How to sign a public key with my private key?

Get help with using the PHP Secure Communications Library.

Moderator: Nuxius

Forum rules
The purpose of this forum is to provide support for phpseclib, a pure PHP SSH / SFTP / RSA library.

Posts by new users are held in a moderation queue and are not publicly visible until the post is approved.

How to sign a public key with my private key?

Postby ronaldv » Sat Dec 15, 2012 10:21 am

Hello,

i need to mimic this openssl command via phpseclib, which signs a public key from someone with my private key:

Code: Select all
$command = "openssl ca -config $conf -verbose -batch -notext -spkac /input.txt -out /out.txt -passin pass:'" . $pass . "' 2>&1";


Where the inputfile looks like this:

SPKAC=the public key in pem format
countryName=XX
CN=my name
........

I looked at the example at the website but that was not fully clear to me.

How can i do this via phpseclib?

BTW I prefer NOT to use temp-files, if possible. All the required data like the public key, common-name etc. is available in php variables.
ronaldv
Traveler
 
Posts: 7
Joined: Fri Dec 14, 2012 10:57 am

Re: How to sign a public key with my private key?

Postby TerraFrost » Mon Dec 17, 2012 2:26 am

I just looked into SPKAC and it's not something phpseclib currently supports. I can see if I can add support in the next few days..

If you can get the public key in a format other than SPKAC than you can use phpseclib right now to do that. The following is kinda an example as to how:

http://phpseclib.sourceforge.net/x509/e ... l#casigned

In that example the public / private keypair are created from scratch but adapting the example to suit your needs should be easy enough for you to do. If you need any help lmk.
TerraFrost
Legendary Guard
 
Posts: 12357
Joined: Wed Dec 04, 2002 6:37 am

Re: How to sign a public key with my private key?

Postby ronaldv » Mon Dec 17, 2012 7:38 am

Ok thank you.

Th ekey I receive has been generated by a browser (via the keygen-element) and looks like this:

Code: Select all
MIICQDCCASgwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDwWCJ85g9z
H5s82NYpFKWfgVxuiiGSsyVlp22x98GU21w9BhWt5lw9WD1DdDLMKXLqK+cCwOSp
HkuXmG2g8eQwyDJfL41ro68dnrcsY47zBYTmWoSA3e9DYDwnIUGy73jTpkiwzTev
7xNNLDpvcHwlr+TysF+nUNH+uEgXm6nYTAlzaZIXE4/l5CMqxqR9lNU0BuRuuztb
JIzFcv96Jm4nq1sQhIkmZo7FHRrMGzd7vJrVWEBk3RhO3HUuyaL646Y5DPENDCvZ
R1GbD4tLmfPkNMVLHTwP9LuFTDDPEoIxcNTq2rMWyqjKzNBRib4mP8Doka9fH/WE
nOv9TvSkDhmPAgMBAAEWADANBgkqhkiG9w0BAQQFAAOCAQEAn2WGm+04XBKygSVD
RlxzZTe+QvvA2eBk+uC65WKGe/KKKFcczh3XzmexOxTO2+4V6PTV3Rj84uQEXThM
+qPHl8VhmWaw5BEcnnzepLmLhcfY30wzt7PbSVpn5VBjCSOucc38ebjkltzRLqaH
ZG5t5mhxWnQgqr88ZT/FSW0XzxrFokOBlR2WXEcWyROnL7EW5gE2yX1+CtFswOJA
y2ngGmLQWGiGkI5Ai2DXI+S2RadfC0SIBa0Q9IibsKi2o5lI7zkRAgwJgux0+5yY
tvsP4io9wVgUnH10tqKM5Yz/PnrKVBp4jrPPNGZiFQS0QGaR1e6KvRa/OWjKEkOi
jSFVBw==


Is that spkac? Can I re-write it to some format that seclib supports?
ronaldv
Traveler
 
Posts: 7
Joined: Fri Dec 14, 2012 10:57 am

Re: How to sign a public key with my private key?

Postby TerraFrost » Mon Dec 17, 2012 2:43 pm

Yah - that's SPKAC. And no - it's not something that can be easily rewritten. It'd be best if I just wrote some code to handle it..
TerraFrost
Legendary Guard
 
Posts: 12357
Joined: Wed Dec 04, 2002 6:37 am

Re: How to sign a public key with my private key?

Postby ronaldv » Mon Dec 17, 2012 5:54 pm

Well, that would be very helpfull for me.
ronaldv
Traveler
 
Posts: 7
Joined: Fri Dec 14, 2012 10:57 am

Re: How to sign a public key with my private key?

Postby ronaldv » Tue Dec 18, 2012 9:11 am

One more thing that I would need: i need to add the x509-subjectAltName to the signed certificate. Is this something supported by seclib?
ronaldv
Traveler
 
Posts: 7
Joined: Fri Dec 14, 2012 10:57 am

Re: How to sign a public key with my private key?

Postby TerraFrost » Tue Dec 18, 2012 1:05 pm

Yah - you can alter it by calling $subject->setDomain('www.google.com', 'www.yahoo.com'). For the first domain the commonName will be used. For subsequent domains the subjAltName extension will be utilized.

If you want to a more direct control...

Code: Select all
$this->setExtension('id-ce-subjectAltName', array(
      array('dNSName' => 'www.slashdot.org'),
      array('dNSName' => 'www.yahoo.com')
   ), false, true);
TerraFrost
Legendary Guard
 
Posts: 12357
Joined: Wed Dec 04, 2002 6:37 am

Re: How to sign a public key with my private key?

Postby TerraFrost » Wed Dec 19, 2012 6:24 am

TerraFrost wrote:Yah - that's SPKAC. And no - it's not something that can be easily rewritten. It'd be best if I just wrote some code to handle it..

Check the latest Git version. Example of how to use it:

Code: Select all
<?php
include('File/X509.php');

$x509 = new File_X509();
$x509->loadSPKAC('MIIBQzCBrTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwnnEID0RuUfmVbB1rNgsZ6BL8MtITio00wLJhQ075cvxcgllis1M4PhK6SKtm0tmSfXZTZz8jrbeczSFkdl6UjFYCXIrxnmcGmpB4A6fdKsBfFtmMOPLXLr5nGM+4DyOMZCZObbLOnsv7usimDpixk+juZ65Gmhb9rB+2MAKEbECAwEAARYJMTIzNDU2Nzg5MA0GCSqGSIb3DQEBBAUAA4GBAB99Nkdhzeazy0bTCb69Mp8Q3BDOgeMonUEg0ETlPaTX/y9HvwkgWHdMROQmc8JiDNTZZzpssrgdKtzsqQOyEIOHEKDbAXL3+GlglCaQ3g/72PbJPFusYdsPjEPYKXil6U1nCikikjaEZVM1HbzVFSmbEAuLwYwD1Z6LovYYaxr0');

echo $x509->getPublicKey();

Note that in your first post you give the key as this:

Code: Select all
SPKAC=the public key in pem format
countryName=XX
CN=my name

Only the SPKAC field is currently supported. The other fields need to be pre-stripped away. At least for the time being.
TerraFrost
Legendary Guard
 
Posts: 12357
Joined: Wed Dec 04, 2002 6:37 am


Return to phpseclib support

Who is online

Users browsing this forum: No registered users and 3 guests

cron