Openssl_sign - Manual - PHP

update page now

• Downloads
• Documentation
• Get Involved
• Help
• 

Search docs PHP 8.1.34 Released! Getting Started Introduction A simple tutorial Language Reference Basic syntax Types Variables Constants Expressions Operators Control Structures Functions Classes and Objects Namespaces Enumerations Errors Exceptions Fibers Generators Attributes References Explained Predefined Variables Predefined Exceptions Predefined Interfaces and Classes Predefined Attributes Context options and parameters Supported Protocols and Wrappers Security Introduction General considerations Installed as CGI binary Installed as an Apache module Session Security Filesystem Security Database Security Error Reporting User Submitted Data Hiding PHP Keeping Current Features HTTP authentication with PHP Cookies Sessions Handling file uploads Using remote files Connection handling Persistent Database Connections Command line usage Garbage Collection DTrace Dynamic Tracing Function Reference Affecting PHP's Behaviour Audio Formats Manipulation Authentication Services Command Line Specific Extensions Compression and Archive Extensions Cryptography Extensions Database Extensions Date and Time Related Extensions File System Related Extensions Human Language and Character Encoding Support Image Processing and Generation Mail Related Extensions Mathematical Extensions Non-Text MIME Output Process Control Extensions Other Basic Extensions Other Services Search Engine Extensions Server Specific Extensions Session Extensions Text Processing Variable and Type Related Extensions Web Services Windows Only Extensions XML Manipulation GUI Extensions Keyboard Shortcuts? This help j Next menu item k Previous menu item g p Previous man page g n Next man page G Scroll to bottom g g Scroll to top g h Goto homepage g s Goto search(current page) / Focus search box openssl_spki_export » « openssl_seal

• PHP Manual
• Function Reference
• Cryptography Extensions
• OpenSSL
• OpenSSL Functions

Change language: English German Spanish French Italian Japanese Brazilian Portuguese Russian Turkish Ukrainian Chinese (Simplified) Other openssl_sign

(PHP 4 >= 4.0.4, PHP 5, PHP 7, PHP 8)

openssl_sign — Generate signature

Description

openssl_sign( string $data, string &$signature, #[\SensitiveParameter] OpenSSLAsymmetricKey|OpenSSLCertificate|array|string $private_key, string|int $algorithm = OPENSSL_ALGO_SHA1): bool

openssl_sign() computes a signature for the specified data by generating a cryptographic digital signature using the private key associated with private_key. Note that the data itself is not encrypted.

Parameters

data

The string of data you wish to sign

signature

If the call was successful the signature is returned in signature.

private_key

OpenSSLAsymmetricKey - a key, returned by openssl_get_privatekey()

string - a PEM formatted key

algorithm

int - one of these Signature Algorithms.

string - a valid string returned by openssl_get_md_methods() example, "sha256WithRSAEncryption" or "sha384".

Return Values

Returns true on success or false on failure.

Changelog

Version	Description
8.0.0	private_key accepts an OpenSSLAsymmetricKey or OpenSSLCertificate instance now; previously, a resource of type OpenSSL key or OpenSSL X.509 was accepted.

Examples

Example #1 openssl_sign() example

<?php// $data is assumed to contain the data to be signed// fetch private key from file and ready it$pkeyid = openssl_pkey_get_private("file://src/openssl-0.9.6/demos/sign/key.pem");// compute signatureopenssl_sign($data, $signature, $pkeyid);// free the key from memoryopenssl_free_key($pkeyid);?>

Example #2 openssl_sign() example

<?php//data you want to sign$data = 'my data';//create new private and public key$new_key_pair = openssl_pkey_new(array( "private_key_bits" => 2048, "private_key_type" => OPENSSL_KEYTYPE_RSA,));openssl_pkey_export($new_key_pair, $private_key_pem);$details = openssl_pkey_get_details($new_key_pair);$public_key_pem = $details['key'];//create signatureopenssl_sign($data, $signature, $private_key_pem, OPENSSL_ALGO_SHA256);//save for laterfile_put_contents('private_key.pem', $private_key_pem);file_put_contents('public_key.pem', $public_key_pem);file_put_contents('signature.dat', $signature);//verify signature$r = openssl_verify($data, $signature, $public_key_pem, "sha256WithRSAEncryption");var_dump($r);?>

See Also

• openssl_verify() - Verify signature

Found A Problem?

Learn How To Improve This Page • Submit a Pull Request • Report a Bug ＋add a note

