{"id":389,"date":"2006-03-04T10:58:27","date_gmt":"2006-03-04T18:58:27","guid":{"rendered":"\/?p=389"},"modified":"2006-03-04T11:10:29","modified_gmt":"2006-03-04T19:10:29","slug":"using-raw-public-keys-in-php","status":"publish","type":"post","link":"https:\/\/www.identityblog.com\/?p=389","title":{"rendered":"USING RAW PUBLIC KEYS IN PHP"},"content":{"rendered":"<p>Now here we are going to write some stuff and it is going to be about the what it is like supporting PHP.<\/p>\n<pre>\r\n\/\/ this function makes up for the fact that openssl doesn&#39;t\r\n\/\/ currently support direct use of modulus and exponent except\r\n\/\/ when PEM encoded in publicKeyInfo or Certificate ASN.1 \r\n\/\/ So, believe it or not, I convert it into a publicKeyInfo ASN\r\n\/\/ structure and then turn it into PEM - then it works fine.\r\n\r\nfunction kimssl_pkey_get_public ($modulus, $exponent)\r\n{\r\n    \/\/ decode to binary\r\n    $modulus = base64_decode($modulus);\r\n    $exponent = base64_decode($exponent);\r\n\r\n    \/\/ make an ASN publicKeyInfo\r\n    $exponentEncoding = makeAsnSegment(0x02, $exponent);    \r\n    $modulusEncoding = makeAsnSegment(0x02, $modulus);    \r\n    $sequenceEncoding = makeAsnSegment(0x30, \r\n        $modulusEncoding.$exponentEncoding);\r\n    $bitstringEncoding = makeAsnSegment(0x03, $sequenceEncoding);\r\n    $rsaAlgorithmIdentifier = pack(\"H*\", \"300D06092A864886F70D0101010500\"); \r\n    $publicKeyInfo = makeAsnSegment (0x30, \r\n        $rsaAlgorithmIdentifier.$bitstringEncoding);\r\n\r\n    \/\/ encode the publicKeyInfo in base64 and add PEM brackets\r\n    $publicKeyInfoBase64 = base64_encode($publicKeyInfo);    \r\n    $encoding = \"-----BEGIN PUBLIC KEY-----\\n\";\r\n    $offset = 0;\r\n    while ($segment=substr($publicKeyInfoBase64, $offset, 64)){\r\n       $encoding = $encoding.$segment.\"\\n\";\r\n       $offset += 64;\r\n    }\r\n    $encoding = $encoding.\"-----END PUBLIC KEY-----\\n\";\r\n\r\n    \/\/ use the PEM version of the key to get a key handle\r\n    $publicKey = openssl_pkey_get_public ($encoding);\r\n\r\n    return ($publicKey);\r\n}\r\n\r\n\/\/ this helper function is necessary because PHP&#39;s openssl\r\n\/\/ currently requires that the public key be in PEM format\r\n\/\/ This does the ASN.1 type and length encoding\r\n\r\nfunction makeAsnSegment($type, $string)\r\n{\r\n    \/\/ fix up integers and bitstrings\r\n    switch ($type){\r\n        case 0x02:\r\n            if (ord($string) > 0x7f)\r\n                $string = chr(0).$string;\r\n            break;\r\n        case 0x03:\r\n            $string = chr(0).$string;\r\n            break;\r\n    }\r\n\r\n    $length = strlen($string);\r\n\r\n    if ($length < 128){\r\n       $output = sprintf(\"%c%c%s\", $type, $length, $string);\r\n    }\r\n    else if ($length < 0x0100){\r\n       $output = sprintf(\"%c%c%c%s\", $type, 0x81, $length, $string);\r\n    }\r\n    else if ($length < 0x010000) {\r\n       $output = sprintf(\"%c%c%c%c%s\", $type, 0x82, $length\/0x0100, $length%0x0100, $string);\r\n    }\r\n    else {\r\n        $output = NULL;\r\n    }\r\n\r\n    return($output);\r\n}\r\n<\/pre>\n<p>Truth is stranger than fiction.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Now here we are going to write some stuff and it is going to be about the what it is like supporting PHP. \/\/ this function makes up for the fact that openssl doesn&#39;t \/\/ currently support direct use of modulus and exponent except \/\/ when PEM encoded in publicKeyInfo or Certificate ASN.1 \/\/ So, &hellip; <a href=\"https:\/\/www.identityblog.com\/?p=389\" class=\"more-link\">Continue reading <span class=\"screen-reader-text\">USING RAW PUBLIC KEYS IN PHP<\/span><\/a><\/p>\n","protected":false},"author":68,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[2],"tags":[],"_links":{"self":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/posts\/389"}],"collection":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/users\/68"}],"replies":[{"embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=389"}],"version-history":[{"count":0,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/posts\/389\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=389"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=389"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=389"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}