Getting an OpenSSL public key in PEM form, from a private key or a certificate.

From: Robin H. Johnson (robbat2_at_gmail.com)
Date: 07/30/04

Next message: Paul C-T: "Random Number Question"
Previous message: Google Mike: "Application Object Replacement"
Next in thread: User1001: "Re: Getting an OpenSSL public key in PEM form, from a private key or a certificate."
Reply: User1001: "Re: Getting an OpenSSL public key in PEM form, from a private key or a certificate."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date: 29 Jul 2004 19:27:04 -0700

Hi,

I'm working on a project making large use of OpenSSL to individually
encrypt items inside a database, but I've hit a stumbling block.

There appears to be absolutely no native PHP way (eg without a shell
call to openssl) to get the PEM encoded form of a public key, given
the private key and applicable passphrase.

The closest that can be gotten is a resource key, via:
$tmp = ... // PEM encoded certificate
$pubkey = openssl_pkey_get_public($tmp);
>From this point however, there is still no way to get PHP to give me
the public key in a PEM encoding, for storage in the database. I've
tried all of the export functions, with various warnings returned from
them.

Getting to the above point from scratch requires generating a
certificate request from the private key, and then a self-signed
certificate from that CSR. While this is doable, leaving out the
self-signed certificate step would produce a large increase in
performance as well.

The openssl command I wish to emulate is:
openssl rsa -pubout <privkey.pem

Surely there must be a way to achieve this simple action?

Next message: Paul C-T: "Random Number Question"
Previous message: Google Mike: "Application Object Replacement"
Next in thread: User1001: "Re: Getting an OpenSSL public key in PEM form, from a private key or a certificate."
Reply: User1001: "Re: Getting an OpenSSL public key in PEM form, from a private key or a certificate."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Relevant Pages

Re: Getting an OpenSSL public key in PEM form, from a private key or a certificate.
... > I'm working on a project making large use of OpenSSL to individually ... > encrypt items inside a database, but I've hit a stumbling block. ... > certificate request from the private key, ...
(comp.lang.php)
E2k7 Zertifikate (CSR mit openSSL signieren)
... Auf diesem habe ich eine RootCA und eine ServerCA etabliert. ... Mit New-ExchangeCertificate erzeuge ich jetzt ein Zertifikatsrequest (CSR) und stelle diesen der openSSL Server CA zum signieren bereit. ... certificate = $dir/ServerCA.cert.pem ...
(microsoft.public.de.exchange)
Re: guidance on SSL certs and Apache2
... including the fact that the setup is neither automated nor documented ... > it has Kleopatra for certificate management. ... openssl req -new -key server.key -out newreq.pem ... /etc/init.d/apache2 restart ...
(Debian-User)
Re: Pine and CA certificates
... Pine is installed in a shared file system; it would have been nice for the CA certificate that signed the IMAP server's certificate to have been there too. ... So, instead of reconfiguring OpenSSL once and being done with it, you instead want to reconfigure every application program that uses OpenSSL? ... You don't want the SSLKEYS directory to be the same as the CA certificate directory, since only a file protection stands between that key and a hacker who could do bad things with it. ... Most people just use the OpenSSL standard CA certificate directory, or they rebuild OpenSSL so that its standard CA certificate directory is what they want it to be. ...
(comp.mail.pine)
2K3 Cert Svcs gives invalid policy error on OpenSSL gend cert req
... OpenSSL-based UNIX SSL client and server and a Windows Server 2003 ... Standard Edition with Certificate Services for the CA. ... The OpenSSL generated ones look like, ... X509v3 Extended Key Usage: ...
(microsoft.public.windows.server.security)