php - removing password from rsa private key

Question

Here's how I'd do it with phpseclib (which works):

<?php
include('Crypt/RSA.php');

$rsa = new Crypt_RSA();
$rsa->setPassword('password');
$result = $rsa->loadKey('-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,E3B1C06E0D0C2633

gvmXzl6W7eV1a3N5rQNwBWKY9on3IgxZudS33cip5f88FotsPSDJMvqj6LVw2RxobDjhlOOzqmTb
VrlTnoQ6CogXFZSfiPmixiyyptCUEKJkSiEhYGM5GQm0OoGcLeLbgBb9tRpWh5IlXulKD6XFhx8q
/eGg5a+mSkX1i7kv2+Ih3jHmEKwrnfzhcA29pBF3OQJo+Ks9IYneuk676pHtsIs7CpFKq1tDvD8Q
O7URxnVnHLltaFvIxshqyZu92xbUYZR7YzjXl5+3w4TVgeAHUogEV+H9iZTosD/copUsbQO+78w2
E1D3iDS94wRgx0Tjv4xlwrTpOV38FS5rdL32492DcCRlCYM4VtuwjYeWi5shJg69jCb0EwGRqfAo
xko+lbKWELTuFKwD7n1rc/2fTarbGuf8S2AEggBLZyfXHC/9N84mXLFO2XKq+0WdiEFhQj2Cze+a
9qcSK6tPSrjK1LPlnOOppFgDElZaZ0rxsgjtiWSIAEw/Ad+SIM5u+vqwzF8J317JlsdKoBFDw8mS
MxCMuMksKJ23mgvY+THRIVgH3E7lEDZQzCi1Uy6ldLJcran/6wHwP88pVM2odiHkpnrJGcEBbbIk
qsxJZhFT8aUt/cUEBj3fnP7cxoNLQfTHMPqUTqKBWaVufFzGU9YB1R+XWFULLddwJHnV7gPheBlk
MDapowb+Is77+a9Y2VDsOXEvNpqTY0giiSrckG05IZnrhJ24JnSCwyNd99lm7XKdEGGrjBCMqIyI
Fqox8Ahkv3KWAJPYK1eOCc5d/KwZHlnlFJq7ZYy9u3fEnxQCjOEmeXLkLangKA==
-----END RSA PRIVATE KEY-----');

echo $result ? 'true' : 'false';
?>

For comparison purposes, however, I'm trying to do it with OpenSSL. Here's my code:

<?php
$pkey = openssl_pkey_get_private('-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,E3B1C06E0D0C2633

gvmXzl6W7eV1a3N5rQNwBWKY9on3IgxZudS33cip5f88FotsPSDJMvqj6LVw2RxobDjhlOOzqmTb
VrlTnoQ6CogXFZSfiPmixiyyptCUEKJkSiEhYGM5GQm0OoGcLeLbgBb9tRpWh5IlXulKD6XFhx8q
/eGg5a+mSkX1i7kv2+Ih3jHmEKwrnfzhcA29pBF3OQJo+Ks9IYneuk676pHtsIs7CpFKq1tDvD8Q
O7URxnVnHLltaFvIxshqyZu92xbUYZR7YzjXl5+3w4TVgeAHUogEV+H9iZTosD/copUsbQO+78w2
E1D3iDS94wRgx0Tjv4xlwrTpOV38FS5rdL32492DcCRlCYM4VtuwjYeWi5shJg69jCb0EwGRqfAo
xko+lbKWELTuFKwD7n1rc/2fTarbGuf8S2AEggBLZyfXHC/9N84mXLFO2XKq+0WdiEFhQj2Cze+a
9qcSK6tPSrjK1LPlnOOppFgDElZaZ0rxsgjtiWSIAEw/Ad+SIM5u+vqwzF8J317JlsdKoBFDw8mS
MxCMuMksKJ23mgvY+THRIVgH3E7lEDZQzCi1Uy6ldLJcran/6wHwP88pVM2odiHkpnrJGcEBbbIk
qsxJZhFT8aUt/cUEBj3fnP7cxoNLQfTHMPqUTqKBWaVufFzGU9YB1R+XWFULLddwJHnV7gPheBlk
MDapowb+Is77+a9Y2VDsOXEvNpqTY0giiSrckG05IZnrhJ24JnSCwyNd99lm7XKdEGGrjBCMqIyI
Fqox8Ahkv3KWAJPYK1eOCc5d/KwZHlnlFJq7ZYy9u3fEnxQCjOEmeXLkLangKA==
-----END RSA PRIVATE KEY-----', 'password');
if ($pkey === false) exit('FAILURE');
openssl_pkey_export($pkey, $out_key_file);
echo $out_key_file;
?>

Only problem: the code dies prematurely, echo'ing out FAILURE. ie. openssl_pkey_get_private() isn't loading the key. openssl_error_string says "error:0906D066:PEM routines:PEM_read_bio:bad end line".

