0

I have a problem with this function

$priv_key = openssl_pkey_get_private(file_get_contents("server.pem"));

$keyData = openssl_pkey_get_details($priv_key);

$keyData['key'] = str_replace('-----BEGIN PRIVATE KEY-----', '', $keyData['key']);
$keyData['key']= trim(str_replace('-----END PRIVATE KEY-----','',$keyData['key']));

echo $keyData['key'];

It should return the private key but it gives me this error

Warning: openssl_pkey_get_details() expects parameter 1 to be resource, boolean given in C:\Users\User\Desktop\xampp\htdocs\chiaveP.php on line 14

How can I solve the problem?

jww
  • 97,681
  • 90
  • 411
  • 885
Aki
  • 21
  • 3
  • 7
  • 1
    If you were to `echo file_get_contents("server.pem");` does it show what you would expect? – Professor Abronsius Dec 05 '15 at 15:58
  • It should show the entire file contents server.pem then take the private key .. but it does not work – Aki Dec 05 '15 at 16:43
  • server.pem It is in the same folder as the php file and with error_reporting return the same error Warning: openssl_pkey_get_details() expects parameter 1 to be resource, boolean given in C:\Users\User\Desktop\xampp\htdocs\chiaveP.php on line 14 – Aki Dec 05 '15 at 17:12
  • [openssl_pkey_get_details() expects parameter 1 to be resource, boolean given](http://stackoverflow.com/q/16287500), [openssl_pkey_export and "cannot get key from parameter 1"](http://stackoverflow.com/q/17272809), [openssl_free_key expects parameter 1 to be resource](http://stackoverflow.com/q/17726342), ... – jww Dec 06 '15 at 22:44

2 Answers2

1

I'm not sure from your comment whether trying to echo the contents of the server.pem file failed or if you meant the whole script. Hopefully the code below will help identify where the issue(s) is/are!

<?php

    $debug=true;
    $cert='/full/path/to/server.pem';/* this should be outside the document root */
    $keytype='PRIVATE KEY';/* this is here because in testing I have an `RSA PRIVATE KEY` */


    if( realpath( $cert ) ){
        /* The file exists at the path given: read the contents */

        $priv_key = openssl_pkey_get_private( file_get_contents( realpath( $cert ) ) );

        if( $priv_key ) {

            $keyData = openssl_pkey_get_details( $priv_key );

            $keyData['key'] = str_replace( '-----BEGIN '.$keytype.'-----', '', $keyData['key'] );
            $keyData['key'] = trim( str_replace( '-----END '.$keytype.'-----','',$keyData['key'] ) );   

            echo $keyData['key'];   
        } else {
            echo $debug ? 'failed to read private key' : 'error #1';
        }
    } else {
        echo $debug ? 'unable to find ' . $cert : 'error #2';   
    }

?>

As a possible alternative, as you say that the .pem file is in the same directory as the php script, perhaps try:

$data=file_get_contents(realpath(__DIR__.DIRECTORY_SEPARATOR.'server.pem'));
echo $debug ? $data : '';
$priv_key = openssl_pkey_get_private( $data );

/*
    I tried using the path ( `c:/wwwroot/certificates/server.pem` ) as the parameter to the
    `openssl_pkey_get_private` rather than actually reading the contents into a string 
    but that failed. The method above however worked for me when the cert was in the same dir.
*/
Professor Abronsius
  • 33,063
  • 5
  • 32
  • 46
  • at this point it is that the private key file is not good ? I 've created with the command genrsa -des3 -out server.pem 1024 openssl on the terminal – Aki Dec 05 '15 at 17:42
  • It took me quite a while to get the various aspects correct when trying to generate certificates - and I'm not 100% sure they are perfect yet. One of the tricky bits I found was getting the config file (`openssl.cnf`) setup correctly and locatable by the php scripts ( on windows by setting the correct environment variable and path ) and accessible to apache – Professor Abronsius Dec 05 '15 at 17:46
  • It returns the private key and print in Browser... thank you very much... thank youuuuuu – Aki Dec 05 '15 at 17:54
0

You must be getting an error on openssl_pkey_get_private() as it is clearly returning a boolean false. From the docs:

Returns a positive key resource identifier on success, or FALSE on error.

It's a good idea to put a check in place when methods return false on error as it makes your code easier to debug.

craig_h
  • 31,871
  • 6
  • 59
  • 68