PKCS8: make it so keys can be saved as PEMs or DERs

phpseclib/Crypt/Common/Formats/Keys/PKCS8.php

@@ -83,6 +83,13 @@ abstract class PKCS8 extends PKCS
      */
     private static $oidsLoaded = false;
 
+    /**
+     * Binary key flag
+     *
+     * @var bool
+     */
+    private static $binary = false;
+
     /**
      * Sets the default encryption algorithm
      *
@@ -513,6 +520,18 @@ abstract class PKCS8 extends PKCS
         throw new \RuntimeException('Unable to parse using either OneAsymmetricKey or PublicKeyInfo ASN1 maps');
     }
 
+    /**
+     * Toggle between binary (DER) and printable (PEM) keys
+     *
+     * Printable keys are what are generated by default.
+     *
+     * @param bool $enabled
+     */
+    public static function setBinaryOutput($enabled)
+    {
+        self::$binary = $enabled;
+    }
+
     /**
      * Wrap a private key appropriately
      *
@@ -616,11 +635,19 @@ abstract class PKCS8 extends PKCS
 
             $key = ASN1::encodeDER($key, Maps\EncryptedPrivateKeyInfo::MAP);
 
+            if (isset($options['binary']) ? $options['binary'] : self::$binary) {
+                return $key;
+            }
+
             return "-----BEGIN ENCRYPTED PRIVATE KEY-----\r\n" .
                    chunk_split(Strings::base64_encode($key), 64) .
                    "-----END ENCRYPTED PRIVATE KEY-----";
         }
 
+        if (isset($options['binary']) ? $options['binary'] : self::$binary) {
+            return $key;
+        }
+
         return "-----BEGIN PRIVATE KEY-----\r\n" .
                chunk_split(Strings::base64_encode($key), 64) .
                "-----END PRIVATE KEY-----";
@@ -634,7 +661,7 @@ abstract class PKCS8 extends PKCS
      * @param string $oid
      * @return string
      */
-    protected static function wrapPublicKey($key, $params, $oid = null)
+    protected static function wrapPublicKey($key, $params, $oid = null, array $options = [])
     {
         self::initialize_static_variables();
 
@@ -651,6 +678,10 @@ abstract class PKCS8 extends PKCS
 
         $key = ASN1::encodeDER($key, Maps\PublicKeyInfo::MAP);
 
+        if (isset($options['binary']) ? $options['binary'] : self::$binary) {
+            return $key;
+        }
+
         return "-----BEGIN PUBLIC KEY-----\r\n" .
                chunk_split(Strings::base64_encode($key), 64) .
                "-----END PUBLIC KEY-----";

phpseclib/Crypt/DH/Formats/Keys/PKCS8.php

@@ -127,6 +127,6 @@ abstract class PKCS8 extends Progenitor
         $params = ASN1::encodeDER($params, Maps\DHParameter::MAP);
         $params = new ASN1\Element($params);
         $key = ASN1::encodeDER($publicKey, ['type' => ASN1::TYPE_INTEGER]);
-        return self::wrapPublicKey($key, $params);
+        return self::wrapPublicKey($key, $params, null, $options);
     }
 }

phpseclib/Crypt/DSA/Formats/Keys/PKCS8.php

@@ -141,6 +141,6 @@ abstract class PKCS8 extends Progenitor
         $params = ASN1::encodeDER($params, Maps\DSAParams::MAP);
         $params = new ASN1\Element($params);
         $key = ASN1::encodeDER($y, Maps\DSAPublicKey::MAP);
-        return self::wrapPublicKey($key, $params);
+        return self::wrapPublicKey($key, $params, null, $options);
     }
 }

phpseclib/Crypt/EC/Formats/Keys/PKCS8.php

@@ -186,7 +186,7 @@ abstract class PKCS8 extends Progenitor
 
         $key = "\4" . $publicKey[0]->toBytes() . $publicKey[1]->toBytes();
 
-        return self::wrapPublicKey($key, $params, 'id-ecPublicKey');
+        return self::wrapPublicKey($key, $params, 'id-ecPublicKey', $options);
     }
 
     /**

phpseclib/Crypt/RSA/Formats/Keys/PKCS8.php

@@ -117,6 +117,6 @@ abstract class PKCS8 extends Progenitor
     {
         $key = PKCS1::savePublicKey($n, $e);
         $key = ASN1::extractBER($key);
-        return self::wrapPublicKey($key, null);
+        return self::wrapPublicKey($key, null, null, $options);
     }
 }