Any ideas?

Answer 1

I'm not sure what's going on here; I've tried your code and it gives the same issue, so I've generated a key myself:

openssl genrsa -des3 -out des3.rsa

Then copied the contents into this script:

$out_key_file = 'des3nopass.rsa';

$key = <<<EOS
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,5F2FDB4C8F710F92

pkaBIMCdnvrejw6egagg/lGrrGJWLsceDkC0KSdouRfR8LhQS/XjSJ/Wqrj7fa36
xXRd/USBebgy2hLAi9RMPofOjlcUyUVvZZgh0+JDQ79pH5q1FsRMcsJ+J8GO0edw
kh8zdZoCbbtJgQjTx0JheJMDdZymw4cfK5hoZbnxX6HZ1wNhtPb7Z/noNcxpK6Zl
CCzPgLd9hCGLBD2XqoRjOM1U2vpZwpCTdYgAtFIPMVXQQpzgIyw06CHcHvYZgnAc
oxiVx7Z7N9r0J1vDnlrW/OU1l07D0pBr1yPRTDMI5tBMo8KDsL2tkBxqtYyOJdZr
as/5zQDPRlbW7Jve1JuXmsnja+gN7jZ+3LpUzfRFo/wWnvOzhHQxLz+RaUpVDYTl
F4m9zjo9dgOhlZzigOhYTB+5aq5f92Yf6K0daCwTDpU=
-----END RSA PRIVATE KEY-----
EOS;

$pkey = openssl_pkey_get_private($key, 'password');
if ($pkey === false) {
        die(openssl_error_string());
}

openssl_pkey_export($pkey, $out_key_file);
echo "Wrote to $out_key_file
";

And that works fine for me.

Update

I've tried to perform this using openssl command line as well, using your key:

openssl rsa -in des3big.rsa -out des3bignopass.rsa
unable to load Private Key
14179:error:0906D066:PEM routines:PEM_read_bio:bad end line:pem_lib.c:746:

It seems that OpenSSL has an issue with it as well, so it's not PHP.

Update 2

Turns out that your lines are too long (they should be 64 characters wide):

-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,E3B1C06E0D0C2633

gvmXzl6W7eV1a3N5rQNwBWKY9on3IgxZudS33cip5f88FotsPSDJMvqj6LVw2Rxo
bDjhlOOzqmTbVrlTnoQ6CogXFZSfiPmixiyyptCUEKJkSiEhYGM5GQm0OoGcLeLb
gBb9tRpWh5IlXulKD6XFhx8q/eGg5a+mSkX1i7kv2+Ih3jHmEKwrnfzhcA29pBF3
OQJo+Ks9IYneuk676pHtsIs7CpFKq1tDvD8QO7URxnVnHLltaFvIxshqyZu92xbU
YZR7YzjXl5+3w4TVgeAHUogEV+H9iZTosD/copUsbQO+78w2E1D3iDS94wRgx0Tj
v4xlwrTpOV38FS5rdL32492DcCRlCYM4VtuwjYeWi5shJg69jCb0EwGRqfAoxko+
lbKWELTuFKwD7n1rc/2fTarbGuf8S2AEggBLZyfXHC/9N84mXLFO2XKq+0WdiEFh
Qj2Cze+a9qcSK6tPSrjK1LPlnOOppFgDElZaZ0rxsgjtiWSIAEw/Ad+SIM5u+vqw
zF8J317JlsdKoBFDw8mSMxCMuMksKJ23mgvY+THRIVgH3E7lEDZQzCi1Uy6ldLJc
ran/6wHwP88pVM2odiHkpnrJGcEBbbIkqsxJZhFT8aUt/cUEBj3fnP7cxoNLQfTH
MPqUTqKBWaVufFzGU9YB1R+XWFULLddwJHnV7gPheBlkMDapowb+Is77+a9Y2VDs
OXEvNpqTY0giiSrckG05IZnrhJ24JnSCwyNd99lm7XKdEGGrjBCMqIyIFqox8Ahk
v3KWAJPYK1eOCc5d/KwZHlnlFJq7ZYy9u3fEnxQCjOEmeXLkLangKA==
-----END RSA PRIVATE KEY-----