How to provide the private key for openssl_private_decrypt()

Question

I have encrypt some value with my public key. But I can't decrypt it with my private key. Is there any wrong with my code?

This is my script:

<?php

$encrypted = "Q4tmeBDTS+M2UriF6zNBJYrWcXJuyclWVAFLZaOSNwTS0FOkqd/7yQ9KrwLe1IOT15DIB11694mfjLSjWL+yar/KnwrNVJUnUV3eRENr5nRQcBUxyI9Hst88wNs9UBTH+U0aiUgitWWNZIL2YwlAbvjB3YuLLM75IT2VG+ElTKY=";

$decrypted = "";

$privateKey = <<<EOD
MIICeQIBADANBgkqhkiG9w0BAQEFAASCAmMwggJfAgEAAoGBAK92ohKTxz/njXNX
5DV5EL1qlj+wh3O9AobufxyMpyU2WCxfFFgqUF6fBGos3QelSR75f5XvpoiYDrdB
ADKUmpkjKrYGOLSTYN5fyCmi7C4poQWsXpT4VVSYJQkwZhtI9XoxXwycfvRNKqTf
FdihYqDJ3z2uHmWoV4KSu6PZrqzJAgMBAAECgYEAmwvShWXuQErlVFILBzFWmHoy
EE92MdCIBiGDUv/6xsgxu+u8d3fUkvgjF4tTOOlWJrfDhQNCfhsXjdkzSn7D6Cqb
NFBSbBf+kr/IaBX/mDA34HroGlewYchgS0SRMz+SE24+5gmA6QL31FkLI+OnADtl
LnKkkFd8l7Kvv7GWfR0CQQDv2peFblMa3OujQFbdEuH5ChiDeu+5knZx0acB+0s8
dAYyTtyalThjiOfUP12BJLZRegSls8KqBjvjTAWYR8B7AkEAu0ZmDn9qLo+G3S0D
Ex81TQbet/nu1LwiFhEF/aW5/b5yvm/3h0XwyIN3Bn/DR431tKViO8HPfsHzjPrl
RmReiwJBAMAMnARHuR0qRTbbHnI3W16n2cb1GZvSDSrHftzUVIKcOBXyFStlTdhM
16uX7Qup1J3agHwZOkYfZbZyuYwb758CQQCImuCFAMI2dnF80oGkqCYcKr+5WbGy
Mg13JTHGhOX3xr0yVsArR4RM70CaWAXdIxswi1btmgE+SEHc+4LU5w/jAkEA734/
UEszK8EZkcY/I0RI+WBUo0S9g3CvlgmMKewQkU8boi3AjFTzECMqBxfYAZHfOTr5
WCHS8ImF4xhmXSTTdQ==
EOD;
$encrypted = base64_decode($str); // decode the encrypted query string
if (!openssl_private_decrypt($encrypted, $decrypted, $privateKey))
die('Failed to decrypt data');
echo "Decrypted value: ". $decrypted; ?>

Answer 1

On the first comment for openssl_private_decrypt() you can find an example. In this example you can see that the key parameter is the result of the method openssl_get_privatekey(), which is an alias for openssl_pkey_get_private().

The manual for openssl_pkey_get_private() says key can be one of the following:

1. a string having the format file://path/to/file.pem. The named file must contain a PEM encoded certificate/private key (it may contain both).

2. A PEM formatted private key.

In your case 2 applies. So put those removed lines of the key back and use openssl_get_privatekey():

$privateKey = <<<EOD
-----BEGIN PRIVATE KEY-----
MIICeQIBADANBgkqhkiG9w0BAQEFAASCAmMwggJfAgEAAoGBAK92ohKTxz/njXNX
[..]
WCHS8ImF4xhmXSTTdQ==
-----END PRIVATE KEY-----
EOD;

$res = openssl_get_privatekey($privateKey);

openssl_private_decrypt($encrypted, $decrypted, $res)