(PHP 4 >= 4.2.0, PHP 5, PHP 7, PHP 8)
openssl_x509_check_private_key — Checks if a private key corresponds to a certificate
$certificate, #[\SensitiveParameter] OpenSSLAsymmetricKey |OpenSSLCertificate |array |string $private_key): bool
Checks whether the given private_key is the private key
that corresponds to certificate.
The function does not check if private_key is indeed a private key or not.
It merely compares the public materials (e.g. exponent and modulus of an RSA key)
and/or key parameters (e.g. EC params of an EC key) of a key pair.
This means, for example, that a public key could be given for private_key
and the function may return true .
certificateThe certificate.
private_keyThe private key.
Returns true if private_key is the private key that
corresponds to certificate, or false otherwise.
| Version | Description |
|---|---|
| 8.0.0 |
certificate accepts an OpenSSLCertificate instance now;
previously, a resource of type OpenSSL X.509 was accepted.
|
| 8.0.0 |
private_key accepts an OpenSSLAsymmetricKey
or OpenSSLCertificate instance now;
previously, a resource of type OpenSSL key or OpenSSL X.509
was accepted.
|
This function DOES return TRUE if the key has a passphrase, you just need to set up the data in such a way that the function can understand it. It is not documented here.
This error message led me to the solution:
PHP Warning: openssl_x509_check_private_key(): key array must be of the form array(0 => key, 1 => phrase)
So this works:
$certFile = file_get_contents('cert.crt');
$keyFile = file_get_contents('cert.key');
$keyPassphrase = "password1234";
$keyCheckData = array(0=>$keyFile,1=>$keyPassphrase);
$result = openssl_x509_check_private_key($certFile,$keyCheckData);This function will return FALSE if the private key requires a pass phrase.