User Contributed Notes 3 notes

up down 9 edmarw at yahoo dot com ¶18 years ago This may help if you just want a real-simple private/public key pair: <?php $data = "Beeeeer is really good.. hic..."; // You can get a simple private/public key pair using: // openssl genrsa 512 >private_key.txt // openssl rsa -pubout <private_key.txt >public_key.txt // IMPORTANT: The key pair below is provided for testing only. // For security reasons you must get a new key pair // for production use, obviously. $private_key = <<<EOD -----BEGIN RSA PRIVATE KEY----- MIIBOgIBAAJBANDiE2+Xi/WnO+s120NiiJhNyIButVu6zxqlVzz0wy2j4kQVUC4Z RZD80IY+4wIiX2YxKBZKGnd2TtPkcJ/ljkUCAwEAAQJAL151ZeMKHEU2c1qdRKS9 sTxCcc2pVwoAGVzRccNX16tfmCf8FjxuM3WmLdsPxYoHrwb1LFNxiNk1MXrxjH3R 6QIhAPB7edmcjH4bhMaJBztcbNE1VRCEi/bisAwiPPMq9/2nAiEA3lyc5+f6DEIJ h1y6BWkdVULDSM+jpi1XiV/DevxuijMCIQCAEPGqHsF+4v7Jj+3HAgh9PU6otj2n Y79nJtCYmvhoHwIgNDePaS4inApN7omp7WdXyhPZhBmulnGDYvEoGJN66d0CIHra I2SvDkQ5CmrzkW5qPaE2oO7BSqAhRZxiYpZFb5CI -----END RSA PRIVATE KEY----- EOD; $public_key = <<<EOD -----BEGIN PUBLIC KEY----- MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDiE2+Xi/WnO+s120NiiJhNyIButVu6 zxqlVzz0wy2j4kQVUC4ZRZD80IY+4wIiX2YxKBZKGnd2TtPkcJ/ljkUCAwEAAQ== -----END PUBLIC KEY----- EOD; $binary_signature = ""; // At least with PHP 5.2.2 / OpenSSL 0.9.8b (Fedora 7) // there seems to be no need to call openssl_get_privatekey or similar. // Just pass the key as defined above openssl_sign($data, $binary_signature, $private_key, OPENSSL_ALGO_SHA1); // Check signature $ok = openssl_verify($data, $binary_signature, $public_key, OPENSSL_ALGO_SHA1); echo "check #1: "; if ($ok == 1) { echo "signature ok (as it should be)\n"; } elseif ($ok == 0) { echo "bad (there's something wrong)\n"; } else { echo "ugly, error checking signature\n"; } $ok = openssl_verify('tampered'.$data, $binary_signature, $public_key, OPENSSL_ALGO_SHA1); echo "check #2: "; if ($ok == 1) { echo "ERROR: Data has been tampered, but signature is still valid! Argh!\n"; } elseif ($ok == 0) { echo "bad signature (as it should be, since data has beent tampered)\n"; } else { echo "ugly, error checking signature\n"; } ?> up down 2 tim at remitone dot com ¶2 years ago It should be noted that the default signature algorithm used by openssl_sign() and openssl_verify (OPENSSL_ALGO_SHA1) is no longer supported by default in OpenSSL Version 3 series. With an up to date OpenSSL library, one has to run "update-crypto-policies --set LEGACY" on the server where the library resides in order to allow these functions to work without the optional alternative algorithm argument. up down 1 sageptr at gmail dot com ¶3 months ago Note: to use openssl_sign with ed25519 key in PHP 8.4 (and probably later versions), you need to explicitly pass 0 as algorithm identifier. Omitting this parameter will not work (because this parameter defaults to SHA1), but for some reason there is currently no OPENSSL_ALGO_xxxxx constant for the default signature algorithm. <?php $pkey = openssl_pkey_new(['private_key_type' => OPENSSL_KEYTYPE_ED25519]); if (openssl_sign('text', $sig, $pkey, 0)) { echo 'Signature successful: ' . bin2hex($sig); } else { echo 'Signature failed!'; } ?> ＋add a note

• OpenSSL Functions
  • openssl_​cipher_​iv_​length
  • openssl_​cipher_​key_​length
  • openssl_​cms_​decrypt
  • openssl_​cms_​encrypt
  • openssl_​cms_​read
  • openssl_​cms_​sign
  • openssl_​cms_​verify
  • openssl_​csr_​export
  • openssl_​csr_​export_​to_​file
  • openssl_​csr_​get_​public_​key
  • openssl_​csr_​get_​subject
  • openssl_​csr_​new
  • openssl_​csr_​sign
  • openssl_​decrypt
  • openssl_​dh_​compute_​key
  • openssl_​digest
  • openssl_​encrypt
  • openssl_​error_​string
  • openssl_​get_​cert_​locations
  • openssl_​get_​cipher_​methods
  • openssl_​get_​curve_​names
  • openssl_​get_​md_​methods
  • openssl_​get_​privatekey
  • openssl_​get_​publickey
  • openssl_​open
  • openssl_​pbkdf2
  • openssl_​pkcs12_​export
  • openssl_​pkcs12_​export_​to_​file
  • openssl_​pkcs12_​read
  • openssl_​pkcs7_​decrypt
  • openssl_​pkcs7_​encrypt
  • openssl_​pkcs7_​read
  • openssl_​pkcs7_​sign
  • openssl_​pkcs7_​verify
  • openssl_​pkey_​derive
  • openssl_​pkey_​export
  • openssl_​pkey_​export_​to_​file
  • openssl_​pkey_​get_​details
  • openssl_​pkey_​get_​private
  • openssl_​pkey_​get_​public
  • openssl_​pkey_​new
  • openssl_​private_​decrypt
  • openssl_​private_​encrypt
  • openssl_​public_​decrypt
  • openssl_​public_​encrypt
  • openssl_​random_​pseudo_​bytes
  • openssl_​seal
  • openssl_​sign
  • openssl_​spki_​export
  • openssl_​spki_​export_​challenge
  • openssl_​spki_​new
  • openssl_​spki_​verify
  • openssl_​verify
  • openssl_​x509_​check_​private_​key
  • openssl_​x509_​checkpurpose
  • openssl_​x509_​export
  • openssl_​x509_​export_​to_​file
  • openssl_​x509_​fingerprint
  • openssl_​x509_​parse
  • openssl_​x509_​read
  • openssl_​x509_​verify
• Deprecated
  • openssl_​free_​key
  • openssl_​pkey_​free
  • openssl_​x509_​free

↑ and ↓ to navigate • Enter to select • Esc to close • / to open Press Enter without selection to search using Google