Verifying that the downloaded file is a valid PEM file

Question

Verifying that the downloaded file is a valid PEM file

I am trying to find an efficient / elegant way to check that a user uploaded file is a valid pem file without relying on extension validation. Does anyone follow this up or have any ideas?

+3

php openssl php-openssl

Mike keen Apr 28 15 at 15:50

source to share

2 answers

I am using a php file to check that my pem has followed the following steps,

Download file from check pem
Change extension to FILENAME.php from FILENAME.txt
Move it to the folder where the .pem file is stored.
Enter the .php file of the token file and the file name.
Open terminal and run command "php FILENAME.php"

If it shows success, then the .pem file is correct.

-1

cjd 08 Sep 15 at 10:44

source to share

Evgeniy Kuzmin · Accepted Answer · 2015-04-28T16:27:27+0000

Use "openssl rsa" and parse its output

Invalid file:

$ openssl rsa -noout -modulus -in ./wrong.pem 
unable to load Private Key

140324790638432:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:703:Expecting: ANY PRIVATE KEY

Correct key

$ openssl rsa -noout -modulus -in ../proper.pem
Modulus=98B139C27E3623E542CEC76ECEA0619D045746B2F99265F030391296C5DD83301A85C43A00C745DAB77DFC771CE5666CF81ED81C4561F945EF123D5CB5687500A243E1F87B707FFFC318EA8E9605B2047E2D790BB71B9AF04F385C2E40C18A40FE5FB5CBC96C0C05D4220E5C73564027C6CB0DEEDB8AD8460B78A54536ADB81D204FDDFDB388F6EEFD537E6C3D743A9C9C2FE00D9A819A9587EE359DAA48AD08FC06D99D8686C38B0BD684CC41F0B61115F65B005C53F472D648C2EB92AAFC6526E7F4FFE873FB0C3589C24CCCCA1DCA08B352F9893310F876C007E72B809FAB6738855C5C901C8C006E9E137BF340E8A6E204FC70864AE29D9009DC9CBBEAD9

so you can wrap your openssl execution in shell_exec (), parse and check "failed to load private key" to find the wrong certificate

Verifying that the downloaded file is a valid PEM file

More articles: