phpseclib

phpseclib

  • Docs
  • API
  • Support
  • GitHub

›X.509

Introduction

  • Why phpseclib?
  • Installation
  • Speed
  • Versioning

SSH2

  • Connecting
  • Authenticating
  • Running Commands
  • SFTP
  • Diagnosing Issues

Public Keys

  • Overview
  • RSA
  • DSA
  • Elliptic Curves
  • (EC)DH
  • Example: JWT

Symmetric Keys

  • Overview

X.509

  • X.509
  • CSR
  • SPKAC
  • CRL

Interoperability

  • Overview
  • Python
  • Java
  • JavaScript
  • Node.js
  • Go
  • Ruby
  • C#
  • C
  • PHP

SPKAC

Reading SPKACs

use phpseclib3\File\X509;

$x509 = new X509();
$csr = $x509->loadSPKAC(file_get_contents('spkac.txt'));

var_dump($csr);

(download spkac.txt)

Running the above will produce an array that looks something like this:

$csr

  • publicKeyAndChallenge
    • spki
      • algorithm
        • algorithm
          • rsaEncryption
        • parameters
          • null
      • subjectPublicKey
        • -----BEGIN PUBLIC KEY-----
          MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCM00BBEr4iRFui8QRALkTZ/yJj
          TbVsemyekfIYlIsmqolpgkhXNkXv2RNSkM8yWGS7+45YEo2Vb3X98/2z+8j4b24c
          eB5g0Z6B/RXc6EpvHnX1GYMYofsfjP2U3is8qYWvuzPvmc7xD+QOb6wF5p9FXSOG
          jXmnuljjPaeLwAF3AwIDAQAB
          -----END PUBLIC KEY-----
          
    • challenge
      • 123456789
  • signatureAlgorithm
    • algorithm
      • md5WithRSAEncryption
    • parameters
      • null
  • signature
    • ...

getPublicKey()

echo $x509->getPublicKey();

Returns a \phpseclib3\Crypt\Common\PublicKey object that, by default, gets cast to a PKCS8-encoded public key:

-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCM00BBEr4iRFui8QRALkTZ/yJj
TbVsemyekfIYlIsmqolpgkhXNkXv2RNSkM8yWGS7+45YEo2Vb3X98/2z+8j4b24c
eB5g0Z6B/RXc6EpvHnX1GYMYofsfjP2U3is8qYWvuzPvmc7xD+QOb6wF5p9FXSOG
jXmnuljjPaeLwAF3AwIDAQAB
-----END PUBLIC KEY-----

Validating Signatures

SPKAC's are always self-signed.

$x509 = new X509();
$csr = $x509->loadSPKAC(file_get_contents('spkac.txt'));
echo $x509->validateSignature() ? 'valid' : 'invalid';

Creating SPKACs: An Example

use phpseclib3\File\X509;
use phpseclib3\Crypt\RSA;

$privKey = RSA::createKey();

$x509 = new X509();
$x509->setPrivateKey($privKey);
$x509->setChallenge('123456789');
$csr = $x509->signSPKAC();

echo $x509->saveSPKAC($csr);
← CSRCRL →
  • Reading SPKACs
    • getPublicKey()
  • Validating Signatures
  • Creating SPKACs: An Example
phpseclib
Docs
IntroductionSSH2 / SFTPPublic Key CryptoSymmetric Key CryptoX.509 / CSR / SPKAC / CRLInteroperability
Support
Docs (1.0 / 2.0)Stack OverflowGitHubStar
Sponsor
PatreonGitHubPayPal
Copyright © 2025 Jim Wigginton