openssl_sign

(PHP 4 >= 4.0.4, PHP 5, PHP 7, PHP 8)

openssl_signİmza üretir

Açıklama

openssl_sign(
    string $veri,
    string &$imza,
    #[\SensitiveParameter] OpenSSLAsymmetricKey|OpenSSLCertificate|array|string $gizli_anahtar,
    string|int $algoritma = OPENSSL_ALGO_SHA1
): bool

gizli_anahtarı kullanarak kriptografik bir imza üreterek belirtilen veri için bir imza hesaplar. Veri şifrelenmez.

Bağımsız Değişkenler

veri

İmzalanacak veri.

imza

İşlem başarılı olursa imza bu bağımsız değişkene konur.

gizli_anahtar

İmza bu anahtar kullanılarak oluşturulur. Ya bir OpenSSLAsymmetricKey örneğidir; openssl_get_privatekey() ile üretilir.

Ya da PEM biçemli bir anahtar dizgesidir.

algoritma

int türünde, İmzalama algoritmalarından biri.

string türünde, openssl_get_md_methods() işlevinden döndürülmüş geçerli bir dizge (örn: "sha256WithRSAEncryption" veya "sha384".

Dönen Değerler

Başarı durumunda true, başarısızlık durumunda false döner.

Sürüm Bilgisi

Sürüm: Açıklama
8.0.0 genel_anahtar artık OpenSSLAsymmetricKey veya OpenSSLCertificate örneği kabul ediyor; evvelce, OpenSSL key veya OpenSSL X.509 özkaynağı kabul edilirdi.

Örnekler

Örnek 1 - openssl_sign() örneği

<?php
// $veri'nin imzalanacak veriyi içerdiği varsayılıyor

// Gizli anahtarı dosyadan alıp hazırla
$pkeyid = openssl_pkey_get_private("file://src/openssl-0.9.6/demos/sign/key.pem");

// İmzayı hesapla
openssl_sign($veri, $imza, $genankim);

// Anahtar belleğini serbest bırak
openssl_free_key($genankim);
?>

Örnek 2 - openssl_sign() örneği

<?php
// imzalanacak veri
$data = 'my data';

// genel ve gizli anahtarları üret
$new_key_pair = openssl_pkey_new(array(
"private_key_bits" => 2048,
"private_key_type" => OPENSSL_KEYTYPE_RSA,
));
openssl_pkey_export($new_key_pair, $private_key_pem);

$details = openssl_pkey_get_details($new_key_pair);
$public_key_pem = $details['key'];

// imzayı üret
openssl_sign($data, $signature, $private_key_pem, OPENSSL_ALGO_SHA256);

// kullanmak üzere kaydet
file_put_contents('private_key.pem', $private_key_pem);
file_put_contents('public_key.pem', $public_key_pem);
file_put_contents('signature.dat', $signature);

// imzayı doğrula
$r = openssl_verify($data, $signature, $public_key_pem, "sha256WithRSAEncryption");
// göster
var_dump($r);
?>

Ayrıca Bakınız

add a note

User Contributed Notes 4 notes

up
2
tim at remitone dot com
1 year ago
It should be noted that the default signature algorithm used by openssl_sign() and openssl_verify (OPENSSL_ALGO_SHA1) is no longer supported by default in OpenSSL Version 3 series.

With an up to date OpenSSL library, one has to run
"update-crypto-policies --set LEGACY"
on the server where the library resides in order to allow these functions to work without the optional alternative algorithm argument.
up
11
edmarw at yahoo dot com
16 years ago
This may help if you just want a real-simple private/public key pair:

<?php

$data
= "Beeeeer is really good.. hic...";

// You can get a simple private/public key pair using:
// openssl genrsa 512 >private_key.txt
// openssl rsa -pubout <private_key.txt >public_key.txt

// IMPORTANT: The key pair below is provided for testing only.
// For security reasons you must get a new key pair
// for production use, obviously.

