openssl_verify和“错误:0906D06C:PEM例程:PEM_read_bio:无起始行" [英] openssl_verify and "error:0906D06C:PEM routines:PEM_read_bio:no start line"

问题描述

我正在尝试将OpenSSL函数用于PHP中的RSA签名/验证. 当我尝试使用公钥进行openssl_verify时，出现以下错误: error:0906D06C:PEM routines:PEM_read_bio:no start line ，但是该函数本身正常工作(如果修改了消息，则返回0 ，如果完整无缺，则返回1). openssl_sign正常工作.

I am trying to use OpenSSL function for RSA sign/verify in PHP. When I try to do openssl_verify using my public key, I am getting this error: error:0906D06C:PEM routines:PEM_read_bio:no start line, but the function itself works correctly (returns 0 if messages was modified, and 1 if intact). openssl_sign works fine.

我该如何解决?

当前，我使用由openssl生成的公钥:

Currently, I use public key generated by openssl:

define("SC_MSG_PUBLIC", <<<EOD
-----BEGIN PUBLIC KEY-----
MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALjPcOckMHDVLiUstcRwwx8kF5PzsiEs
rskyndWisbXMLU9BHomXwL7Qg2L91jE+sNSobkzBDF41CbwDiNlofZUCAwEAAQ==
-----END PUBLIC KEY-----
EOD
);

有什么想法会触发此错误，但一切正常吗?

Any ideas why this error triggers, but things works fine?

试图非公开地生成公共密钥，并使用它，但它看起来是完全相同的，同样的错误消息:-S

Tried to generate public key out of private, and use it, but it appeared to be exactly the same, same error message :-S

$pkey = openssl_pkey_get_private(SC_MSG_PRIVATE);
$keyDetails = openssl_pkey_get_details($pkey);
file_put_contents('c:\publickey', $keyDetails['key']);

此外，我尝试安装所有版本的新版本(PHP 5.3.1，OpenSSL 1.0.0a)-结果相同.而且，我在Windows上.

Also, I've tried to install newer versions of everything (PHP 5.3.1, OpenSSL 1.0.0a) - same result. And, I am on windows.

推荐答案

您是否尝试过使用包含您的公钥而不是纯公钥的(也许是自签名的)证书调用 openssl_verify()键?

Have you tried to call openssl_verify() with a (maybe self-signed) certificate containing your public key instead of a pure public key ?

据我所知，一些PHP OpenSSL函数不能正确支持裸露的公开密钥，尽管尽管有错误它仍然可以正确验证，但这似乎很奇怪.

As far as I know, some PHP OpenSSL functions do not properly support naked public keys although it seems strange that it does verify correctly in spite of the error.

<?php
$private = openssl_pkey_get_private(file_get_contents('private'), 'passphrase');

// This causes the "no start line" error when using a naked public key:
$public  = openssl_pkey_get_public(file_get_contents('public')); // <-- this should be cert

echo openssl_error_string()."\n";

openssl_sign('Test', $sig, $private);
var_dump(openssl_verify('Test', $sig, $public));

echo openssl_error_string()."\n";
?>

在Linux/UNIX shell(例如bash)中将公钥转换为简单证书的示例(有关更多信息，请参考OpenSSL文档或一些教程):

Example for converting a public key to a simple certificate in a Linux/UNIX shell such as bash (refer to the OpenSSL documentation or some tutorials for more):

# Create certificate request
openssl req -new -days 3600 -key [PRIVATE-KEY-FILE] -out [REQUEST-TMP-FILE]

# Create certificate from request
RANDFILE=[RANDOM-TMP-FILE] openssl x509 -req -in [REQUEST-TMP-FILE] -signkey [PRIVATE-KEY-FILE] -out [CERTIFICATE-OUT-FILE]

这还将创建您以后可能想要删除的临时文件，即 [REQUEST-TMP-FILE] 和 [RANDOM-TMP-FILE] .

This will also create temporary files you might want to delete afterwards, namely [REQUEST-TMP-FILE] and [RANDOM-TMP-FILE].

PHP示例代码可在 http://de中找到.php.net/manual/en/function.openssl-csr-new.php .

PHP sample code can be found at http://de.php.net/manual/en/function.openssl-csr-new.php.

这篇关于openssl_verify和“错误:0906D06C:PEM例程:PEM_read_bio:无起始行"的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！