This ruby code was helpful.
Your public key must be in DER format, and unfortunately PHP's OpenSSL extension can't do that, so far as I can tell. I had to generate it from my private key at the command line:
openssl rsa -pubout -outform DER < extension_private_key.pem > extension_public_key.pub
UPDATE: there is a PHP der2pem() function available here, thanks to tutuDajuju for pointing it out.
Once that's done, building the .crx file is quite easy:
# make a SHA1 signature using our private key
$pk = openssl_pkey_get_private(file_get_contents('extension_private_key.pem'));
openssl_sign(file_get_contents('extension.zip'), $signature, $pk, 'sha1');
openssl_free_key($pk);
# decode the public key
$key = base64_decode(file_get_contents('extension_public_key.pub'));
# .crx package format:
#
# magic number char(4)
# crx format ver byte(4)
# pub key lenth byte(4)
# signature length byte(4)
# public key string
# signature string
# package contents, zipped string
#
# see http://code.google.com/chrome/extensions/crx.html
#
$fh = fopen('extension.crx', 'wb');
fwrite($fh, 'Cr24'); // extension file magic number
fwrite($fh, pack('V', 2)); // crx format version
fwrite($fh, pack('V', strlen($key))); // public key length
fwrite($fh, pack('V', strlen($signature))); // signature length
fwrite($fh, $key); // public key
fwrite($fh, $signature); // signature
fwrite($fh, file_get_contents('extension.zip')); // package contents, zipped
fclose($fh);