openssl_pkey_new

(PHP 4 >= 4.2.0, PHP 5, PHP 7, PHP 8)

openssl_pkey_new — Generates a new private key

Description

openssl_pkey_new(?array $options = null): OpenSSLAsymmetricKey|false

openssl_pkey_new() generates a new private key. How to obtain the public component of the key is shown in an example below.

Note: You need to have a valid openssl.cnf installed for this function to operate correctly. See the notes under the installation section for more information.

Parameters

options

It is possible to fine-tune the key generation (e.g. specifying the number of bits or parameters) using the options parameter. These options can either be algorithm-specific parameters used for key generation, or generic options used also in CSRgeneration if not specified. See openssl_csr_new() for more information about how to use options for a CSR. Among those options only private_key_bits, private_key_type, curve_name, and config are used for key generation. Algorithm-specific options are used if the associative array includes one of the specific keys.

"rsa" key for setting RSA parameters.

options	type	format	required	description
`"n"`	string	binary number	yes	modulus
`"e"`	string	binary number	no	public exponent
`"d"`	string	binary number	yes	private exponent
`"p"`	string	binary number	no	prime 1
`"q"`	string	binary number	no	prime 2
`"dmp1"`	string	binary number	no	exponent1, d mod (p-1)
`"dmq1"`	string	binary number	no	exponent2, d mod (q-1)
`"iqmp"`	string	binary number	no	coefficient, (inverse of q) mod p

"dsa" key for setting DSA parameters.

options	type	format	required	description
`"p"`	string	binary number	no	prime number (public)
`"q"`	string	binary number	no	160-bit subprime, q \| p-1 (public)
`"g"`	string	binary number	no	generator of subgroup (public)
`"priv_key"`	string	PEM key	no	private key x
`"pub_key"`	string	PEM key	no	public key y = g^x

"dh" key for DH (Diffie–Hellman key exchange) parameters.

Options	Type	Format	Required	Description
`"p"`	string	binary number	no	prime number (shared)
`"g"`	string	binary number	no	generator of Z_p (shared)
`"priv_key"`	string	PEM key	no	private DH value x
`"pub_key"`	string	PEM key	no	public DH value g^x

"ec" key for Elliptic curve parameters

Options	Type	Format	Required	Description
`"curve_name"`	string	name	no	name of curve, see openssl_get_curve_names()
`"p"`	string	binary number	no	prime of the field for curve over Fp
`"a"`	string	binary number	no	coofecient a of the curve for Fp: y^2 mod p = x^3 + ax + b mod p
`"b"`	string	binary number	no	coofecient b of the curve for Fp: y^2 mod p = x^3 + ax + b mod p
`"seed"`	string	binary number	no	optional random number seed used to generate coefficient b
`"generator"`	string	binary encoded point	no	curve generator point
`"g_x"`	string	binary number	no	curver generator point x coordinat
`"g_y"`	string	binary number	no	curver generator point y coordinat
`"cofactor"`	string	binary number	no	curve cofactor
`"order"`	string	binary number	no	curve order
`"x"`	string	binary number	no	x coordinate (public)
`"y"`	string	binary number	no	y coordinate (public)
`"d"`	string	binary number	no	private key

"x25519", "x448", "ed25519", "ed448" keys for Curve25519 and Curve448 parameters.
Options Type Format Required Description
"priv_key" string PEM key no private key
"pub_key" string PEM key no public key

Options	Type	Format	Required	Description
`"priv_key"`	string	PEM key	no	private key
`"pub_key"`	string	PEM key	no	public key

Return Values

Returns an OpenSSLAsymmetricKey instance for the pkey on success, or false on error.

Changelog

Version	Description
8.4.0	Added support for Curve25519 and Curve448 based keys with the introduction of the `x25519`, `ed25519`, `x448`, and `ed448` fields.
8.3.0	Added support for generation EC keys with custom EC parameters. Specifically with the introduction of the EC options: `p`, `a`, `b`, `seed`, `generator`, `g_x`, `g_y`, `cofactor`, and `order`.
8.0.0	On success, this function returns an OpenSSLAsymmetricKey instance now; previously, a resource of type `OpenSSL key` was returned.
7.1.0	The `curve_name` key of the `options` parameter was added to make it possible to create EC keys based on Elliptic Curve algorithms.

