This function will return FALSE if the private key requires a pass phrase.
openssl_x509_check_private_key
(PHP 4 >= 4.2.0, PHP 5, PHP 7)
openssl_x509_check_private_key — Checks if a private key corresponds to a certificate
Description
Checks whether the given key is the private key
that corresponds to cert.
Warning
The function does not check if key is indeed a private key or not.
It merely compares the public materials (e.g. exponent and modulus of an RSA key)
and/or key parameters (e.g. EC params of an EC key) of a key pair.
This means, for example, that a public key could be given for key
and the function may return TRUE.
Parameters
-
cert -
The certificate.
-
key -
The private key.
Return Values
Returns TRUE if key is the private key that
corresponds to cert, or FALSE otherwise.
add a note
User Contributed Notes 2 notes
jared at enhancesoft dot com ¶
4 years ago
tomsie at toms dot ie ¶
1 year ago
This function DOES return TRUE if the key has a passphrase, you just need to set up the data in such a way that the function can understand it. It is not documented here.
This error message led me to the solution:
PHP Warning: openssl_x509_check_private_key(): key array must be of the form array(0 => key, 1 => phrase)
So this works:
$certFile = file_get_contents('cert.crt');
$keyFile = file_get_contents('cert.key');
$keyPassphrase = "password1234";
$keyCheckData = array(0=>$keyFile,1=>$keyPassphrase);
$result = openssl_x509_check_private_key($certFile,$keyCheckData);
