diff --git a/reference/openssl/constants.xml b/reference/openssl/constants.xml
index 8ed3f1bb2dd3..b81e52ee1309 100644
--- a/reference/openssl/constants.xml
+++ b/reference/openssl/constants.xml
@@ -138,52 +138,100 @@
Key types
-
-
-
- OPENSSL_KEYTYPE_RSA
- (int)
-
-
+
+
+
+ OPENSSL_KEYTYPE_RSA
+ (int)
+
+
-
+ RSA key type.
-
-
-
-
- OPENSSL_KEYTYPE_DSA
- (int)
-
-
-
-
+
+
+
+
+ OPENSSL_KEYTYPE_DSA
+ (int)
+
+
+
+ DSA key type.
-
-
-
-
+
+
+
+
OPENSSL_KEYTYPE_DH
(int)
-
-
-
-
-
-
-
-
-
- OPENSSL_KEYTYPE_EC
- (int)
-
+
- This constant is only available when PHP is compiled with OpenSSL 0.9.8+.
+ DH (Diffie-Hellman) key type.
-
-
+
+
+
+ OPENSSL_KEYTYPE_EC
+ (int)
+
+
+
+ Elliptic curve key type.
+
+
+
+
+
+ OPENSSL_KEYTYPE_X25519
+ (int)
+
+
+
+ X25519 curve key type.
+ This constant is only available when PHP is compiled with OpenSSL 3.0+.
+
+
+
+
+
+ OPENSSL_KEYTYPE_ED25519
+ (int)
+
+
+
+ Ed25519 curve key type.
+ This constant is only available when PHP is compiled with OpenSSL 3.0+.
+
+
+
+
+
+ OPENSSL_KEYTYPE_X448
+ (int)
+
+
+
+ X448 curve key type.
+ This constant is only available when PHP is compiled with OpenSSL 3.0+.
+
+
+
+
+
+ OPENSSL_KEYTYPE_ED448
+ (int)
+
+
+
+ Ed448 curve key type.
+ This constant is only available when PHP is compiled with OpenSSL 3.0+.
+
+
+
+
diff --git a/reference/openssl/functions/openssl-pkey-get-details.xml b/reference/openssl/functions/openssl-pkey-get-details.xml
index 366c560580a5..438aae356730 100644
--- a/reference/openssl/functions/openssl-pkey-get-details.xml
+++ b/reference/openssl/functions/openssl-pkey-get-details.xml
@@ -43,7 +43,12 @@
OPENSSL_KEYTYPE_RSA,
OPENSSL_KEYTYPE_DSA,
OPENSSL_KEYTYPE_DH,
- OPENSSL_KEYTYPE_EC or -1 meaning unknown).
+ OPENSSL_KEYTYPE_EC,
+ OPENSSL_KEYTYPE_X25519,
+ OPENSSL_KEYTYPE_ED25519,
+ OPENSSL_KEYTYPE_X448,
+ OPENSSL_KEYTYPE_ED448,
+ or -1 meaning unknown).
Depending on the key type used, additional details may be returned. Note that
@@ -174,8 +179,16 @@
- OPENSSL_KEYTYPE_EC, an additional array key named "ec",
- containing the key data is returned.
+ OPENSSL_KEYTYPE_X25519,
+ OPENSSL_KEYTYPE_ED25519,
+ OPENSSL_KEYTYPE_X448,
+ or OPENSSL_KEYTYPE_ED448
+ an additional array key named
+ "x25519",
+ "ed25519",
+ "x448",
+ or "ed448" respectively,
+ is returned, containing the key data.
@@ -187,24 +200,12 @@
- "curve_name"
- name of curve, see openssl_get_curve_names
-
-
- "curve_oid"
- ASN1 Object identifier (OID) for EC curve.
-
-
- "x"
- x coordinate (public)
-
-
- "y"
- y coordinate (public)
+ "priv_key"
+ private key
- "d"
- private key
+ "pub_key"
+ public key
@@ -224,6 +225,14 @@
+
+ 8.4.0
+
+ Added support for Curve25519 and Curve448 based keys.
+ Specifically the x25519, ed25519,
+ x448 and ed448 fields have been introduced.
+
+
8.0.0
diff --git a/reference/openssl/functions/openssl-pkey-new.xml b/reference/openssl/functions/openssl-pkey-new.xml
index 94c4b814a6a2..6960b3e310a8 100644
--- a/reference/openssl/functions/openssl-pkey-new.xml
+++ b/reference/openssl/functions/openssl-pkey-new.xml
@@ -28,10 +28,344 @@
options
- You can finetune the key generation (such as specifying the number of
- bits) using options. See
- openssl_csr_new for more information about
- options.
+ It is possible to fine-tune the key generation (e.g. specifying the number of
+ bits or parameters) using the options parameter.
+ These options can either be algorithm-specific parameters used for key generation,
+ or generic options used also in CSRgeneration if not specified.
+ See openssl_csr_new for more information
+ about how to use options for a CSR.
+ Among those options only private_key_bits,
+ private_key_type, curve_name,
+ and config are used for key generation.
+ Algorithm-specific options are used if the associative array includes one of the specific keys.
+
+
+
+ "rsa" key for setting RSA parameters.
