(PHP 4 >= 4.2.0, PHP 5, PHP 7, PHP 8)
openssl_pkey_new — Generates a new private key
openssl_pkey_new() generates a new private key. How to obtain the public component of the key is shown in an example below.
Note: You need to have a valid openssl.cnf installed for this function to operate correctly. See the notes under the installation section for more information.
options
It is possible to fine-tune the key generation (e.g. specifying the number of
bits or parameters) using the options parameter.
These options can either be algorithm-specific parameters used for key generation,
or generic options used also in CSRgeneration if not specified.
See openssl_csr_new() for more information
about how to use options for a CSR.
Among those options only private_key_bits,
private_key_type, curve_name,
and config are used for key generation.
Algorithm-specific options are used if the associative array includes one of the specific keys.
"rsa" key for setting RSA parameters.
| options | type | format | required | description |
|---|---|---|---|---|
"n" |
string | binary number | yes | modulus |
"e" |
string | binary number | no | public exponent |
"d" |
string | binary number | yes | private exponent |
"p" |
string | binary number | no | prime 1 |
"q" |
string | binary number | no | prime 2 |
"dmp1" |
string | binary number | no | exponent1, d mod (p-1) |
"dmq1" |
string | binary number | no | exponent2, d mod (q-1) |
"iqmp" |
string | binary number | no | coefficient, (inverse of q) mod p |
"dsa" key for setting DSA parameters.
| options | type | format | required | description |
|---|---|---|---|---|
"p" |
string | binary number | no | prime number (public) |
"q" |
string | binary number | no | 160-bit subprime, q | p-1 (public) |
"g" |
string | binary number | no | generator of subgroup (public) |
"priv_key" |
string | PEM key | no | private key x |
"pub_key" |
string | PEM key | no | public key y = g^x |
"dh" key for DH (Diffie–Hellman key exchange) parameters.
| Options | Type | Format | Required | Description |
|---|---|---|---|---|
"p" |
string | binary number | no | prime number (shared) |
"g" |
string | binary number | no | generator of Z_p (shared) |
"priv_key" |
string | PEM key | no | private DH value x |
"pub_key" |
string | PEM key | no | public DH value g^x |
"ec" key for Elliptic curve parameters
| Options | Type | Format | Required | Description |
|---|---|---|---|---|
"curve_name" |
string | name | no | name of curve, see openssl_get_curve_names() |
"p" |
string | binary number | no | prime of the field for curve over Fp |
"a" |
string | binary number | no | coofecient a of the curve for Fp: y^2 mod p = x^3 + ax + b mod p |
"b" |
string | binary number | no | coofecient b of the curve for Fp: y^2 mod p = x^3 + ax + b mod p |
"seed" |
string | binary number | no | optional random number seed used to generate coefficient b |
"generator" |
string | binary encoded point | no | curve generator point |
"g_x" |
string | binary number | no | curver generator point x coordinat |
"g_y" |
string | binary number | no | curver generator point y coordinat |
"cofactor" |
string | binary number | no | curve cofactor |
"order" |
string | binary number | no | curve order |
"x" |
string | binary number | no | x coordinate (public) |
"y" |
string | binary number | no | y coordinate (public) |
"d" |
string | binary number | no | private key |
"x25519", "x448",
"ed25519", "ed448" keys for
Curve25519 and Curve448 parameters.
| Options | Type | Format | Required | Description |
|---|---|---|---|---|
"priv_key" |
string | PEM key | no | private key |
"pub_key" |
string | PEM key | no | public key |
Returns an OpenSSLAsymmetricKey instance for
the pkey on success, or false on error.
| Version | Description |
|---|---|
| 8.4.0 |
Added support for Curve25519 and Curve448 based keys with the introduction of the
x25519, ed25519, x448,
and ed448 fields.
|
| 8.3.0 |
Added support for generation EC keys with custom EC parameters.
