Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
501 views
in Technique[技术] by (71.8m points)

php - Why different private key strings under Linux or Windows?

When I'm creating private key strings with the following PHP code (and same config-parameter), they are enclosed between different strings:

$configs = array('config' => 'OpenSSL.cnf',
                 'digest_alg' => 'sha1',
                 'x509_extensions' => 'v3_ca',
                 'req_extensions' => 'v3_req',
                 'private_key_bits' => 2048,
                 'private_key_type' => OPENSSL_KEYTYPE_RSA,
                 'encrypt_key' => false,
                 'encrypt_key_cipher' => OPENSSL_CIPHER_3DES);

$privateKeyResourceId = openssl_pkey_new($this->configs);                       
openssl_pkey_export($privateKeyResourceId, $privateKeyString);

On Linux the $privateKeyString looks like this:

-----BEGIN PRIVATE KEY-----NBgkqhkiG9w0BAQE....ASDFasjkfa-----END PRIVATE KEY-----

On Windows the $privateKeyString looks like this:

-----BEGIN RSA PRIVATE KEY-----NBgkqhkiG9E....ASDFasjkfa-----END RSA PRIVATE KEY-----

When I copy the Windows private key string to Linux it works until I remove the 'RSA' from the start/end (same behavior vice versa). Why is this?

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

This is a differece between openssl versions not PHP. The following openssl command creates different key headers/footers between openssl versions 0.9.x and 1.0.0x:

openssl req -new -keyout mykey.key -out mycertreq.csr -nodes -sha1 -newkey rsa:2048

For version 0.9.x, the key header/footer is:

-----BEGIN RSA PRIVATE KEY----- -----END RSA PRIVATE KEY-----

For version 1.0.0x, the key header/footer is:

-----BEGIN PRIVATE KEY----- -----END PRIVATE KEY-----

For the later version of openssl, I have to run the key file through the following command to make it compatible with the older default:

openssl rsa -in mykey.key -text > mykey.pem

The "mykey.pem" file then has the header/footers (and format) that is compatible with AWS and like services.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...