PHP通过OpenSSL生成证书、密钥并且加密解密数据,以及公钥,私钥和数字签名的理解
小白 2022-01-07 【原创文章】
PHP通过OpenSSL生成证书、密钥并且加密解密数据,以及公钥,私钥和数字签名的理解
强调,winds需要配置很多东西,建议,直接在服务器创建,比较快,如宝塔都可以!
生成公钥文件,测试可用:
$dn = array( "countryName" => "GB", "stateOrProvinceName" => "Somerset", "localityName" => "Glastonbury", "organizationName" => "The Brain Room Limited", "organizationalUnitName" => "PHP Documentation Team", "commonName" => "Wez Furlong", "emailAddress" => "wez@example.com" ); $config = array( "private_key_bits" => 512, "private_key_type" => OPENSSL_KEYTYPE_RSA, ); //1.创建公钥和私钥 返回资源 $res = openssl_pkey_new($config); //从得到的资源中获取私钥 并把私钥赋给$privKey openssl_pkey_export($res, $priKey); $pubKey = openssl_pkey_get_details($res); $pubKey = $pubKey["key"]; file_put_contents('./sign/public.key',$pubKey); file_put_contents('./sign/priKey.pem',$priKey); echo "私钥<br>"; print_r($priKey); echo "<br>公钥"."<br>"; print_r($pubKey); die;
加密+解密:
$str = '你好,我是数据11111'; $jia = encrypt_local($str); $jie = decrypt_local($jia); echo '加密:'.$jia.'<br>'; echo '解密:'.$jie; /* * 加密 */ function encrypt_local($string, $key = './sign/public.key') { $key = file_get_contents($key); openssl_public_encrypt($string, $data, $key, OPENSSL_ALGO_SHA1); return base64_encode($data); } /* * 解密 */ function decrypt_local($string, $key = './sign/prikey.pem') { $unsignMsg = base64_decode($string); $key = file_get_contents($key); openssl_private_decrypt($unsignMsg, $data, $key); return $data; }
上面已经实现处理逻辑
下面网络资源,仅供参考,
$config = array( "private_key_bits" => 1024, //字节数 512 1024 2048 4096 等 "private_key_type" => OPENSSL_KEYTYPE_RSA, //加密类型 "config" => "D:/phpStudy/PHPTutorial/Apache/conf/openssl.cnf" ); $privkeypass = '123456789'; //私钥密码 $numberofdays = 365; //有效时长 $cerpath = "./test.cer"; //生成证书路径 $pfxpath = "./test.pfx"; //密钥文件路径 $dn = array( "countryName" => "UK", //所在国家 "stateOrProvinceName" => "Somerset", //所在省份 "localityName" => "Glastonbury", //所在城市 "organizationName" => "The Brain Room Limited", //注册人姓名 "organizationalUnitName" => "PHP Documentation Team", //组织名称 "commonName" => "Wez Furlong", //公共名称 "emailAddress" => "wez@example.com" //邮箱 ); // 生成公钥私钥资源 $res = openssl_pkey_new($config); // 导出私钥 $priKey openssl_pkey_export($res, $priKey,null,$config); // 导出公钥 $pubKey $pubKey = openssl_pkey_get_details($res); $pubKey = $pubKey["key"]; //print_r($priKey); 私钥 //print_r($pubKey); 公钥 //直接测试私钥 公钥 echo '-------------------公私钥加解密-START---------------------','<br>'; $data = '测试公私钥加解密成功!'; // 公钥加密 openssl_public_encrypt($data, $encrypted, $pubKey); // 私钥解密 openssl_private_decrypt($encrypted, $decrypted, $priKey); echo '公钥加密:',base64_encode($encrypted),'私钥解密:','<br>',$decrypted,'<br>'; echo '-------------------公私钥加解密-END---------------------','<br>'; //生成文件 $csr = openssl_csr_new($dn, $priKey,$config); //基于$dn生成新的 CSR (证书签名请求) $sscert = openssl_csr_sign($csr, null, $priKey, 365,$config);//根据配置自己对证书进行签名 openssl_x509_export($sscert, $csrkey); //将公钥证书存储到一个变量 $csrkey,由 PEM 编码格式命名。 openssl_pkcs12_export($sscert, $privatekey, $priKey, $privkeypass); //将私钥存储到名为的出 PKCS12 文件格式的字符串。 导出密钥$privatekey //生成证书文件 $fp = fopen($cerpath, "w"); fwrite($fp, $csrkey); fclose($fp); //生成密钥文件 $fp = fopen($pfxpath, "w"); fwrite($fp, $privatekey); fclose($fp); echo '<br>','<br>','<br>','<br>'; echo '----------------------自签名验证-START----------------------','<br>'; // 测试私钥 秘钥 $privkeypass = '123456789'; //私钥密码 $pfxpath = "./test.pfx"; //密钥文件路径 $priv_key = file_get_contents($pfxpath); //获取密钥文件内容 $data = "测试数据!"; //加密数据测试test //私钥加密 openssl_pkcs12_read($priv_key, $certs, $privkeypass); //读取公钥、私钥 $prikeyid = $certs['pkey']; //私钥 openssl_sign($data, $signMsg, $prikeyid,OPENSSL_ALGO_SHA1); //注册生成加密信息 $signMsg = base64_encode($signMsg); //base64转码加密信息 //公钥解密 $unsignMsg=base64_decode($signMsg);//base64解码加密信息 openssl_pkcs12_read($priv_key, $certs, $privkeypass); //读取公钥、私钥 $pubkeyid = $certs['cert']; //公钥 $res = openssl_verify($data, $unsignMsg, $pubkeyid); //验证 echo $res?'证书测试成功!':'证书测试失败!';echo '<br>'; //输出验证结果,1:验证成功,0:验证失败 echo '-----------------------签名验证-END------------------------','<br>';
最新发布
- 守护进程-kill端口-输出日志-查看等!
- git 本地分支关联远程分支,合并!
- pytorch安装(含cuda、cudnn安装教程)!
- linux系统下ubuntu22.04安装Docker方法!
- 视频截取封面 =php-ffmpeg/php-ffmpeg!
- 常用实例2023-5-10!
- 富文本 塞入mysql 报错: General error: 1366 Incorrect string value: ‘\xF0\x9F\x98\x84‘ for column ‘content‘!
- 百度地图拖拽获取地址实例!
- php使用smtp鉴权方式发送邮件 插件PHPMailer!
- 有道翻译接口对接!