Specifically with the introduction of the EC options:
p, a, b, seed,
generator, g_x, g_y,
cofactor, and order.
|
| 8.0.0 |
On success, this function returns an OpenSSLAsymmetricKey instance now;
previously, a resource of type OpenSSL key was returned.
|
| 7.1.0 |
The curve_name key of the options parameter was
added to make it possible to create EC keys based on Elliptic Curve algorithms.
|
Example #1 Obtain the public key from a private key
<?php
$private_key = openssl_pkey_new();
$public_key_pem = openssl_pkey_get_details($private_key)['key'];
echo $public_key_pem, PHP_EOL;
$public_key = openssl_pkey_get_public($public_key_pem);
var_dump($public_key);
?>The above example will output something similar to:
// Output prior to PHP 8.0.0; note, the function returns a resource
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwknBFEherZe74BiRjTFA
hqwZ1SK7brwq7C/afnLXKhRR7jnrpfM0ypC46q8xz5UZswenZakJ7kd5fls+r4Bv
3P8XsKYLTh2m1GiWQhV1g77cNIN4qNWh70PiDO3fB2446o1LBgToQYuRZS5YQRfJ
rVD0ysgtVcCU9tjaey28HlgApOpYFTaaKPj2MBmEYpMC+kG2HhL12GfpHUi2eiXI
dXT2WskWHWvUrmQ7fJIfI92JlDokV62DH/q1oiedLs9OPNb0rL1aAmYdzaVN6XNH
x/o4Lh125v2vAPV9E3fZCDc/HDEUaahpjanMiCQEgEDp5Hr+CRkvERT5/ydN+p08
5wIDAQAB
-----END PUBLIC KEY-----
resource(6) of type (OpenSSL key)
// Output as of PHP 8.0.0; note, the function returns an object
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwknBFEherZe74BiRjTFA
hqwZ1SK7brwq7C/afnLXKhRR7jnrpfM0ypC46q8xz5UZswenZakJ7kd5fls+r4Bv
3P8XsKYLTh2m1GiWQhV1g77cNIN4qNWh70PiDO3fB2446o1LBgToQYuRZS5YQRfJ
rVD0ysgtVcCU9tjaey28HlgApOpYFTaaKPj2MBmEYpMC+kG2HhL12GfpHUi2eiXI
dXT2WskWHWvUrmQ7fJIfI92JlDokV62DH/q1oiedLs9OPNb0rL1aAmYdzaVN6XNH
x/o4Lh125v2vAPV9E3fZCDc/HDEUaahpjanMiCQEgEDp5Hr+CRkvERT5/ydN+p08
5wIDAQAB
-----END PUBLIC KEY-----
object(OpenSSLAsymmetricKey)#2 (0) {
}
Example #2 Generating RSA key from parameters
<?php
$nhex = "BBF82F090682CE9C2338AC2B9DA871F7368D07EED41043A440D6B6F07454F51F" .
"B8DFBAAF035C02AB61EA48CEEB6FCD4876ED520D60E1EC4619719D8A5B8B807F" .
"AFB8E0A3DFC737723EE6B4B7D93A2584EE6A649D060953748834B2454598394E" .
"E0AAB12D7B61A51F527A9A41F6C1687FE2537298CA2A8F5946F8E5FD091DBDCB";
$ehex = "11";
$dhex = "A5DAFC5341FAF289C4B988DB30C1CDF83F31251E0668B42784813801579641B2" .
"9410B3C7998D6BC465745E5C392669D6870DA2C082A939E37FDCB82EC93EDAC9" .
"7FF3AD5950ACCFBC111C76F1A9529444E56AAF68C56C092CD38DC3BEF5D20A93" .
"9926ED4F74A13EDDFBE1A1CECC4894AF9428C2B7B8883FE4463A4BC85B1CB3C1";
$phex = "EECFAE81B1B9B3C908810B10A1B5600199EB9F44AEF4FDA493B81A9E3D84F632" .
"124EF0236E5D1E3B7E28FAE7AA040A2D5B252176459D1F397541BA2A58FB6599";
$qhex = "C97FB1F027F453F6341233EAAAD1D9353F6C42D08866B1D05A0F2035028B9D86" .
"9840B41666B42E92EA0DA3B43204B5CFCE3352524D0416A5A441E700AF461503";
$dphex = "11";
$dqhex = "11";
$qinvhex = "b06c4fdabb6301198d265bdbae9423b380f271f73453885093077fcd39e2119f" .
"c98632154f5883b167a967bf402b4e9e2e0f9656e698ea3666edfb25798039f7";
$rsa= openssl_pkey_new([
'rsa' => [
'n' => hex2bin($nhex),
'e' => hex2bin($ehex),
'd' => hex2bin($dhex),
'p' => hex2bin($phex),
'q' => hex2bin($qhex),
'dmp1' => hex2bin($dphex),
'dmq1' => hex2bin($dqhex),
'iqmp' => hex2bin($qinvhex),
],
]);
$details = openssl_pkey_get_details($rsa);
var_dump($details);
?>