openssl_dh_compute_key
(PHP 5 >= 5.3.0, PHP 7, PHP 8)
openssl_dh_compute_key — Computes shared secret for public value of remote DH public key and local DH key
Beschreibung
The shared secret returned by openssl_dh_compute_key() is often used as an encryption key to secretly communicate with a remote party. This is known as the Diffie-Hellman key exchange.
Hinweis: ECDH is only supported as of PHP 8.1.0 and OpenSSL 3.0.0.
Parameter-Liste
-
public_key -
DH Public key of the remote party.
-
private_key -
A local DH private key, corresponding to the public key to be shared with the remote party.
Rückgabewerte
Returns shared secret on successBei einem Fehler wird false zurückgegeben..
Changelog
| Version | Beschreibung |
|---|---|
| 8.0.0 |
private_key accepts an OpenSSLAsymmetricKey now;
previously, a Ressource of type OpenSSL key was accepted.
|
Beispiele
Beispiel #1 Compute a shared secret
First generate a public/private DH keypair locally, and have
the remote party do the same. We need to use the openssl
command-line utility.
# generate private/public key keypair openssl dhparam -out dhparam.pem 2048 openssl genpkey -paramfile dhparam.pem -out privatekey.pem # extract public key only openssl pkey -in privatekey.pem -pubout -out publickey.pem
Next, send your public key to the remote party. Use the openssl
pkey command to view the public key you will be sent from
the remote party.
openssl pkey -pubin -in remotepublickey.pem -text -noout
Das oben gezeigte Beispiel erzeugt eine ähnliche Ausgabe wie:
PKCS#3 DH Public-Key: (2048 bit)
public-key:
67:e5:e5:fa:e0:7b:0f:96:2c:dc:96:44:5f:50:02:
9e:8d:c2:6c:04:68:b0:d1:1d:75:66:fc:63:f5:e3:
42:30:b8:96:c1:45:cc:08:60:b4:21:3b:dd:ee:66:
88:db:77:d9:1e:11:89:d4:5c:f2:7a:f2:f1:fe:1c:
77:9d:6f:13:b8:b2:56:00:ef:cb:3b:60:79:74:02:
98:f5:f9:8e:3e:b5:62:08:de:ca:8c:c3:40:4a:80:
79:d5:43:06:17:a8:19:56:af:cc:95:5e:e2:32:2d:
d2:14:7b:76:5a:9a:f1:3c:76:76:35:cc:7b:c1:a5:
f4:39:e5:b6:ca:71:3f:7c:3f:97:e5:ab:86:c1:cd:
0e:e6:ee:04:c9:e6:2d:80:7e:59:c0:49:eb:b6:64:
4f:a8:f9:bb:a3:87:b3:3d:76:01:9e:2b:16:94:a4:
37:30:fb:35:e2:63:be:23:90:b9:ef:3f:46:46:04:
94:8f:60:79:7a:51:55:d6:1a:1d:f5:d9:7f:4a:3e:
aa:ac:b0:d0:82:cc:c2:e0:94:e0:54:c1:17:83:0b:
74:08:4d:5a:79:ae:ff:7f:1c:04:ab:23:39:4a:ae:
87:83:55:43:ab:7a:7c:04:9d:20:80:bb:af:5f:16:
a3:e3:20:b9:21:47:8c:f8:7f:a8:60:80:9e:61:77:
36
[...abbreviated...]
Use this public key as a parameter to openssl_dh_compute_key() in order to compute the shared secret.
