openssl RSA非對稱加密、解密、簽名、驗籤

原創 hgditren 2018-11-08 02:26

需要先了解的openssl系列函數

  • openssl_pkey_get_private 從證書中解析獲取私鑰,以供使用。成功,返回真實的密鑰資源標識符(Resource ID),否則返回false
  • openssl_pkey_get_public 從證書中解析獲取公鑰,以供使用。成功,返回真實的密鑰資源標識符(Resource ID),否則返回false
  • openssl_private_encrypt($data, $encrypted, $privateKeyResourceID, OPENSSL_PKCS1_PADDING)
  • //使用私鑰key加密數據data並且將結果保存至變量crypted中
  • openssl_public_decrypt(base64_decode($encrypted), $decrypted, $publicKeyResourceID, OPENSSL_PKCS1_PADDING)
  • //私鑰加密的內容通過公鑰可用解密出來
<?php
/**
 * Created by PhpStorm.
 * User: zrj
 * Date: 18-11-7
 * Time: 上午10:22
 */
declare(strict_types=1);//開啓強類型模式

//私匙
$privateKeyString = <<<EOF
-----BEGIN RSA PRIVATE KEY-----
MIIEogIBAAKCAQEAxHS1H/9uMS+waaP8vkEHx0EJWqPnRjYIzHKrXeMQ3fjZmxPG
MJmzwKVdADQlaFbA/NePu7dVFyzFo2yrAFlJD9bWs6of79OM2QGxu/AL2GqwjaOZ
/+5tSkxqU8fj+/sb35U9kGxy/k4KPwlatTaHIkXb7qebCGX1hgNw2BkRrNfXWRX+
EVs8Oy/I/d1CMQMF3mvsCFvoUAE/UJVOOAjjQ6rBX+PorWXuTIKgWgSFWwzsRWJN
hQo6P6Y/amx2Jb6Nr0rHIJIREICdYMAp2DSC+uU+jl85NqT3U89BRRG+58feoUOL
DGiv0hRQ7+k1e47MfiwKpCpJOkldEJjywMhl1QIDAQABAoIBAHBQuOyeQAVm2ljL
JEgxLZ1BFXP4mNSPN+CK/mYi1xXQm7gJShmnBhlxcQYYyfoo/xSOuOH9ImypcCTK
j8kXQqoHjaAR90hJjhDS4yYrStpjxKR1kCm9ykXcAj373d/F5F2jGRtkpSm2vCzl
0DIiBogVoHOE5yGaCRChDva8/lnt3ACEurhiL37ZJbOnbZMj2FkNmtv7eCgVEUTH
Ydu9cU8mbC3g1WMDxKSBxwgRhZQYZQSRta4nkWN5xEcO7WAF3RWs1cFJ4ttCQaRy
J/Y0K8R9prLRwh51/jonQPCJN+NGmtpCq9+kgVxxLe7p45k4DO2VxaKzto5IDSZj
hdFTEAECgYEA43cRn8ISAlHQHxi2EOq5Ygk98Bf249WNuBzxOra5SpCBVbRGvTeY
Mrq86FY1PsFK+pOVeiiaaGanZDFtULEJyiZm3KaE2PVRsbfeYO9vSTHW8ikdmpCW
VALpL6B+Q7kRvA/1krnU9Uy8c9k+EpZOELI9Ja8H9pMErMVd7LX+HtUCgYEA3RnK
5gzXNNI4hfphepxXD/+qFxgd0mmwi/jLhc4c62V259sUR2R38jo+xDgBlDvrlmDi
e6H7q56Y3M1Zag+zHc8PgtqxY7CPt5rc8dHd8iYh0UxNCYjlM3QP8dULdPmlnPkC
70KyHNkCoesiDytbT50EN5KnqEO99Kgl3mhqqwECgYAHGQcOwiKHuf/RiJbdzkU8
nuc037qPf3FtplGMsHj1r66peveeHeb85kDQyyfcLnHlgcdvSWcQDOv6P2SW2P9i
NHKPPg71KiqDbiZdRftmAE0hv1CyKwLV2kVmfA6UlGjOQn06N9xCT0OuJcA/GjuT
X8xyqZSJCCtkLMByi3dDhQKBgFmRWk2phADk7Hrx/E1ESkyz4H6siWA06o05g5E3
9yUxHGM+r89gFussx0KMAa/AOmbX5sf4zdAvVnOUSJWbuI7p07nJyDS/UOkrNjhM
MWIoKmj0RP0I1PjsGo14JcUEYR/fDF5KoYboLpXTgB+vC7WLwSqWIY8bqjcTawvX
NucBAoGAPGAi11FCqx5R3r/3pJkySlNoj+m/J04mdYXJpmJV6P6PczJHd0aRjvJF
6ubuKot1pExuhEivYo7dYubr5clmh2S8bs9kyS5Q2Btz5kXhxf4EGmJRVD+CAmvi
EAHNljZQgkfonOZFqRXaxqAsqEziIfQqI7IjpTkcGgts4v43Tlo=
-----END RSA PRIVATE KEY-----
EOF;