$private_key = <<<EOD
-----BEGIN RSA PRIVATE KEY-----
MIIBOgIBAAJBANDiE2+Xi/WnO+s120NiiJhNyIButVu6zxqlVzz0wy2j4kQVUC4Z
RZD80IY+4wIiX2YxKBZKGnd2TtPkcJ/ljkUCAwEAAQJAL151ZeMKHEU2c1qdRKS9
sTxCcc2pVwoAGVzRccNX16tfmCf8FjxuM3WmLdsPxYoHrwb1LFNxiNk1MXrxjH3R
6QIhAPB7edmcjH4bhMaJBztcbNE1VRCEi/bisAwiPPMq9/2nAiEA3lyc5+f6DEIJ
h1y6BWkdVULDSM+jpi1XiV/DevxuijMCIQCAEPGqHsF+4v7Jj+3HAgh9PU6otj2n
Y79nJtCYmvhoHwIgNDePaS4inApN7omp7WdXyhPZhBmulnGDYvEoGJN66d0CIHra
I2SvDkQ5CmrzkW5qPaE2oO7BSqAhRZxiYpZFb5CI
-----END RSA PRIVATE KEY-----
EOD;
$public_key = <<<EOD
-----BEGIN PUBLIC KEY-----
MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDiE2+Xi/WnO+s120NiiJhNyIButVu6
zxqlVzz0wy2j4kQVUC4ZRZD80IY+4wIiX2YxKBZKGnd2TtPkcJ/ljkUCAwEAAQ==
-----END PUBLIC KEY-----
EOD;

$binary_signature = "";

// At least with PHP 5.2.2 / OpenSSL 0.9.8b (Fedora 7)
// there seems to be no need to call openssl_get_privatekey or similar.
// Just pass the key as defined above
openssl_sign($data, $binary_signature, $private_key, OPENSSL_ALGO_SHA1);

// Check signature
$ok = openssl_verify($data, $binary_signature, $public_key, OPENSSL_ALGO_SHA1);
echo
"check #1: ";
if (
$ok == 1) {
echo
"signature ok (as it should be)\n";
} elseif (
$ok == 0) {
echo
"bad (there's something wrong)\n";
} else {
echo
"ugly, error checking signature\n";
}

$ok = openssl_verify('tampered'.$data, $binary_signature, $public_key, OPENSSL_ALGO_SHA1);
echo
"check #2: ";
if (
$ok == 1) {
echo
"ERROR: Data has been tampered, but signature is still valid! Argh!\n";
} elseif (
$ok == 0) {
echo
"bad signature (as it should be, since data has beent tampered)\n";
} else {
echo
"ugly, error checking signature\n";
}

?>
up
-7
Chris Kistner
13 years ago
The list of Signature Algorithms (constants) is very limited! Fortunately the newer versions of php/openssl allow you to specify the signature algorithm as a string.

You can use the 'openssl_get_md_methods' method to get a list of digest methods. Only some of them may be used to sign with RSA private keys.

Those that can be used to sign with RSA private keys are: md4, md5, ripemd160, sha, sha1, sha224, sha256, sha384, sha512

Here's the modified Example #1 with SHA-512 hash:
<?php
// $data is assumed to contain the data to be signed

// fetch private key from file and ready it
$fp = fopen("/src/openssl-0.9.6/demos/sign/key.pem", "r");
$priv_key = fread($fp, 8192);
fclose($fp);
$pkeyid = openssl_get_privatekey($priv_key);

// compute signature with SHA-512
openssl_sign($data, $signature, $pkeyid, "sha512");

// free the key from memory
openssl_free_key($pkeyid);
?>
up
-19
adam dot mansfeld at gmail dot com
18 years ago
Hello,

the fourth parameter 'signature_alg' to choose the signature algorithm can be one of:

OPENSSL_ALGO_SHA1
OPENSSL_ALGO_MD5
OPENSSL_ALGO_MD4
OPENSSL_ALGO_MD2

Just for the case that somebody needs this.

Regards
To Top