openssl_pkey_get_private()

(PHP 4 >= 4.2.0, PHP 5, PHP 7)

获取私钥

说明

openssl_pkey_get_private(mixed $key[,string $passphrase= ""]): resource

openssl_get_privatekey()解析$key供其他函数使用。

参数

$key

$key可以是如下密钥之一：

如下格式的字符串file://path/to/file.pem。该文件必须包含 PEM 编码的证书或者私钥(可能都包含了).
一个PEM格式的私钥。

$passphrase

如果指定的密钥已被加密了(受密码保护)，可选参数$passphrase是必须要的。

返回值

成功，返回真实的密钥资源标识符，失败，返回FALSE.

It's actually "file://key.pem" when you want to give a relative path using unix systems. It will be three '/' in case of absolute path (e.g "file:///home/username/..."). But this path consists of two '/' originated from "file://" and one '/' from the fact that home is a subfolder of the unix filesystem's root directory ("/home/username/..."). This two part will be concatenated and you will get three '/' characters following each other.
So you only have to concatenate "file://" with an existing path string in every case.

Please note that "file://path/to/file.pem" in documentation means file protocol + file path. In UNIX like OS, that is something like file:///rsa_private_key.pem. There is THREE slashes in the path string, not TWO.

Since this function can be used to load a PEM encoded string also, those that are using it relying on user input should be sure to check that the passed data is indeed a PEM encoded string and not a malicious file path.
The following should be sufficient.
<?PHP
 $private = trim($_POST['private']);
 if (strpos($private, '-----') !== 0) return false;
?>