//公匙
$publicKeyString = <<<EOF
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxHS1H/9uMS+waaP8vkEH
x0EJWqPnRjYIzHKrXeMQ3fjZmxPGMJmzwKVdADQlaFbA/NePu7dVFyzFo2yrAFlJ
D9bWs6of79OM2QGxu/AL2GqwjaOZ/+5tSkxqU8fj+/sb35U9kGxy/k4KPwlatTaH
IkXb7qebCGX1hgNw2BkRrNfXWRX+EVs8Oy/I/d1CMQMF3mvsCFvoUAE/UJVOOAjj
Q6rBX+PorWXuTIKgWgSFWwzsRWJNhQo6P6Y/amx2Jb6Nr0rHIJIREICdYMAp2DSC
+uU+jl85NqT3U89BRRG+58feoUOLDGiv0hRQ7+k1e47MfiwKpCpJOkldEJjywMhl
1QIDAQAB
-----END PUBLIC KEY-----
EOF;

$data = "helloworld";

try {
    //從證書中解析獲取私鑰。成功,返回真實的密鑰資源標識符
    $privateKeyResourceID = openssl_pkey_get_private($privateKeyString);
    if ($privateKeyResourceID === false) throw new \Exception('private key string is wrong');

    //從證書中解析獲取公鑰,以供使用。成功,返回真實的密鑰資源標識符
    $publicKeyResourceID = openssl_pkey_get_public($publicKeyString);//這個函數可用來判斷公鑰是否是可用的
    if ($publicKeyResourceID === false) throw new \Exception('public key string is wrong');

    //使用私鑰key加密數據data並且將結果保存至變量crypted中。
    //加密後的數據可以通過openssl_public_decrypt()函數來解密。
    openssl_private_encrypt($data, $encrypted, $privateKeyResourceID, OPENSSL_PKCS1_PADDING);

    //私鑰加密
    $encrypted = base64_encode($encrypted);//加密之後的結果,base64只是爲了避免特殊字符

    openssl_public_decrypt(base64_decode($encrypted), $decrypted, $publicKeyResourceID, OPENSSL_PKCS1_PADDING);//私鑰加密的內容通過公鑰可用解密出來

    echo $decrypted . PHP_EOL;

} catch (\Exception $e) {
    die($e->getMessage());
}

加密、解密系列

  • 公鑰加密 openssl_public_encrypt,私鑰解密 openssl_private_decrypt
  • 私鑰加密 openssl_private_encrypt,公鑰解密 openssl_public_decrypt

封裝

<?php
/**
 * Created by PhpStorm.
 * User: zrj
 * Date: 18-11-5
 * Time: 下午8:32
 */
declare(strict_types=1);//開啓強類型模式

class RSA
{
    private $publicKeyResourceID = false;//公鑰資源
    private $privateKeyresourceID = false;//私鑰資源
    private $publicKeyContent = '';
    private $privateKeyContent = '';

    public function __construct(string $publicKeyPath, string $privatePath)
    {
        $this->checkFilePath($publicKeyPath);
        $this->checkFilePath($privatePath);
        $this->publicKeyContent = file_get_contents($publicKeyPath);
        $this->privateKeyContent = file_get_contents($privatePath);
        if (empty($this->publicKeyContent)) throw new \Exception('Public key is empty');
        if (empty($this->privateKeyContent)) throw new \Exception('Private key is empty');

        $this->publicKeyResourceID = !empty($this->publicKeyContent) ? openssl_pkey_get_public($this->getPublicKey()) : false;
        $this->privateKeyresourceID = !empty($this->privateKeyContent) ? openssl_pkey_get_private($this->getPrivatekey()) : false;

        if ($this->publicKeyResourceID === false) throw new \Exception('解析公鑰內容失敗');
        if ($this->privateKeyresourceID === false) throw new \Exception('解析私鑰內容失敗');
    }

