Join Up!
96653 members and counting!

 
downloads | documentation | faq | getting help | mailing lists | reporting bugs | php.net sites | links 
search for in the  
lookup:
Manual de PHPManual de PHP
Referencia de las FuncionesReferencia de las Funciones
 ApacheApache
 MatricesMatrices
 AspellAspell
 BCmathBCmath
 Bzip2Bzip2
 CalendarioCalendario
 CCVSCCVS
 COMCOM
 Clases/ObjetosClases/Objetos
 ClibPDFClibPDF
 CrackCrack
 CURLCURL
 CybercashCybercash
 CyberMUTCyberMUT
 CyradmCyradm
 ctypectype
 dbadba
 Fecha/horaFecha/hora
 dBasedBase
 DBMDBM
 dbxdbx
 DB++DB++
 DIODIO
 DirectoriosDirectorios
 DOM XMLDOM XML
 .NET.NET
 Errors and LoggingErrors and Logging
 FrontBaseFrontBase
 Funciones fileProFunciones filePro
 FilesystemFilesystem
 FDFFDF
 FriBiDiFriBiDi
 FTPFTP
 FunctionsFunctions
 gettextgettext
 GMPGMP
 HTTPHTTP
 HyperwaveHyperwave
 Hyperwave APIHyperwave API
 iconviconv
 ImágenesImágenes
 IMAPIMAP
 InformixInformix
 InterBaseInterBase
 Ingres IIIngres II
 IRC GatewayIRC Gateway
 JavaJava
 LDAPLDAP
 CorreoCorreo
 mailparsemailparse
 Math.Math.
 Multi-Byte StringMulti-Byte String
 MCALMCAL
 mcryptmcrypt
 MCVEMCVE
 mhashmhash
 MimetypeMimetype
 MS SQL ServerMS SQL Server
 Ming (flash)Ming (flash)
 Misc.Misc.
 mnoGoSearchmnoGoSearch
 mSQLmSQL
 MySQLMySQL
 MsessionMsession
 muscatmuscat
 RedRed
 ncursesncurses
 Lotus NotesLotus Notes
 ODBCODBC
 Object AggregationObject Aggregation
 OCI8OCI8
 OpenSSLOpenSSL
 OracleOracle
 OvrimosSQLOvrimosSQL
 Output ControlOutput Control
 Object overloadingObject overloading
 PDFPDF
 Verisign Payflow ProVerisign Payflow Pro
 opciones/información PHPopciones/información PHP
 POSIXPOSIX
 PostgreSQLPostgreSQL
 PCNTLPCNTL
 Ejecución de programasEjecución de programas
 PrinterPrinter
 PspellPspell
 ReadlineReadline
 RecodeRecode
 PCREPCRE
 qtdomqtdom
 RegexpsRegexps
 SemaphoreSemaphore
 SESAMSESAM
 SesionesSesiones
 shmopshmop
 SWFSWF
 SNMPSNMP
 SocketsSockets
 CadenasCadenas
 SybaseSybase
 TokenizerTokenizer
 URLsURLs
 VariablesVariables
 vpopmailvpopmail
 W32apiW32api
 WDDXWDDX
 XMLXML
 XML-RPCXML-RPC
 XSLTXSLT
 YAZYAZ
 NISNIS
 ZipZip
 ZlibZlib
previousOCIWriteLobToFileopenssl_csr_export_to_filenext
Last updated: Tue, 29 Oct 2002
view the printer friendly version or the printer friendly version with notes or change language to Czech | German

LXXII. OpenSSL functions

Aviso

Este módulo es EXPERIMENTAL. Esto significa que el comportamineto de estas funciones, nombre de funciones y en definitiva TODO lo documentado aqui, puede cambiar en una futura version de PHP SIN AVISO. Quedas avisado, y utilizar este módulo es tu responsabiliad.

Introducción

This module uses the functions of OpenSSL for generation and verification of signatures and for sealing (encrypting) and opening (decrypting) data. OpenSSL offers many features that this module currently doesn't support. Some of these may be added in the future.

Requerimientos

In order to use the OpenSSL functions you need to install the OpenSSL package. PHP-4.0.4pl1 requires OpenSSL >= 0.9.6, but PHP-4.0.5 and greater will also work with OpenSSL >= 0.9.5.

Instalación

To use PHP's OpenSSL support you must also compile PHP --with-openssl[=DIR].

Configuración en tiempo de ejecución

Esta extensión no define ninguna directiva de configuración.

Tipos de recursos

Key/Certificate parameters

Quite a few of the openssl functions require a key or a certificate parameter. PHP 4.0.5 and earlier have to use a key or certificate resource returned by one of the openssl_get_xxx functions. Later versions may use one of the following methods:

  • Certificates

    1. An X.509 resource returned from openssl_x509_read()

    2. A string having the format file://path/to/cert.pem; the named file must contain a PEM encoded certificate

    3. A string containing the content of a certificate, PEM encoded

  • Public/Private Keys

    1. A key resource returned from openssl_get_publickey() or openssl_get_privatekey()

    2. For public keys only: an X.509 resource

    3. A string having the format file://path/to/file.pem - the named file must contain a PEM encoded certificate/private key (it may contain both)

    4. A string containing the content of a certificate/key, PEM encoded

    5. For private keys, you may also use the syntax array($key, $passphrase) where $key represents a key specified using the file:// or textual content notation above, and $passphrase represents a string containing the passphrase for that private key

Certificate Verification

When calling a function that will verify a signature/certificate, the cainfo parameter is an array containing file and directory names that specify the locations of trusted CA files. If a directory is specified, then it must be a correctly formed hashed directory as the openssl command would use.