<?php
$remote_public_key = '67e5e5fae07b0f962cdc96445f50029e8dc26c0468b0d11d7566fc63f5e34230b896c145cc0860b4213bddee6688db77d91e1189d45cf27af2f1fe1c779d6f13b8b25600efcb3b6079740298f5f98e3eb56208deca8cc3404a8079d5430617a81956afcc955ee2322dd2147b765a9af13c767635cc7bc1a5f439e5b6ca713f7c3f97e5ab86c1cd0ee6ee04c9e62d807e59c049ebb6644fa8f9bba387b33d76019e2b1694a43730fb35e263be2390b9ef3f464604948f60797a5155d61a1df5d97f4a3eaaacb0d082ccc2e094e054c117830b74084d5a79aeff7f1c04ab23394aae87835543ab7a7c049d2080bbaf5f16a3e320b921478cf87fa860809e617736';
$local_priv_key = openssl_pkey_get_private('file://privatekey.pem');
$shared_secret = openssl_dh_compute_key(hex2bin($remote_public_key), $local_priv_key);
echo bin2hex($shared_secret)."\n";
?>
Beispiel #2 Generate a DH public/private keypair in php
First, generate the DH prime number
openssl dhparam -out dhparam.pem 2048 openssl dh -in dhparam.pem -noout -text
Das oben gezeigte Beispiel erzeugt eine ähnliche Ausgabe wie:
PKCS#3 DH Parameters: (2048 bit)
prime:
00:a3:25:1e:73:3f:44:b9:2b:ee:f4:9d:9f:37:6a:
4b:fd:1d:bd:f4:af:da:c8:10:77:59:41:c6:5f:73:
d2:88:29:39:cd:1c:5f:c3:9f:0f:22:d2:9c:20:c1:
e4:c0:18:03:b8:b6:d8:da:ad:3b:39:a6:da:8e:fe:
12:30:e9:03:5d:22:ba:ef:18:d2:7b:69:f9:5b:cb:
78:c6:0c:8c:6b:f2:49:92:c2:49:e0:45:77:72:b3:
55:36:30:f2:40:17:89:18:50:03:fa:2d:54:7a:7f:
34:4c:73:32:b6:88:14:51:14:be:80:57:95:e6:a3:
f6:51:ff:17:47:4f:15:d6:0e:6c:47:53:72:2c:2a:
4c:21:cb:7d:f3:49:97:c9:47:5e:40:33:7b:99:52:
7e:7a:f3:52:27:80:de:1b:26:6b:40:bb:14:11:0b:
fb:e6:d8:2f:cf:a0:06:2f:96:b9:1c:0b:b4:cb:d3:
a6:62:9c:48:67:f6:81:f2:c6:ff:45:03:0a:9d:67:
9d:ce:27:d9:6b:48:5d:ca:fb:c2:5d:84:9b:8b:cb:
40:c7:a4:0c:8a:6e:f4:ab:ba:b6:10:c3:b8:25:4d:
cf:60:96:f4:db:e8:00:1c:58:47:7a:fb:51:86:d1:
22:d7:4e:94:31:7a:d5:da:3d:53:de:da:bb:64:8d:
62:6b
generator: 2 (0x2)
Prime and generator values ares passed as p and g into openssl_pkey_new()
<?php
$configargs = array();
$configargs['p'] = hex2bin('00a3251e733f44b92beef49d9f376a4bfd1dbdf4afdac810775941c65f73d2882939cd1c5fc39f0f22d29c20c1e4c01803b8b6d8daad3b39a6da8efe1230e9035d22baef18d27b69f95bcb78c60c8c6bf24992c249e0457772b3553630f2401789185003fa2d547a7f344c7332b688145114be805795e6a3f651ff17474f15d60e6c4753722c2a4c21cb7df34997c9475e40337b99527e7af3522780de1b266b40bb14110bfbe6d82fcfa0062f96b91c0bb4cbd3a6629c4867f681f2c6ff45030a9d679dce27d96b485dcafbc25d849b8bcb40c7a40c8a6ef4abbab610c3b8254dcf6096f4dbe8001c58477afb5186d122d74e94317ad5da3d53dedabb648d626b');
$configargs['g'] = hex2bin('02');
$private_key = openssl_pkey_new(array('dh' => $configargs));
openssl_pkey_export_to_file($private_key,'privatekey.pem',$passphrase='y0urp@s5phr@se');
$details = openssl_pkey_get_details($private_key);
$local_pub_key = $details['dh']['pub_key'];
echo bin2hex($local_pub_key)."\n";//you can send your public key to the remote party
$details = openssl_pkey_get_details(openssl_pkey_get_public("file://remotepublickey.pem"));
$remote_public_key = $details['dh']['pub_key'];
$shared_secret = openssl_dh_compute_key($remote_public_key, $private_key);
echo bin2hex($shared_secret)."\n";
?>
Siehe auch
- openssl_pkey_new() - Erzeugt einen neuen privaten Schlüssel
- openssl_pkey_get_details() - Liefert ein Array mit Schlüssel-Details
- openssl_pkey_get_private() - Liefert einen privaten Schlüssel
- openssl_pkey_get_public() - Extrahiert einen öffentlichen Schlüssel aus einem Zertifikat und bereitet diesen zur Verwendung vor