+
+
+
+
+
+ options
+ type
+ format
+ required
+ description
+
+
+
+
+ "n"
+ string
+ binary number
+ yes
+ modulus
+
+
+ "e"
+ string
+ binary number
+ no
+ public exponent
+
+
+ "d"
+ string
+ binary number
+ yes
+ private exponent
+
+
+ "p"
+ string
+ binary number
+ no
+ prime 1
+
+
+ "q"
+ string
+ binary number
+ no
+ prime 2
+
+
+ "dmp1"
+ string
+ binary number
+ no
+ exponent1, d mod (p-1)
+
+
+ "dmq1"
+ string
+ binary number
+ no
+ exponent2, d mod (q-1)
+
+
+ "iqmp"
+ string
+ binary number
+ no
+ coefficient, (inverse of q) mod p
+
+
+
+
+
+
+
+ "dsa" key for setting DSA parameters.
+
+
+
+
+
+ options
+ type
+ format
+ required
+ description
+
+
+
+
+ "p"
+ string
+ binary number
+ no
+ prime number (public)
+
+
+ "q"
+ string
+ binary number
+ no
+ 160-bit subprime, q | p-1 (public)
+
+
+ "g"
+ string
+ binary number
+ no
+ generator of subgroup (public)
+
+
+ "priv_key"
+ string
+ PEM key
+ no
+ private key x
+
+
+ "pub_key"
+ string
+ PEM key
+ no
+ public key y = g^x
+
+
+
+
+
+
+
+ "dh" key for DH (Diffie–Hellman key exchange) parameters.
+
+
+
+
+
+ Options
+ &Type;
+ Format
+ Required
+ &Description;
+
+
+
+
+ "p"
+ string
+ binary number
+ no
+ prime number (shared)
+
+
+ "g"
+ string
+ binary number
+ no
+ generator of Z_p (shared)
+
+
+ "priv_key"
+ string
+ PEM key
+ no
+ private DH value x
+
+
+ "pub_key"
+ string
+ PEM key
+ no
+ public DH value g^x
+
+
+
+
+
+
+
+ "ec" key for Elliptic curve parameters
+
+
+
+
+
+ Options
+ &Type;
+ Format
+ Required
+ &Description;
+
+
+
+
+ "curve_name"
+ string
+ name
+ no
+ name of curve, see openssl_get_curve_names
+
+
+ "p"
+ string
+ binary number
+ no
+ prime of the field for curve over Fp
+
+
+ "a"
+ string
+ binary number
+ no
+ coofecient a of the curve for Fp: y^2 mod p = x^3 + ax + b mod p
+
+
+ "b"
+ string
+ binary number
+ no
+ coofecient b of the curve for Fp: y^2 mod p = x^3 + ax + b mod p
+
+
+ "seed"
+ string
+ binary number
+ no
+ optional random number seed used to generate coefficient b
+
+
+ "generator"
+ string
+ binary encoded point
+ no
+ curve generator point
+
+
+ "g_x"
+ string
+ binary number
+ no
+ curver generator point x coordinat
+
+
+ "g_y"
+ string
+ binary number
+ no
+ curver generator point y coordinat
+
+
+ "cofactor"
+ string
+ binary number
+ no
+ curve cofactor
+
+
+ "order"
+ string
+ binary number
+ no
+ curve order
+
+
+ "x"
+ string
+ binary number
+ no
+ x coordinate (public)
+
+
+ "y"
+ string
+ binary number
+ no
+ y coordinate (public)
+
+
+ "d"
+ string
+ binary number
+ no
+ private key
+
+
+
+
+
+
+
+ "x25519", "x448",
+ "ed25519", "ed448" keys for
+ Curve25519 and Curve448 parameters.
+
+
+
+
+
+ Options
+ &Type;
+ Format
+ Required
+ &Description;
+
+
+
+
+ "priv_key"
+ string
+ PEM key
+ no
+ private key
+
+
+ "pub_key"
+ string
+ PEM key
+ no
+ public key
+
+
+
+
+
+
@@ -58,6 +392,24 @@
+
+ 8.4.0
+
+ Added support for Curve25519 and Curve448 based keys with the introduction of the
+ x25519, ed25519, x448,
+ and ed448 fields.
+
+
+
+ 8.3.0
+
+ Added support for generation EC keys with custom EC parameters.
+ Specifically with the introduction of the EC options:
+ p, a, b, seed,
+ generator, g_x, g_y,
+ cofactor, and order.
+
+
8.0.0
@@ -128,6 +480,54 @@ object(OpenSSLAsymmetricKey)#2 (0) {
]]>
+
+
+ Generating RSA key from parameters
+
+ [
+ 'n' => hex2bin($nhex),
+ 'e' => hex2bin($ehex),
+ 'd' => hex2bin($dhex),
+ 'p' => hex2bin($phex),
+ 'q' => hex2bin($qhex),
+ 'dmp1' => hex2bin($dphex),
+ 'dmq1' => hex2bin($dqhex),
+ 'iqmp' => hex2bin($qinvhex),
+ ],
+]);
+$details = openssl_pkey_get_details($rsa);
+var_dump($details);
+
+?>
+]]>
+
+