PHP

 
 
PHP (= Hypertext Preprocessor) is an HTML-embedded server-side scripting language.

PHP is distributed at no charge for commercial or non-commercial use. For more information read the LICENSE information.

More information about PHP can be found at: http://www.php.net

PHP manuals can be found at:
http://www.php.net/manual/en/
http://devzone.zend.com/manual/

The latest PHP version can be downloaded from: http://www.php.net/downloads.php

rss feed






PHP 5 OpenSSL support



Information
none

Operating system used
Windows XP Home Edition Version 5.1 SP 2

Software prerequisites
PHP 5


Procedure
  1. Copy files:

    • C:\tools\php-5.2.8-Win32\libeay32.dll
    • C:\tools\php-5.2.8-Win32\ssleay32.dll

    to c:\WINDOWS\system32.

  2. Set System environment variable OPENSSL_CONF. This variable points to the openssl.cnf file which can be found in the C:\tools\php-5.2.8-Win32\extras\openssl directory or it can point to another existing openssl.cnf file.

    System environment variable

    e.g.: OPENSSL_CONF=C:\tools\php-5.2.8-Win32\extras\openssl\openssl.cnf

    Note:
    Download the C:\tools\php-5.2.8-Win32\extras\openssl\openssl.cnf file.

  3. Edit file c:\WINDOWS\php.ini. Change the following line:

    ;extension=php_openssl.dll

    into

    extension=php_openssl.dll

  4. Restart Apache.



  5. To check the OpenSSL installation, create a file phpinfo.php with the following line:

    <?php phpinfo(); ?>

    Save this file into your Apache htdocs directory and type: http://localhost/phpinfo.php

    You should see something like this:

    Screenshot A:
    PHP OpenSSL version

    Screenshot B:
    PHP OpenSSL version

  6. A code example how to use the PHP OpenSSL functions (Tested in PHP5.2.8 + Apache 2.2.11):

    openssl_demo2.php

    When you run this code you will see the following:

    1. Initial setup

    The Certificate Signing Request (CSR):

    Certificate Signing Request as a file: csr_18G1E.pem

    The Certificate:

    Certificate as a file: certificate_18G1E.pem

    The Private Key:

    Private Key as a file: privatekey_18G1E.pem

    2. Encrypt and Decrypt text (Method A)

    The following function is used:
    openssl_seal()
    The function openssl_seal is intended for general encryption and decryption.
    There is no limit on the size of the string to be encrypted.
    2.1. Encrypt text
    The following text will be encrypted:


    The encrypted text looks like:


    The envelope key, returned during encryption, looks like:


    2.2. Decrypt text
    The decrypted text looks like:


    3. Encrypt and Decrypt text (Method B)

    The following functions are used:
    openssl_public_encrypt()
    openssl_private_decrypt()
    Both functions are not intended for general encryption and decryption.
    For that, you must use openssl_seal() and openssl_open().
    A maximum limit on the size of the string to be encrypted is 117 characters.
    3.1. Encrypt text
    The following text will be encrypted:


    The encrypted text looks like:


    3.2. Decrypt text
    The decrypted text looks like:


    4. Encrypt and Decrypt text (Method C)

    The following functions are used:
    openssl_private_encrypt()
    openssl_public_decrypt()
    Both functions are not intended for general encryption and decryption.
    For that, you must use openssl_seal() and openssl_open().
    A maximum limit on the size of the string to be encrypted is 117 characters.
    4.1. Encrypt text
    The following text will be encrypted:


    The encrypted text looks like:


    4.2. Decrypt text
    The decrypted text looks like:


    5. Signature

    5.1. Create signature
    The following text will be signed:


    The signature looks like:


    5.2. Verify signature
    Signature is good.

    6. Miscellaneous

    6.1. Check if private key match the certificate
    Private key does match the certificate.
    6.2. Check if a certificate can be used for a particular purpose
    Certificate can not be used for purpose: 0
    Certificate can not be used for purpose: 1
    Certificate can not be used for purpose: 2
    Certificate can not be used for purpose: 3
    Certificate can not be used for purpose: 4
    Certificate can not be used for purpose: 5
    Certificate can not be used for purpose: 6
    6.3. Display certificate information
    [name]
    /C=NL/ST=Noord-Holland/L=Zaandam/O=Mobilefish.com/OU=Certification Services/CN=Mobilefish.com CA/emailAddress=
    [subject]
    [countryName]
    NL
    [stateOrProvinceName]
    Noord-Holland
    [localityName]
    Zaandam
    [organizationName]
    Mobilefish.com
    [organizationalUnitName]
    Certification Services
    [commonName]
    Mobilefish.com CA
    [emailAddress]

    [hash]
    2ee7b5d7
    [issuer]
    [countryName]
    NL
    [stateOrProvinceName]
    Noord-Holland
    [localityName]
    Zaandam
    [organizationName]
    Mobilefish.com
    [organizationalUnitName]
    Certification Services
    [commonName]
    Mobilefish.com CA
    [emailAddress]

    [version]
    2
    [serialNumber]
    0
    [validFrom]
    070607173553Z
    [validTo]
    080606173553Z
    [validFrom_time_t]
    1181237753
    [validTo_time_t]
    1212773753
    [purposes]
    [1]
    0 - 1
    1 -
    2 - SSL client
    [2]
    0 - 1
    1 -
    2 - SSL server
    [3]
    0 - 1
    1 -
    2 - Netscape SSL server
    [4]
    0 - 1
    1 -
    2 - S/MIME signing
    [5]
    0 - 1
    1 -
    2 - S/MIME encryption
    [6]
    0 - 1
    1 -
    2 - CRL signing
    [7]
    0 - 1
    1 - 1
    2 - Any Purpose
    [8]
    0 - 1
    1 -
    2 - OCSP helper
    6.4. Loading a private key
    Load private key:
    Source loaded from =file://C:/mobilefish_web/customer/tmp/openssl/privatekey_18G1E.pem
    Private key loaded

    6.5. Loading a certificate
    Load certificate:
    Certificate loaded from =file://C:/mobilefish_web/customer/tmp/openssl/certificate_18G1E.pem
    Certificate loaded



    Note 1: See line 502
    This code has been tested on PHP5.2.8 + Apache 2.2.11.
    This code only works when OPEN_SSL_CONF_PATH is used.
    If you change line 502 into: new OpenSSL(1), OPEN_SSL_CONF_PATH is used.

    Note 2: See line 20.
    Point to your openssl.cnf file (absolute path).

    Note 3: See line 22 - 23
    Specify the location where the created .pem files should be stored. make this directory writable.

  7. Another code example how to use the PHP OpenSSL functions to encrypt and decrypt a message using the cerificate and private key file (Tested in PHP5.2.8 + Apache 2.2.11):

    openssl_demo3.php