Constantes predefinidas

Estas constantes están definidas por esta extensión y estarán disponibles solamente cuando la extensión ha sido o bien compilada dentro de PHP o grabada dinamicamente en tiempo de ejecución.

X509_PURPOSE_SSL_CLIENT (integer)

X509_PURPOSE_SSL_SERVER (integer)

X509_PURPOSE_NS_SSL_SERVER (integer)

X509_PURPOSE_SMIME_SIGN (integer)

X509_PURPOSE_SMIME_ENCRYPT (integer)

X509_PURPOSE_CRL_SIGN (integer)

X509_PURPOSE_ANY (integer)

OPENSSL_PKCS1_PADDING (integer)

OPENSSL_SSLV23_PADDING (integer)

OPENSSL_NO_PADDING (integer)

OPENSSL_PKCS1_OAEP_PADDING (integer)

OPENSSL_KEYTYPE_RSA (integer)

OPENSSL_KEYTYPE_DSA (integer)

OPENSSL_KEYTYPE_DH (integer)

PKCS7 Flags/Constants

The S/MIME functions make use of flags which are specified using a bitfield which can include one or more of the following values:

Tabla 1. PKCS7 CONSTANTS

ConstantDescription
PKCS7_TEXTadds text/plain content type headers to encrypted/signed message. If decrypting or verifying, it strips those headers from the output - if the decrypted or verified message is not of MIME type text/plain then an error will occur.
PKCS7_BINARYnormally the input message is converted to "canonical" format which is effectively using CR and LF as end of line: as required by the S/MIME specification. When this options is present, no translation occurs. This is useful when handling binary data which may not be in MIME format.
PKCS7_NOINTERNwhen verifying a message, certificates (if any) included in the message are normally searched for the signing certificate. With this option only the certificates specified in the extracerts parameter of openssl_pkcs7_verify() are used. The supplied certificates can still be used as untrusted CAs however.
PKCS7_NOVERIFYdo not verify the signers certificate of a signed message.
PKCS7_NOCHAINdo not chain verification of signers certificates: that is don't use the certificates in the signed message as untrusted CAs.
PKCS7_NOCERTSwhen signing a message the signer's certificate is normally included - with this option it is excluded. This will reduce the size of the signed message but the verifier must have a copy of the signers certificate available locally (passed using the extracerts to openssl_pkcs7_verify() for example.
PKCS7_NOATTRnormally when a message is signed, a set of attributes are included which include the signing time and the supported symmetric algorithms. With this option they are not included.
PKCS7_DETACHEDWhen signing a message, use cleartext signing with the MIME type multipart/signed. This is the default if the flags parameter to openssl_pkcs7_sign() if you do not specify any flags. If you turn this option off, the message will be signed using opaque signing, which is more resistant to translation by mail relays but cannot be read by mail agents that do not support S/MIME.
PKCS7_NOSIGSDon't try and verify the signatures on a message

Nota: These constants were added in 4.0.6.

Tabla de contenidos
openssl_csr_export_to_file -- Exports a CSR to a file
openssl_csr_export -- Exports a CSR to file or a var
openssl_csr_new -- Generates a privkey and CSR
openssl_csr_sign -- Signs a cert with another CERT
openssl_error_string -- Return openSSL error message
openssl_free_key -- Free key resource
openssl_get_privatekey -- Prepare a PEM formatted private key for use
openssl_get_publickey -- Extract public key from certificate and prepare it for use
openssl_open -- Open sealed data
openssl_pkcs7_decrypt -- Decrypts an S/MIME encrypted message
openssl_pkcs7_encrypt -- Encrypt an S/MIME message
openssl_pkcs7_sign -- sign an S/MIME message
openssl_pkcs7_verify -- Verifies the signature of an S/MIME signed message
openssl_pkey_export_to_file -- Gets an exportable representation of a key into a file
openssl_pkey_export -- Gets an exportable representation of a key into a string or file
openssl_pkey_new -- Generates a new private key
openssl_private_decrypt -- Decrypts data with private key
openssl_private_encrypt -- Encrypts data with private key
openssl_public_decrypt -- Decrypts data with public key
openssl_public_encrypt -- Encrypts data with public key
openssl_seal -- Seal (encrypt) data
openssl_sign -- Generate signature
openssl_verify -- Verify signature
openssl_x509_check_private_key -- Checks if a private key corresponds to a CERT
openssl_x509_checkpurpose -- Verifies if a certificate can be used for a particular purpose
openssl_x509_export_to_file -- Exports a CERT to file or a var
openssl_x509_export -- Exports a CERT to file or a var
openssl_x509_free -- Free certificate resource
openssl_x509_parse -- Parse an X509 certificate and return the information as an array
openssl_x509_read -- Parse an X.509 certificate and return a resource identifier for it
User Contributed Notes
OpenSSL functions		 add a note about notes
There are no user contributed notes for this page.
previousOCIWriteLobToFileopenssl_csr_export_to_filenext
Last updated: Tue, 29 Oct 2002
Copyright © 2001, 2002 The PHP Group
All rights reserved.		 This mirror generously provided by: http://phpbuilder.com/
Last updated: Thu Oct 31 18:34:28 2002 EST