Search code examples
phprsaphp-openssl

openssl_pkey_get_public returning false, but key does exist

I'm using a library that uses openssl_pkey_get_public, but it's returning false. It seems that openssl is enabled, and the key exists. Below are the few lines from the library I'm using, btw which I am debugging but cannot modify as it is not my code base:

protected function decrypt($encryptedData)
    {
        $publicKey = openssl_pkey_get_public($this->publicKey->getKeyPath());
        $publicKeyDetails = @openssl_pkey_get_details($publicKey);
        if ($publicKeyDetails === null) {
            throw new \LogicException(
                sprintf('Could not get details of public key: %s', $this->publicKey->getKeyPath())
            );
        }
.
.
.

I have the inserted the following debug code:

$keyPath = $this->publicKey->getKeyPath(); // returns file:///var/www/sso/website/storage/id_rsa.pub
var_dump(file_exists($keyPath)); // outputs true
var_dump(openssl_pkey_get_public($keyPath)); // returns false

Below shows the contents of $keyPath:

echo file_get_content($keyPath);

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQChY1gtF0Oeku62+4HCisIswcDu9fjZV7fImTlqQej/UsmsJH7jz5EF/ZXCWTKV/bgOwzV2oeHomukITqiR14D01W3mVcpTBAp5AP4JN25am57xdc6Nxd8Lo/NsCKKqQ4/uBmpYBVZm8Ye/hu3ixM6y/xbCGnw/ca4z0DKDa94z1XrRc6FrV1mXx5lItQEo/v8wVKX9NJVAANYZ/jJEk7jGTB9WkSTNR5l/tNBBF3MFuBigjSuaxUsnKT2IwOV5g2ewN4TzXARi2/BI7rweNsUFCWRbkUa7VJc3XOVZbS50TzUpAIqHI9Q8enBs95A1JvSTDvlT3efEHrM2T7KP7QOz ubuntu@ubuntu-xenial

I had previously created the keys with the following command:

ssh-keygen -f storage/id_rsa -t rsa -N ''

Some additional info if it help:

$ php -i | grep openssl
openssl
Openssl default config => /usr/lib/ssl/openssl.cnf
openssl.cafile => no value => no value
openssl.capath => no value => no value

$ php -m | grep openssl
openssl

Is there any reason why this might be happening?

Solution

  • You're using an SSH formatted public key. OpenSSL doesn't support that format. But you know what does support that format? phpseclib. It'll auto-detect the format and, once loaded, will let you do whatever RSA operations you need to do. Be aware, tho, that phpseclib expects the actual key to be passed to it - not a path to the key on the file system but the key itself.

    Sample code: http://phpseclib.sourceforge.net/rsa/examples.html#encrypt,enc