PHP openssl_ Decrypting data


I have a situation where I am being sent some encrypted data from a vendor which I need to decode.

The data has been encrypted with my public key and signed with the vendors private before being base64encoded and transmitted to my server as a POST variable. - I have no control over this. For more into the vendor is running a .net system and our system is a linux distro.

I am having lots of difficulties in getting this data decrypted so any help would be greatly appreciated. I am told that I can "simply" decode after base64decoding the data by using my private key and the vendors public key.

The code that I have currently looks like this

$data = base64_decode($_POST['encryptedData']);

$public     = openssl_get_publickey('/path/vendors/public/key.cer');
$private    = openssl_get_privatekey('/path/to/my/private/key.key');

$env_key = $public;

if (openssl_open($data, $open, $env_key, $private)) {
    echo "here is the opened data: ", $open;
} else {
    echo "failed to open data";

I am familiar with PHP but never used the openssl library before

Its actually coming from a SSO type application however I do not believe that I need to implement phpSAMP etc as all I need to do is decrypt the data that is being sent to me (Assertion)

I am also a little unsure if the public and private key that I am using are 100% correct. when I look at my public key its more like how the private key looks rather than the hex format.

my Private key looks like:


and the public key looks like:

0ad2 ca15 c2d3 5e82 b9a4 ae81 6898 b9bf
cef6 a464 e382 b897 1755 956c 79df fe15
3a44 8c75 47bf 8a54 375f d611 c4ec 551c
...... More Data
724e 536d c437 0383 66ca c998 a357 4e1a
f7ad bdf0 cc13 2152 354b f8

I have a good look around the internet and cannot find any working examples for this specific problem.

Thanks in advance.


If it is encrypted, and then signed, and assuming CMS format (the former PKCS#7) then I guess you need to verify it first, retrieve the content (check the function) and then decrypt that. More information (seems to be) here.

This video can help you solving your question :)
By: admin