$30 bounty: How to use the RSA PEAR package? How do I use a .key file to sign a str.?

[ivanv]

Hi,

My head is completely blocked on this issue. I'm even shaking from desperation of this... Our government has surely made it extremely difficult to understand the law... Anyway, I'm drifting away, so back to the subject.

I have a key pair (.cer/.key - public/private), which was handed to me by the government.

I'm supposed to sign invoices with the private key, and even though they don't provide much detail, I kinda arrived at the conclusion I could use PHP for the work.

First, I need to create an MD5 hash of a string. Then I have to sign it with the public key, and then I need to convert the signature to base64.

The middle step I don't know how to do. It seems that the RSA PEAR package only accepts strings, so how could I convert my .key file so I can use it to sign my invoices?

I'll paypal $30 to the first person that helps me out.

Thanks!

Ivan V.

[enygmadae]

You can use the OpenSSL functionality in PHP (has to be compiled in) to do the encryption with the key:

http://us3.php.net/manual/en/functio...te-encrypt.php

Then you can use the rest of the functions to send the message off...

[ivanv]

I was trying that, but it doesn't work. i.e.:

PHP Code:

$passphrase="...";
$priv_key_file_name = ("./veri.key");
openssl_pkey_get_private(array("file://$priv_key_file_name", $passphrase)) 


The function returns false.

This stuff is driving me mad!!! please help me...

[enygmadae]

why are you putting an array into opennssl_pkey_get_private?

"key can be one of the following: a string having the format file://path/to/file.pem. The named file must contain a PEM encoded certificate/private key (it may contain both)."

the second value passed to the function is the passphrase, not the second value in the array...

[ivanv]

See the user comments in the function documentation.

[enygmadae]

ahh....okay...didn't get that far down.
Is the "./veri.key" path to the file valid? You might try using the fill path to the file in there...

[ivanv]

The path is correct. I even tried loading the file first, just to make sure.

I think the key pairs were generated with ****1n6 Java, so I might just ask someone to write a damn program to sign my invoices... Damn it, our government has just made me hate java.

[enygmadae]

Well, it shouldn't matter what made them....
you might try this method: http://us2.php.net/manual/en/functio...privatekey.php

[ivanv]

not working :-(

[enygmadae]

whats the error msg?

[ivanv]

openssl_get_privatekey returns false, and then:

Warning: openssl_private_encrypt(): key param is not a valid private key

So it would seem openssl_get_privatekey somehow doesn't understand my private key because it's not loading it... The key is not corrupt or anything like that, because I've already used it to sign other stuff, with the program provided by the government. Unfortunately, that stupid program doesn't sign arbitrary data, so I'm off to create my own damn solution.