Frost Jedi

[ronaldv]

Hello,

i need to mimic this openssl command via phpseclib, which signs a public key from someone with my private key:

Code: Select all

$command = "openssl ca -config $conf -verbose -batch -notext -spkac /input.txt -out /out.txt -passin pass:'" . $pass . "' 2>&1";

Where the inputfile looks like this:

SPKAC=the public key in pem format
countryName=XX
CN=my name
........

I looked at the example at the website but that was not fully clear to me.

How can i do this via phpseclib?

BTW I prefer NOT to use temp-files, if possible. All the required data like the public key, common-name etc. is available in php variables.

[TerraFrost]

I just looked into SPKAC and it's not something phpseclib currently supports. I can see if I can add support in the next few days..

If you can get the public key in a format other than SPKAC than you can use phpseclib right now to do that. The following is kinda an example as to how:

http://phpseclib.sourceforge.net/x509/e ... l#casigned

In that example the public / private keypair are created from scratch but adapting the example to suit your needs should be easy enough for you to do. If you need any help lmk.

[ronaldv]

Ok thank you.

Th ekey I receive has been generated by a browser (via the keygen-element) and looks like this:

Code: Select all

MIICQDCCASgwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDwWCJ85g9z
H5s82NYpFKWfgVxuiiGSsyVlp22x98GU21w9BhWt5lw9WD1DdDLMKXLqK+cCwOSp
HkuXmG2g8eQwyDJfL41ro68dnrcsY47zBYTmWoSA3e9DYDwnIUGy73jTpkiwzTev
7xNNLDpvcHwlr+TysF+nUNH+uEgXm6nYTAlzaZIXE4/l5CMqxqR9lNU0BuRuuztb
JIzFcv96Jm4nq1sQhIkmZo7FHRrMGzd7vJrVWEBk3RhO3HUuyaL646Y5DPENDCvZ
R1GbD4tLmfPkNMVLHTwP9LuFTDDPEoIxcNTq2rMWyqjKzNBRib4mP8Doka9fH/WE
nOv9TvSkDhmPAgMBAAEWADANBgkqhkiG9w0BAQQFAAOCAQEAn2WGm+04XBKygSVD
RlxzZTe+QvvA2eBk+uC65WKGe/KKKFcczh3XzmexOxTO2+4V6PTV3Rj84uQEXThM
+qPHl8VhmWaw5BEcnnzepLmLhcfY30wzt7PbSVpn5VBjCSOucc38ebjkltzRLqaH
ZG5t5mhxWnQgqr88ZT/FSW0XzxrFokOBlR2WXEcWyROnL7EW5gE2yX1+CtFswOJA
y2ngGmLQWGiGkI5Ai2DXI+S2RadfC0SIBa0Q9IibsKi2o5lI7zkRAgwJgux0+5yY
tvsP4io9wVgUnH10tqKM5Yz/PnrKVBp4jrPPNGZiFQS0QGaR1e6KvRa/OWjKEkOi
jSFVBw==


Is that spkac? Can I re-write it to some format that seclib supports?

[TerraFrost]

Yah - that's SPKAC. And no - it's not something that can be easily rewritten. It'd be best if I just wrote some code to handle it..

[ronaldv]

Well, that would be very helpfull for me.

[ronaldv]

One more thing that I would need: i need to add the x509-subjectAltName to the signed certificate. Is this something supported by seclib?

[TerraFrost]

Yah - you can alter it by calling $subject->setDomain('www.google.com', 'www.yahoo.com'). For the first domain the commonName will be used. For subsequent domains the subjAltName extension will be utilized.

If you want to a more direct control...

Code: Select all

$this->setExtension('id-ce-subjectAltName', array(
      array('dNSName' => 'www.slashdot.org'),
      array('dNSName' => 'www.yahoo.com')
   ), false, true);

[TerraFrost]

Yah - that's SPKAC. And no - it's not something that can be easily rewritten. It'd be best if I just wrote some code to handle it..

Check the latest Git version. Example of how to use it:

Code: Select all

<?php
include('File/X509.php');

$x509 = new File_X509();
$x509->loadSPKAC('MIIBQzCBrTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwnnEID0RuUfmVbB1rNgsZ6BL8MtITio00wLJhQ075cvxcgllis1M4PhK6SKtm0tmSfXZTZz8jrbeczSFkdl6UjFYCXIrxnmcGmpB4A6fdKsBfFtmMOPLXLr5nGM+4DyOMZCZObbLOnsv7usimDpixk+juZ65Gmhb9rB+2MAKEbECAwEAARYJMTIzNDU2Nzg5MA0GCSqGSIb3DQEBBAUAA4GBAB99Nkdhzeazy0bTCb69Mp8Q3BDOgeMonUEg0ETlPaTX/y9HvwkgWHdMROQmc8JiDNTZZzpssrgdKtzsqQOyEIOHEKDbAXL3+GlglCaQ3g/72PbJPFusYdsPjEPYKXil6U1nCikikjaEZVM1HbzVFSmbEAuLwYwD1Z6LovYYaxr0');

echo $x509->getPublicKey();

Note that in your first post you give the key as this:

Code: Select all

SPKAC=the public key in pem format
countryName=XX
CN=my name

Only the SPKAC field is currently supported. The other fields need to be pre-stripped away. At least for the time being.