PHP

 
 
PHP (= Hypertext Preprocessor) is an HTML-embedded server-side scripting language.

PHP is distributed at no charge for commercial or non-commercial use. For more information read the LICENSE information.

More information about PHP can be found at: http://www.php.net

PHP manuals can be found at:
http://www.php.net/manual/en/
http://devzone.zend.com/manual/

The latest PHP version can be downloaded from: http://www.php.net/downloads.php

rss feed






PHP 4 OpenSSL support



Information
none

Operating system used
Windows XP Home Edition Version 5.1 SP 2

Software prerequisites
PHP 4


Procedure
  1. Copy files:

    • C:\Tools\php-4.3.7-Win32\dlls\libeay32.dll
    • C:\Tools\php-4.3.7-Win32\dlls\ssleay32.dll

    to c:\WINDOWS\system32.


  2. Note:
    This step is not required. The location of the openssl.cnf can be specified in your php file.

    Set environment variable OPENSSL_CONF. This variable points to the openssl.cnf file which can be found in the C:\Tools\php-4.3.7-Win32\openssl directory or it can point to another existing openssl.cnf file.

    Icon for the openssl.cnf file.

    e.g.: OPENSSL_CONF=C:\Tools\OpenSSL\bin\openssl.cnf

  3. Edit file c:\WINDOWS\php.ini. Change the following line:

    ;extension=php_openssl.dll

    into

    extension=php_openssl.dll

  4. Restart Apache.



  5. To check the OpenSSL installation, create a file phpinfo.php with the following line:

    <?php phpinfo(); ?>

    Save this file into your Apache htdocs directory and type: http://localhost/phpinfo.php

    You should see something like this:

    Screenshot A:
    PHP OpenSSL version

    Screenshot B:
    PHP OpenSSL version

    Screenshot C:
    PHP OpenSSL version

    Screenshot D:
    OpenSSL conf


  6. Note:
    This step is not required. Just to inform you.

    Screenshot A displays "OpenSSL 0.9.7c 30 Sep 2003" which is caused by C:\Tools\php\extensions\php_openssl.dll.

    If you only replace c:\WINDOWS\system32\libeay32.dll with another version, see tutorial Installing Apache 2 and SSL on Windows XP, you will notice that screenshot A remains the same, but screenshot B en C will have another version displayed.

  7. A code example how to use the PHP OpenSSL functions:

    openssl_demo.php

    When you run this code you will see the following:

    1. Initial setup

    The Certificate Signing Request (CSR):

    Certificate Signing Request as a file: csr_18G1E.pem

    The Certificate:

    Certificate as a file: certificate_18G1E.pem

    The Private Key:

    Private Key as a file: privatekey_18G1E.pem

    2. Encrypt and Decrypt text (Method A)

    The following function is used:
    openssl_seal()
    The function openssl_seal is intended for general encryption and decryption.
    There is no limit on the size of the string to be encrypted.
    2.1. Encrypt text
    The following text will be encrypted:


    The encrypted text looks like:


    The envelope key, returned during encryption, looks like:


    2.2. Decrypt text
    The decrypted text looks like:


    3. Encrypt and Decrypt text (Method B)

    The following functions are used:
    openssl_public_encrypt()
    openssl_private_decrypt()
    Both functions are not intended for general encryption and decryption.
    For that, you must use openssl_seal() and openssl_open().
    A maximum limit on the size of the string to be encrypted is 117 characters.
    3.1. Encrypt text
    The following text will be encrypted:


    The encrypted text looks like:


    3.2. Decrypt text
    The decrypted text looks like:


    4. Encrypt and Decrypt text (Method C)

    The following functions are used:
    openssl_private_encrypt()
    openssl_public_decrypt()
    Both functions are not intended for general encryption and decryption.
    For that, you must use openssl_seal() and openssl_open().
    A maximum limit on the size of the string to be encrypted is 117 characters.
    4.1. Encrypt text
    The following text will be encrypted:


    The encrypted text looks like:


    4.2. Decrypt text
    The decrypted text looks like:


    5. Signature

    5.1. Create signature
    The following text will be signed:


    The signature looks like:


    5.2. Verify signature
    Signature is good.

    6. Miscellaneous

    6.1. Check if private key match the certificate
    Private key does match the certificate.
    6.2. Check if a certificate can be used for a particular purpose
    Certificate can not be used for purpose: 0
    Certificate can not be used for purpose: 1
    Certificate can not be used for purpose: 2
    Certificate can not be used for purpose: 3
    Certificate can not be used for purpose: 4
    Certificate can not be used for purpose: 5
    Certificate can not be used for purpose: 6
    6.3. Display certificate information
    [name]
    /C=NL/ST=Noord-Holland/L=Zaandam/O=Mobilefish.com/OU=Certification Services/CN=Mobilefish.com CA/emailAddress=
    [subject]
    [countryName]
    NL
    [stateOrProvinceName]
    Noord-Holland
    [localityName]
    Zaandam
    [organizationName]
    Mobilefish.com
    [organizationalUnitName]
    Certification Services
    [commonName]
    Mobilefish.com CA
    [emailAddress]

    [hash]
    2ee7b5d7
    [issuer]
    [countryName]
    NL
    [stateOrProvinceName]
    Noord-Holland
    [localityName]
    Zaandam
    [organizationName]
    Mobilefish.com
    [organizationalUnitName]
    Certification Services
    [commonName]
    Mobilefish.com CA
    [emailAddress]

    [version]
    2
    [serialNumber]
    0
    [validFrom]
    070607173553Z
    [validTo]
    080606173553Z
    [validFrom_time_t]
    1181237753
    [validTo_time_t]
    1212773753
    [purposes]
    [1]
    0 - 1
    1 -
    2 - SSL client
    [2]
    0 - 1
    1 -
    2 - SSL server
    [3]
    0 - 1
    1 -
    2 - Netscape SSL server
    [4]
    0 - 1
    1 -
    2 - S/MIME signing
    [5]
    0 - 1
    1 -
    2 - S/MIME encryption
    [6]
    0 - 1
    1 -
    2 - CRL signing
    [7]
    0 - 1
    1 - 1
    2 - Any Purpose
    [8]
    0 - 1
    1 -
    2 - OCSP helper
    6.4. Loading a private key
    Load private key:
    Source loaded from =file://C:/mobilefish_web/customer/tmp/openssl/privatekey_18G1E.pem
    Private key loaded

    6.5. Loading a certificate
    Load certificate:
    Certificate loaded from =file://C:/mobilefish_web/customer/tmp/openssl/certificate_18G1E.pem
    Certificate loaded



    Note 1: See line 502
    In this situation OPEN_SSL_CONF_PATH is not used.
    If you change it to new OpenSSL(1), OPEN_SSL_CONF_PATH is used.

    Note 2: See line 57 - 62
    Configuration overrides:

    configargs key type openssl.conf equivalent description
    digest_alg string default_md Selects which digest method to use. Possible values include md5, sha1 and mdc2.
    encrypt_key boolean encrypt_key Should an exported key (with passphrase) be encrypted?
    private_key_bits integer default_bits Specifies how many bits should be used to generate a private key. Default value: 512
    Usually set at: 1024 or 2048
    private_key_type integer none Specifies the type of private key to create. This can be one of
    • OPENSSL_KEYTYPE_DSA
    • OPENSSL_KEYTYPE_DH
    • OPENSSL_KEYTYPE_RSA
    The default value is OPENSSL_KEYTYPE_RSA which is currently the only supported key type.
    req_extensions string req_extensions Selects which extensions should be used when creating a CSR.
    x509_extensions string x509_extensions Selects which extensions should be used when creating an x509 certificate.


    Note 3: See line 22 - 23
    Specify the location where the created .pem files should be stored. make this directory writable.