I’ve been spending quite some time trying to figure out how exactly to retrieve the raw private key data from openssl_pkey_get_private() using a passphrase. I feel like there’s a simple thing I am missing.
Here’s my code:
$config = array(
"private_key_bits" => 2048, //size of private key
)
$privKey = openssl_pkey_new($config); //creating a private key resource
openssl_pkey_export($privKey, $pkeyout,"test123",$config); //obtaining an encrypted private key
$result = openssl_pkey_get_private($pkeyout, "test123"); //decrypting the encrypted private key
var_dump($result); //print results
Unfortunately all I’m getting from the var_dump() call is the following output:
“resource(2) of type (OpenSSL key)“
So, pretty much after I call openssl_pkey_export, $pkeyout contains something like the following – consider the below data the INPUT for the decryption procedure I wish for openssl_pkey_get_private to perform:
—–BEGIN RSA PRIVATE KEY—–
Proc-Type: 4,ENCRYPTED DEK-Info: DES-EDE3-CBC,84AC553B6367CD10
BOVayTi4R9IZX0V1/lbX/YG16v87vQ1AX5apgcPEwOaJDRBUB07iiJwkSEOckR3w yW/2E27YXhJGaVjSMiBbBycu9AHQIgNhggUCXvzr6AMhDYNAu787c0EUsA7Ax4Yw Gixk9qX/iECcjVXqdoz2+pSrRUUB5l3T+JyRh8sgKkdcM74dEQ5UDTrMd1Ik26+N 4Ms8iA9SS9J1FdTBswx119+WTcybSCBsX0tWPkjf7SARzgL9ee02B61Mua2PypZy RO4UIRGeQy/0O/ySdUg1L42sTmmwY7odWnwbbYsIgFsSaijDGx14VohgnRbEZK++ 6Ix0w1ZYSzsKWiZEEuXXC6EvOIv6zOiUmJRW/0jGjuDIbz0MTtYgU/A99fK97EYo /xWNIm/kfs2gM4ccNVzE/fiVIZg+FVTpkriXPVUhjLUZVoB9vLLZd7RrC55p4tX/ 22pgh0RULF2i+wQn6NgeP29naa+3S1UyfN1USDfFyuZTWuctlK+c6r/yAefsat5X VvwIjdp+wjIbMUV7UmsPlc85O71bq3RjMVfJF/LLc9cOQCFOYacXD8IsYMJqngPz IbO5xBzCDFZuXcM6xvu1UWeGbNz2yG/kC2hiHSS1oMrA6S3JiHTmVSwzOUx5qMXl bYFz19Qqs/qAXj8G4PV5a0VN5m5hy1yAUHsau6oUl750PU5gHlMsFvF2LMAjtrAC VYvtqoLsyc5HBW7eOSa/vCeHuOKnpUvWF/CuthZYX0Uq58pcBbL4CfKRk1yUohRi utKILoMFRsNvKB4iLpMocxvps1clfgIHdPK9c0b6WaFaDjy3ZkCaVjTslosQCjUV DztkGRbCxqPu0M5erqPciO1JxGYCK5+U5G/FpChqwhwHQSSYxwUV9InZsc59Ogm/ qFIDRaJQMEeMi9oP4K5h4L8puvLpoJFAe5Y8GjGIqs7VLj96bjsyc7kyaWkaP4FZ aaDbP+nTqtPxSV4pLX+MGfrr/lZfULutPdXnu/Av3pt92dg7alPme56uzKfs/+We WIeSyQpvPHcUmnGJZABPagbehpiTe6T9LQ+wCgteZSRCRiEdTgwuKtklB3kC1Hvv GpFS2XGmguKa8qLZU4s1IWILeTcFqbcPLCevwSuy123D6CL4U2lT85Pv8ZHCOqND qvfloF8nVNwyM5NiAbIcxCYxNA8TfCQ6P9Rn4C83r/MYyiUc1ArtKSVgLDluDli9 A3F807Ont42CWCL4sr2aPjxzWUkRBteUUkLdvryYsg804NdD8oPGL5VEAdC435PR OMiD+ESmayXreMVCXWwLwTQS1M3yi96wTaSlSWHtSFmzXFI5tmzEDa52/5Pl6ksx tcI9dKbHUOj42ZrtWYZhR+K8XwrxEg8u4kkQv2U13bySBihx/WSuZURXSjULyI2h nd8wQddVPFGodxd8CTT/3gPP97oDC16i3YNj7apKJXrjXl8HvZIyE3yAHnf39dAG JWbC1roUcQfQs0AUrxlAe75Sh9zoV4FKpq4A7JM31zklVjJw3rqjxBmNIBUow586 4WPFsIgGJQ0Gp3PfoO4sl/BuIxVjhe31yYAaeK+jA5K48PCPgirE/nck/08cxZdZ—–END RSA PRIVATE KEY—
What I really want is the raw, decrypted private key (the supposed OUTPUT of openssl_pkey_get_private(). Notice that the above is encrypted** (as denoted by the word ‘ENCRYPTED’ under “—–BEGIN RSA PRIVATE KEY—–“).
