[edit] Last updated: Fri, 17 May 2013

openssl_private_decrypt

(PHP 4 >= 4.0.6, PHP 5)

openssl_private_decrypt — Entschlüsselt Daten mit einem privaten Schlüssel

Beschreibung

bool openssl_private_decrypt ( string $data , string &$decrypted , mixed $key [, int $padding ] )

openssl_private_decrypt() entschlüselt data, die zuvor mit openssl_public_encrypt() verschlüsselt wurden und speichert das Ergebnis in decrypted.

Mit dieser Funktion können beispielweise Daten entschlüsselt werden die einzig für Sie bestimmt sind.

Parameter-Liste

data
decrypted
key: key muss der private Schlüssel sein, der dem Schlüssel entspricht, mit dem die Daten verschlüsselt wurden.
padding: padding ist per Standard OPENSSL_PKCS1_PADDING, kann aber auch eine der Konstanten OPENSSL_SSLV23_PADDING, OPENSSL_PKCS1_OAEP_PADDING oder OPENSSL_NO_PADDING sein.

Rückgabewerte

Gibt bei Erfolg TRUE zurück. Im Fehlerfall wird FALSE zurückgegeben.

Siehe auch

openssl_public_encrypt() - Verschlüsselt Daten mit einem öffentlichen Schlüssel
openssl_public_decrypt() - Entschlüsselt Daten mit einem öffentlichen Schlüssel

openssl_private_encrypt

openssl_pkey_new

[edit] Last updated: Fri, 17 May 2013

add a note User Contributed Notes openssl_private_decrypt - [3 notes]

down

wfredkNOSPAM at L5DevelopmentNOSPAM dot com ¶

11 years ago


Encrypt using public key, decrypt using private key.



Use this to store stuff in your database: Unless someone

has your private key, the database contents are useless.



Also, use this for sending to a specific individual:  Get

their public key, encrypt the message, only they can use

their private key to decode it.



<?php

echo "Source: $source";

$fp=fopen("/path/to/certificate.crt","r");

$pub_key=fread($fp,8192);

fclose($fp);

openssl_get_publickey($pub_key);

/*

 * NOTE:  Here you use the $pub_key value (converted, I guess)

 */

openssl_public_encrypt($source,$crypttext,$pub_key);

echo "String crypted: $crypttext";



$fp=fopen("/path/to/private.key","r");

$priv_key=fread($fp,8192);

fclose($fp);

// $passphrase is required if your key is encoded (suggested)

$res = openssl_get_privatekey($priv_key,$passphrase);

/*

 * NOTE:  Here you use the returned resource value

 */

openssl_private_decrypt($crypttext,$newsource,$res);

echo "String decrypt : $newsource";

?>

down

-1

ittasks at gmail dot com ¶

1 month ago


//if you want to encrypt data without knowing the password so it only be accessible to admin (like storing CC data) - here is one of the ways to do that.



$fnm="test";//path to the file name (.key and .pem)

echo "<form method=post action=".$_SERVER['PHP_SELF']."><table>";

$pass=$_REQUEST['pass'];

$msg=$_REQUEST['msg'];

$genkey=((isset($_REQUEST['go']))?intval("0".$_REQUEST['genkey']):1);

echo "<tr><td>Admin Password :</td><td><input type=text name=pass value=\"$pass\"></td></tr>\n";

echo "<tr><td>Generate New Keys?</td><td><input type=checkbox name=genkey value=1".($genkey?" checked":"")."> Yes</td></tr>\n";

echo "<tr><td colspan=2 align=left>Message:<br><textarea cols=50 name=msg>$msg</textarea></td></tr>\n";

echo "<tr><td colspan=2><input type=submit name='go' value='Go'></td></tr>";

echo "</table></form>";

if($_REQUEST['go']=='Go')

  {

    $pass=$_REQUEST['pass'];

    $msg=$_REQUEST['msg'];

    //this you have to only run once ...

    if($genkey)

     {

       echo "<br>generating public/private keys using supplied password...";

       exec("openssl req -x509 -passout pass:$pass -newkey rsa:1024 -keyout $fnm.key -out $fnm.pem -subj \"/C=US/ST=California/L=Remote/O=blabla/OU=blabla/CN=user/emailAddress=user@domain.com\"");

     }

    // or in case if you want to change admin password you need to generate new keys with new password

    // and run a script that will take all encrypted data from database, decrypt with old private key and re-encrypt with new private key



    echo "<br>Source file: $fnm.pem";

    openssl_public_encrypt(urlencode($msg), $encbinary, "file://$fnm.pem"); //no password usage here

    $encmsg=base64_encode($encbinary); //ready to be send or stored in DB

    echo "<br><br>Encrypted message:<pre>$encmsg</pre>";



    echo "<br><br>Decrypting using private key with password...<br>";

    if(($prvkey = openssl_pkey_get_private("file://$fnm.key",$pass))===false)

      echo "<br><b style='color:red'>Password is incorrect, aborting.</b>";

    else

     {

       openssl_private_decrypt(base64_decode($encmsg),$decmsg,$prvkey);

       echo "<br>Decrypted message:<br>".urldecode($decmsg);

      }

  }

down

-1

sevaa at sprynet dot com ¶

3 years ago


When used with RSA, this function only accepts a single block. Block size is equal to the RSA key size - i. e., with a 1024-bit key, block size should be 128 bytes. Depending on the padding scheme, the payload may be even smaller. The padding is removed, so you'll receive the ready to use plaintext. Blocking logic is up to the caller, though.



When passing Microsoft CryptoAPI-generated RSA cyphertext, revert the bytes in the block (you may use strrev()).

add a note