openssl_sign(): supplied key param cannot be coerced into a private key

openssl rsa digital-signature php-openssl
stefun picture stefun · Mar 24, 2014 · Viewed 8.6k times · Source

I have googled to search answer for these problem.but I'm not able to find proper solution for my question as many answer was specific to problem related.

when I tried to create digital signature of content using XMLSecurityKey and openssl_sign I'm getting warning and signature was not created.

openssl_sign is throwing error as :

Warning: openssl_sign(): supplied key param cannot be coerced into a private key in /var/www/git/ta_client/accessService.php on line 105

And my code is:

public function _signMessage($encData, $configValues)
    {
$decode = 'decode';
    $token = $encData['token'];
    $cipherValue = $encData['cipherValue'];
    $clientId = $encData['ClientId'];
    $grpCustNum = $encData['grpCustNum'];

    // Sign the concatenated string
    $toSign = $token . $cipherValue . $clientId . $grpCustNum;

    // Encrypt the token with the public key from vendor
    $cipher = new XMLSecurityKey(XMLSecurityKey::RSA_SHA1, array('type'=>'private')); // Reference to XMLSecLibs
    $cipher->loadKey($configValues['privkey'], true);
    try{
    if (! openssl_sign ($toSign, $signature, $cipher->key, OPENSSL_ALGO_MD5)) {
        openssl_error_string();
        throw new Exception();
    }
    }catch(Exception $e){
    print_r($e);
    die;
}
    // append the decode values
    $encData['sign'] = urlencode(base64_encode($signature)) . $decode;
    $encData['token'] = urlencode($token) . $decode;
    $encData['cipherValue'] = urlencode($cipherValue) . $decode;

    return $encData;
}

And my $configValues['privkey'] is in xml format.Any suggestions?

Answer

neubert picture neubert · Mar 25, 2014

openssl doesn't support XML format. My recommendation would be to use phpseclib. ie.

<?php
include('Crypt/RSA.php');

$rsa = new Crypt_RSA();
$rsa->loadKey('...'); // private key

$plaintext = '...';

$rsa->setSignatureMode(CRYPT_RSA_SIGNATURE_PKCS1);
$signature = $rsa->sign($plaintext);

I'm assuming the private key you're trying to load is in this format?:

<RSAKeyValue>
  <Modulus>AKoYq6Q7UN7vOFmPr4fSq2NORXHBMKm8p7h4JnQU+quLRxvYll9cn8OBhIXq9SnCYkbzBVBkqN4ZyMM4vlSWy66wWdwLNYFDtEo1RJ6yZBExIaRVvX/eP6yRnpS1b7m7T2Uc2yPq1DnWzVI+sIGR51s1/ROnQZswkPJHh71PThln</Modulus>
  <Exponent>AQAB</Exponent>
  <P>AN4DDp+IhBca6QEjh4xlm3iexzLajXYrJid6vdWmh4T42nar5nem8Ax39o3ND9b1Zoj41F9zFQmuZ8/AgabreKU=</P>
  <Q>AMQi+R0G9m0K+AcqK3DFpv4RD9jGc0Tle98heNYT7EQvZuuiq4XjvRz0ybqN//bOafrKhsTpRS9DQ7eEpKLI4Bs=</Q>
  <DP>FklyR1uZ/wPJjj611cdBcztlPdqoxssQGnh85BzCj/u3WqBpE2vjvyyvyI5kX6zk7S0ljKtt2jny2+00VsBerQ==</DP>
  <DQ>AJGC1Mg5Oydo5NwD6BiROrPxGo2bpTbu/fhrT8ebHkTz2eplU9VQQSQzY1oZMVX8i1m5WUTLPz2yLJIBQVdXqhM=</DQ>
  <InverseQ>EaiK5KhKNp9SFXuLVwQalvzyHk0FhnNZcZnfuwnlCxb6wnKg117fEfy91eHNTt5PzYPpf+xzD1FnP7/qsIninQ==</InverseQ>
  <D>Fijko56+qGyN8M0RVyaRAXz++xTqHBLh3tx4VgMtrQ+WEgCjhoTwo23KMBAuJGSYnRmoBZM3lMfTKevIkAidPExvYCdm5dYq3XToLkkLv5L2pIIVOFMDG+KESnAFV7l2c+cnzRMW0+b6f8mR1CJzZuxVLL6Q02fvLi55/mbSYxE=</D>
</RSAKeyValue>

Related questions

How to create public and private key with openssl?

My question is how to create a public key and private key with OpenSSL in windows and how to put the created public key in .crt file and the private one in .pcks8 file in order to use this two …

Read More
How to compute RSA-SHA1(sha1WithRSAEncryption) value with OpenSSL

I'm confused about RSA-SHA1, I thought it's RSA_private_encrypt(SHA1(message)). But I can't get the correct signature value. Is there anything wrong?

Read More
Use RSA private key to generate public key?

I don't really understand this one: according to: http://www.madboa.com/geek/openssl/#key-rsa , You can generate a public key from a private key. openssl genrsa -out mykey.pem 1024 openssl rsa -in mykey.pem -pubout > mykey.pub My …

Read More