This would look something like the following (notice that the data below does NOT have the header stating that it’s encrypted as the data above does).
—–BEGIN RSA PRIVATE KEY—–
MIIEowIBAAKCAQEAzuhc4J08EiayUSpIQ9MG6FM5JwYm1d0UIaAZ9h2QV4r897Oo GxvxaQ/ceIY7Sdrpc6kWAF+cemKfA84WX6T+LgiimfZnSIDhF1xHFk2Yluc8cyqq gKswgewZi01dVz4nP+1w/kPUNvZCQr4zxlimp2RiJZEH1wS5ls41iOUqYufz7d2h /559eE2/Uh2QQo+LhZt30DtHfLJmjHrxwL6aNFNVKw1iZsEzp36U1iLlrj/+TVjr JlVju9mqeK/Y+eYtWNUVHCCcbhWKO+dJVy0+baRc8LhK6ogTj7ZYrriBFx6Y3sXY xEwTlvoLITZKvxFX4MH21fg7KSJN4/JawG4hDQIDAQABAoIBAH5RuFpdRE5kl5sb 8FCQJnhyTsM3a0BIH8FDqHXsqLH5peVoJqqeTa1xxI1Eji/R2ZMGWOtTdAn36dL9 4AT2i0P5e6P5nibSoBmN+cxxBUaj1/ELzFqPqSa4yQOV8PWReY763HAvYwFHKT7s NlnSx7QMgisjNyEbvl6GeIKiPlVw5CLp+SKDA4TkxyJfHJN9/En8Pgzx/SOBznYo shXQGCF3cuoW5Hblxl10Vcy+36SewjDMJKD0AYSEDI2znWEXPV567r80DvMazOug bbzWIk8lLiOhsUBCY8MdHRT9HxQs5tol6Xf84vM/wRX210USTfSo9IRuZxVYb+eD +qdthXUCgYEA5utux38mCEp7iroM8f4lZy8IU3zSuVOzUYJ0l1eYax0YNf7zWaAn rdYf1J3vZIXsfPkuup0jc6WJJ4h8aMlVroiY4Ekjh1rd1iM4x5gEM52knt0jIFTR s5zUYc4aHNEHLYCSxHgBkDQbqlzF2SvEhF1/F9E8n9DCbl2X+MqqZSMCgYEA5WFK 6g8rZ01CmmiC+WzuW0lVWpaNIi4luKsA6B2fiIjY4Xh46qkddYuwVUxLM3xym7Yo eoFfUu4kiTKGJdTMAkReIn+tqPTg9LwvvHSNH2GMp8/TjmxbQd+x9QVyGKNnTsLY aYrbcK7rh9fbvZsywNLeYrrt/VrmArpt2FMqPA8CgYBTm/D7WKU7oUREAYNIZ13B k3zvRaXCpnSp0ZNHbNbqCZnHiy0vSVa0kW/q+tg/zGHJCiwKM3UvnUMgxkFNa4CT di/sHW84xgTGUPBxDDCRQ8XkI2thfHSFFQas9wPrZR+1MPVzH4RpYwSVVYvpSviX eIbY59CMiPitH0Q0N6UkgwKBgQCktsHJ48zCKGu8X3I11DAxYy6kl1mPgt3Zhwpm o+cMb2B2QEFsGLar0vxztA6IUUQnZp4YolAmSBX6Y0qLXgyFUDzcvxygKABmHcCV rogsUatkUcvUCSFa41xx21A8OxKTLz2iRHEhsKo3aR1FQW4nowTIlv0RIrXqnZ8F aWr5pwKBgGngeK3PyoXvOZNZ5f9r3i4C3d7UHz9Aiwn2Ulh138dp1AW8d4a9AiTZ RBd9pQGsIsSzhPkTZ65Mx+R6X+v/xfnFjnShronfeNdkpkgACbgQvJTDbg8Asu9x
ifwaEKu8+t1MqrmPh5vKY6Fhl2DdPkk2evp6eG1t1IO6pAkYb8L5—–END RSA PRIVATE KEY—–
All in all, I guess what I’m trying to say is that I don’t know how to retrieve the decrypted private key that openssl_pkey_get_private() is supposed to return. It’s not returning FALSE, so it must be working… I just don’t know where it puts it.
Any help would be greatly appreciated as I am very stuck!
Thanks a lot!
I hope this is what you’re after.
The newly generated key does not have a passphrase yet, so you can get the unencrypted key straight away.
Edit
Based on the comment, I generated my own keypair with
I was then able to dump out the unencrypted private key with the following:
You can supply the key instead of the filename, as long as it is PEM formatted.
Edit 2
I couldn’t get your supplied key working with the passphrase you included in the question, but it does work with the temporary key I generated.
The exact code I am using is as follows:
And the output is: