OpenSSL directory fine on Linux server - not on Windows XAMPP

Question

I have a php script which looks for the openssl directory and encrypts customer data I have.

When I upload the script to my online linux directory - the encryption works fine

#private key file to use
$MY_KEY_FILE = "my-prvkey.pem";

#public certificate file to use
$MY_CERT_FILE = "my-pubcert.pem";

# Paypal's public certificate
$PAYPAL_CERT_FILE = "paypal_cert_sandbox.pem";

# path to the openssl binary
$OPENSSL = "/usr/bin/openssl";

When I try and run the same command on my Windows machine which runs XAMPP currently, I am unable to encrypt anything. Anybody else had this problem?

I would MUCH rather update and test locally than have to ftp a file every time I make a change during our build.

EDIT

I do realize the directory above is mainly for linux; however even when I point the directory to the openssl directory within the XAMPP folder (for me at: C:\xampp\apache\bin) the operation fails.

EDIT 2

When I say "unable to encrypt" I mean, NOTHING is returned (i.e. the public keys are clearly not finding the openssl .dll files) even though they ARE pointed to the correct directory. There are no error messages. Configuration differences? One is linux server, one is windows local machine.

In my script, I include the following:

<?php
function paypal_encrypt($hash) {
    global $MY_KEY_FILE;
    global $MY_CERT_FILE;
    global $PAYPAL_CERT_FILE;
    global $OPENSSL;

    if (!file_exists($MY_KEY_FILE)) {
        echo "ERROR: MY_KEY_FILE $MY_KEY_FILE not found\n"; }
    if (!file_exists($MY_CERT_FILE)) {
        echo "ERROR: MY_CERT_FILE $MY_CERT_FILE not found\n"; }
    if (!file_exists($PAYPAL_CERT_FILE)) {
        echo "ERROR: PAYPAL_CERT_FILE $PAYPAL_CERT_FILE not found\n"; }
    if (!file_exists($OPENSSL)) {
        echo "ERROR: OPENSSL $OPENSSL not found\n"; }

    $openssl_cmd = "$OPENSSL smime -sign -signer $MY_CERT_FILE -inkey $MY_KEY_FILE " . "-outform der -nodetach -binary | $OPENSSL smime -encrypt " . "-des3 -binary -outform pem $PAYPAL_CERT_FILE";

    $descriptors = array( 0 => array("pipe", "r"), 1 => array("pipe", "w"), );
    $process = proc_open($openssl_cmd, $descriptors, $pipes);

    if (is_resource($process)) {
        foreach ($hash as $key => $value) {
            if ($value != "") {
                fwrite($pipes[0], "$key=$value\n");
                }
        }
        fflush($pipes[0]);
        fclose($pipes[0]); 
        $output = ""; 

        while (!feof($pipes[1])) {
            $output .= fgets($pipes[1]); }

            fclose($pipes[1]);
            $return_value = proc_close($process);
            return $output;
    }

    return "ERROR"; }
?> 

On my windows machine AND the linux machine "Error: OPENSSL not found" is displayed (even though on the linux hosted server the encryption completes anyway). I can remove the line on my windows machine by simply putting C:\xampp\apache\bin\openssl.exe but this still does not do any encrypting).

Answer 1

When putting a Windows path in your script, do not forget to escape backslashes, otherwise it'll be interpreted as escape characters. You can use forward slashes in PHP for Windows.

Two ways of specifying the openssl path in windows:

$OPENSSL = 'C:\\xampp\\apache\\bin\\openssl.exe';
$OPENSSL = 'C:/xampp/apache/bin/openssl.exe';

---

PHP does also have an extension for OpenSSL: http://php.net/manual/en/book.openssl.php

Answer 2

I just figured out why the issue exists:

In windows, you must specific absolute paths for the private and public keys unlike a Linux machine.

Once I did that in front of my .pem files, the encryption worked fine.

Thank you everybody for your help.