Examples

Example #1 Obtain the public key from a private key

<?php

$private_key = openssl_pkey_new();

$public_key_pem = openssl_pkey_get_details($private_key)['key'];
echo $public_key_pem, PHP_EOL;

$public_key = openssl_pkey_get_public($public_key_pem);
var_dump($public_key);

?>

The above example will output something similar to:

// Output prior to PHP 8.0.0; note, the function returns a resource
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwknBFEherZe74BiRjTFA
hqwZ1SK7brwq7C/afnLXKhRR7jnrpfM0ypC46q8xz5UZswenZakJ7kd5fls+r4Bv
3P8XsKYLTh2m1GiWQhV1g77cNIN4qNWh70PiDO3fB2446o1LBgToQYuRZS5YQRfJ
rVD0ysgtVcCU9tjaey28HlgApOpYFTaaKPj2MBmEYpMC+kG2HhL12GfpHUi2eiXI
dXT2WskWHWvUrmQ7fJIfI92JlDokV62DH/q1oiedLs9OPNb0rL1aAmYdzaVN6XNH
x/o4Lh125v2vAPV9E3fZCDc/HDEUaahpjanMiCQEgEDp5Hr+CRkvERT5/ydN+p08
5wIDAQAB
-----END PUBLIC KEY-----

resource(6) of type (OpenSSL key)

// Output as of PHP 8.0.0; note, the function returns an object
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwknBFEherZe74BiRjTFA
hqwZ1SK7brwq7C/afnLXKhRR7jnrpfM0ypC46q8xz5UZswenZakJ7kd5fls+r4Bv
3P8XsKYLTh2m1GiWQhV1g77cNIN4qNWh70PiDO3fB2446o1LBgToQYuRZS5YQRfJ
rVD0ysgtVcCU9tjaey28HlgApOpYFTaaKPj2MBmEYpMC+kG2HhL12GfpHUi2eiXI
dXT2WskWHWvUrmQ7fJIfI92JlDokV62DH/q1oiedLs9OPNb0rL1aAmYdzaVN6XNH
x/o4Lh125v2vAPV9E3fZCDc/HDEUaahpjanMiCQEgEDp5Hr+CRkvERT5/ydN+p08
5wIDAQAB
-----END PUBLIC KEY-----

object(OpenSSLAsymmetricKey)#2 (0) {
}

Example #2 Generating RSA key from parameters

<?php

$nhex = "BBF82F090682CE9C2338AC2B9DA871F7368D07EED41043A440D6B6F07454F51F" .
"B8DFBAAF035C02AB61EA48CEEB6FCD4876ED520D60E1EC4619719D8A5B8B807F" .
"AFB8E0A3DFC737723EE6B4B7D93A2584EE6A649D060953748834B2454598394E" .
"E0AAB12D7B61A51F527A9A41F6C1687FE2537298CA2A8F5946F8E5FD091DBDCB";

$ehex = "11";
$dhex = "A5DAFC5341FAF289C4B988DB30C1CDF83F31251E0668B42784813801579641B2" .
"9410B3C7998D6BC465745E5C392669D6870DA2C082A939E37FDCB82EC93EDAC9" .
"7FF3AD5950ACCFBC111C76F1A9529444E56AAF68C56C092CD38DC3BEF5D20A93" .
"9926ED4F74A13EDDFBE1A1CECC4894AF9428C2B7B8883FE4463A4BC85B1CB3C1";

$phex = "EECFAE81B1B9B3C908810B10A1B5600199EB9F44AEF4FDA493B81A9E3D84F632" .
"124EF0236E5D1E3B7E28FAE7AA040A2D5B252176459D1F397541BA2A58FB6599";

$qhex = "C97FB1F027F453F6341233EAAAD1D9353F6C42D08866B1D05A0F2035028B9D86" .
"9840B41666B42E92EA0DA3B43204B5CFCE3352524D0416A5A441E700AF461503";

$dphex = "11";
$dqhex = "11";
$qinvhex = "b06c4fdabb6301198d265bdbae9423b380f271f73453885093077fcd39e2119f" .
"c98632154f5883b167a967bf402b4e9e2e0f9656e698ea3666edfb25798039f7";

$rsa= openssl_pkey_new([
'rsa' => [
'n' => hex2bin($nhex),
'e' => hex2bin($ehex),
'd' => hex2bin($dhex),
'p' => hex2bin($phex),
'q' => hex2bin($qhex),
'dmp1' => hex2bin($dphex),
'dmq1' => hex2bin($dqhex),
'iqmp' => hex2bin($qinvhex),
],
]);
$details = openssl_pkey_get_details($rsa);
var_dump($details);

?>