PHP Conference Nagoya 2025

openssl_x509_check_private_key

(PHP 4 >= 4.2.0, PHP 5, PHP 7, PHP 8)

openssl_x509_check_private_keyChecks if a private key corresponds to a certificate

Description

openssl_x509_check_private_key(OpenSSLCertificate|string $certificate, #[\SensitiveParameter] OpenSSLAsymmetricKey|OpenSSLCertificate|array|string $private_key): bool

Checks whether the given private_key is the private key that corresponds to certificate.

Warning

The function does not check if private_key is indeed a private key or not. It merely compares the public materials (e.g. exponent and modulus of an RSA key) and/or key parameters (e.g. EC params of an EC key) of a key pair.

This means, for example, that a public key could be given for private_key and the function may return true.

Parameters

certificate

The certificate.

private_key

The private key.

Return Values

Returns true if private_key is the private key that corresponds to certificate, or false otherwise.

Changelog

Version Description
8.0.0 certificate accepts an OpenSSLCertificate instance now; previously, a resource of type OpenSSL X.509 was accepted.
8.0.0 private_key accepts an OpenSSLAsymmetricKey or OpenSSLCertificate instance now; previously, a resource of type OpenSSL key or OpenSSL X.509 was accepted.
add a note

User Contributed Notes 2 notes

up
7
tomsie at toms dot ie
6 years ago
This function DOES return TRUE if the key has a passphrase, you just need to set up the data in such a way that the function can understand it. It is not documented here.

This error message led me to the solution:

PHP Warning: openssl_x509_check_private_key(): key array must be of the form array(0 => key, 1 => phrase)

So this works:

$certFile = file_get_contents('cert.crt');
$keyFile = file_get_contents('cert.key');
$keyPassphrase = "password1234";
$keyCheckData = array(0=>$keyFile,1=>$keyPassphrase);
$result = openssl_x509_check_private_key($certFile,$keyCheckData);
up
0
jared at enhancesoft dot com
9 years ago
This function will return FALSE if the private key requires a pass phrase.
To Top