PHP: Get public key ID from certificate.

Question

I am building a site where I will need a user to login with a name, password and a certificate. The way it should work is to upload the certificate the first time you login. Afterwards there should be a cookie set with the Public key ID (not the public key) and name and password, so that in the future you no longer need to upload a certificate.

I am having trouble with this, in particular getting the public key ID. I can grab the key, no problem, but what I need to do is grab the public key ID and save that as a cookie, and later to the DB along with the username and password.

Here is the code I submit my form to:

<?php
    $uploads_dir = '/home/path/to/certs/';
    $uploadfile = $uploads_dir . basename($_FILES['cert']['name']);

    if (move_uploaded_file($_FILES['cert']['tmp_name'], $uploadfile)) {
         $name = './'. $_FILES['cert']['name'];
         $pub_key = openssl_pkey_get_public(file_get_contents($name));
         $keyData = openssl_pkey_get_details($pub_key);   
         echo $keyData['key'];
    } else {
         echo "Nope!\n";
    }
 ?>

Answer 1

Afterwards there should be a cookie set with the Public key ID (not the public key) and name and password, so that in the future you no longer need to upload a certificate.

Essentially, you're implementing an authentication system that offers no security at all.

Whatever you call a "public key ID", is going to be public , by nature. Since anyone is going to be able to set that cookie, you're not actually authenticating anything.

If you want to authenticate using the public key in the certificate, use client-certificate authentication. You could disable the PKI verification and use verify the public key in the cert manually instead, for example.