe clean and start again Line 540 : unset($ossl); Line 541 : $ossl = new OpenSSL(); Line 542 : // Get the private key Line 543 : $ossl->set_privatekey($privatekey); Line 544 : Line 545 : $testtext="123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567"; Line 546 : Line 547 : echo "The following text will be encrypted:<br />\n"; Line 548 : echo "<textarea rows='5' cols='65'>".htmlentities($testtext)."</textarea><br /><br />\n"; Line 549 : Line 550 : // Encrypt the text Line 551 : $ossl->encrypt_private($testtext); Line 552 : Line 553 : // Get the encrypted text Line 554 : $crypt=$ossl->get_crypt(); Line 555 : echo "The encrypted text looks like:<br />\n"; Line 556 : echo "<textarea rows='5' cols='65'>".htmlentities($crypt)."</textarea><br /><br />\n"; Line 557 : Line 558 : echo "<h3><u>4.2. Decrypt text</u></h3>\n"; Line 559 : // Wipe clean and start again Line 560 : unset($ossl); Line 561 : $ossl = new OpenSSL(); Line 562 : // Get the certificate Line 563 : $ossl->set_certificate($certificate); Line 564 : $ossl->decrypt_public($crypt); Line 565 : echo "The decrypted text looks like:<br />\n"; Line 566 : echo "<textarea rows='5' cols='65'>".htmlentities($ossl->get_plain())."</textarea><br /><br />\n"; Line 567 : Line 568 : //=============== Signature ================== Line 569 : Line 570 : echo "<h2><u>5. Signature</u></h2>\n"; Line 571 : Line 572 : echo "<h3><u>5.1. Create signature</u></h3>\n"; Line 573 : // Wipe clean and start again Line 574 : unset($ossl); Line 575 : $ossl = new OpenSSL(); Line 576 : // Get the private key Line 577 : $ossl->set_privatekey($privatekey); Line 578 : Line 579 : $testtext="Hello World"; Line 580 : Line 581 : echo "The following text will be signed:<br />\n"; Line 582 : echo "<textarea rows='5' cols='65'>".htmlentities($testtext)."</textarea><br /><br />\n"; Line 583 : Line 584 : // Create signature Line 585 : $ossl->create_signature($testtext); Line 586 : Line 587 : // Get the signature Line 588 : $signature=$ossl->get_signature(); Line 589 : echo "The signature looks like:<br />\n"; Line 590 : echo "<textarea rows='5' cols='65'>".htmlentities($signature)."</textarea><br /><br />\n"; Line 591 : Line 592 : Line 593 : echo "<h3><u>5.2. Verify signature</u></h3>\n"; Line 594 : // Wipe clean and start again Line 595 : unset($ossl); Line 596 : $ossl = new OpenSSL(); Line 597 : // Get the certificate Line 598 : $ossl->set_certificate($certificate); Line 599 : Line 600 : $testtext="Hello World"; Line 601 : Line 602 : // Set signatute to be checked Line 603 : $ossl->set_signature($signature); Line 604 : Line 605 : // Check signature Line 606 : $ok = $ossl->check_signature($testtext); Line 607 : Line 608 : // State whether signature is okay or not Line 609 : if ($ok == 1) { Line 610 : echo "Signature is good."; Line 611 : } elseif ($ok == 0) { Line 612 : echo "Signature is bad."; Line 613 : } else { Line 614 : echo "There seems to be an error checking the signature."; Line 615 : } Line 616 : Line 617 : //=============== Miscellaneous ================== Line 618 : Line 619 : echo "<h2><u>6. Miscellaneous</u></h2>\n"; Line 620 : unset($ossl); Line 621 : $ossl = new OpenSSL(); Line 622 : // Get the private key Line 623 : $ossl->set_privatekey($privatekey); Line 624 : $ossl->set_certificate($certificate); Line 625 : Line 626 : echo "<h3><u>6.1. Check if private key match the certificate</u></h3>\n"; Line 627 : $ok = $ossl->check_privatekey_match_certificate(); Line 628 : Line 629 : // State whether signature is okay or not Line 630 : if ($ok == 1) { Line 631 : echo "Private key does match the certificate."; Line 632 : } elseif ($ok == 0) { Line 633 : echo "Private key does not match the certificate."; Line 634 : } else { Line 635 : echo "There seems to be an error when matching the private key and the certificate."; Line 636 : } Line 637 : Line 638 : echo "<h3><u>6.2. Check if a certificate can be used for a particular purpose</u></h3>\n"; Line 639 : Line 640 : $purpose = array(); Line 641 : $purpose[0]=X509_PURPOSE_SSL_CLIENT; //Can the certificate be used for the client side of an SSL connection? Line 642 : $purpose[1]=X509_PURPOSE_SSL_SERVER; //Can the certificate be used for the server side of an SSL connection? Line 643 : $purpose[2]=X509_PURPOSE_NS_SSL_SERVER; //Can the cert be used for Netscape SSL server? Line 644 : $purpose[3]=X509_PURPOSE_SMIME_SIGN; //Can the cert be used to sign S/MIME email? Line 645 : $purpose[4]=X509_PURPOSE_SMIME_ENCRYPT; //Can the cert be used to encrypt S/MIME email? Line 646 : $purpose[5]=X509_PURPOSE_CRL_SIGN; //Can the cert be used to sign a certificate revocation list (CRL)? Line 647 : $purpose[6]=X509_PURPOSE_ANY; //Can the cert be used for Any/All purposes? Line 648 : Line 649 : for($i=0;$i<sizeof($purpose);$i++) { Line 650 : $ok = $ossl->check_certificate_purpose($i); Line 651 : Line 652 : if ($ok == 1) { Line 653 : echo "Certificate can be used for purpose: ".$i."<br />\n"; Line 654 : } elseif ($ok == 0) { Line 655 : echo "Certificate can not be used for purpose: ".$i."<br />\n"; Line 656 : } else { Line 657 : echo "There seems to be an error when checking the certificate purpose.<br />\n"; Line 658 : } Line 659 : } Line 660 : Line 661 : echo "<h3><u>6.3. Display certficate information</u></h3>\n"; Line 662 : Line 663 : $array = $ossl->display_certificate_information(false); Line 664 : Line 665 : foreach ($array as $key => $value) { Line 666 : echo "<b>[".$key ."]</b><br />"; Line 667 : if(is_array($array[$key])){ Line 668 : foreach ($array[$key] as $key2 => $value2) { Line 669 : echo "<i>[".$key2 ."]</i><br />"; Line 670 : if(is_array($array[$key][$key2])){ Line 671 : foreach ($array[$key][$key2] as $key3 => $value3) { Line 672 : echo $key3 ." - ".$value3. "<br />"; Line 673 : } Line 674 : } else { Line 675 : echo $value2 ."<br />"; Line 676 : } Line 677 : } Line 678 : } else { Line 679 : echo $value ."<br />"; Line 680 : } Line 681 : } Line 682 : Line 683 : echo "<h3><u>6.4. Loading a private key</u></h3>\n"; Line 684 : echo "Load private key:<br />\n"; Line 685 : // You must add prefix "file://" Line 686 : $private_data = array("file://".FILE_LOCATION.$privatekey_file, $pass); Line 687 : $ossl->load_privatekey($private_data); Line 688 : Line 689 : echo "<h3><u>6.5. Loading a certificate</u></h3>\n"; Line 690 : echo "Load certificate:<br />\n"; Line 691 : $ossl->load_certificate("file://".FILE_LOCATION.$certificate_file); Line 692 : Line 693 : Line 694 : ?> |