    /**
     * 校驗文件路徑
     * @param string $filePath
     * @throws Exception
     */
    public function checkFilePath(string $filePath)
    {
        if (!is_file($filePath)) throw new \Exception($filePath . ' is not a regular file');
        if (!file_exists($filePath)) throw new \Exception($filePath . ' is not exists');
    }

    //獲取私有key字符串,重新格式化,爲保證任何key都可以識別
    public function getPrivatekey(): string
    {
        $search = [
            "-----BEGIN RSA PRIVATE KEY-----",
            "-----END RSA PRIVATE KEY-----",
            "\n",
            "\r",
            "\r\n"
        ];

        $privateKey = str_replace($search, "", $this->privateKeyContent);
        //打斷字符串爲指定數量的字串
        return $search[0] . PHP_EOL . wordwrap($privateKey, 64, "\n", true) . PHP_EOL . $search[1];
    }

    /**
     *
     * 獲取公共key字符串,重新格式化,爲保證任何key都可以識別
     */
    public function getPublicKey()
    {
        $search = [
            "-----BEGIN PUBLIC KEY-----",
            "-----END PUBLIC KEY-----",
            "\n",
            "\r",
            "\r\n"
        ];
        $publicKey = str_replace($search, "", $this->publicKeyContent);
        //打斷字符串爲指定數量的字串
        return $search[0] . PHP_EOL . wordwrap($publicKey, 64, "\n", true) . PHP_EOL . $search[1];
    }

    public function createKey()
    {
        $result = openssl_pkey_new();// 生成一個新的私鑰和公鑰對,
        if ($result === false) return false;
        openssl_pkey_export($result, $privateKey);//將key當作PEM編碼字符串導出並且將之保存到$privateKey(通過引用傳遞的)中。
        $publicKey = openssl_pkey_get_details($result);//返回包含密鑰詳情的數組
        return array('public_key' => $publicKey["key"], 'private_key' => $this->getPrivatekey());
    }

    //使用私鑰加密
    public function encryptByPrivateKey(string $data): string
    {
        openssl_private_encrypt($data, $output, $this->privateKeyresourceID);
        return base64_encode($output);
    }

    //使用公鑰解密
    public function decryptByPublicKey(string $data): string
    {
        openssl_public_decrypt(base64_decode($data), $output, $this->publicKeyResourceID);
        return $output;
    }

    //使用公鑰加密
    public function encryptByPublicKey(string $data): string
    {
        openssl_public_encrypt($data, $output, $this->publicKeyResourceID);
        return base64_encode($output);
    }

    //使用私鑰解密
    public function decryptByPrivateKey(string $data): string
    {
        openssl_private_decrypt(base64_decode($data), $output, $this->privateKeyresourceID);
        return $output;
    }

    //生成簽名
    public function generateSignature(string $data, int $signType = OPENSSL_ALGO_SHA1): string
    {
        openssl_sign($data, $outSignature, $this->privateKeyresourceID, $signType);//Generate signature
        return base64_encode($outSignature);
    }

    //校驗簽名
    public function checkSignature(string $originalData, string $signature, int $signType = OPENSSL_ALGO_SHA1): bool
    {
        //如果簽名正確返回 1, 簽名錯誤返回 0, 內部發生錯誤則返回-1
        $result = openssl_verify($originalData, base64_decode($signature), $this->publicKeyResourceID, $signType);
        return $result == 1;
    }

    public function __destruct()
    {
        openssl_free_key($this->publicKeyResourceID);
        openssl_free_key($this->privateKeyresourceID);
    }
}

$rsaObj = new RSA('/home/zrj/.ssh/rsa_public.key', '/home/zrj/.ssh/rsa_private.key');

$str = 'Hello world';
echo '原始數據:' . $str . PHP_EOL;
echo '公鑰加密私鑰解密如下:' . PHP_EOL;
$tmpstr = $rsaObj->encryptByPublicKey($str); //用公鑰加密
echo '加密後的數據:' . PHP_EOL;
echo $tmpstr . PHP_EOL;
$tmpstr = $rsaObj->decryptByPrivateKey($tmpstr); //用私鑰解密
echo '解密結果:' . $tmpstr . PHP_EOL;
echo PHP_EOL;
echo PHP_EOL;
echo '私鑰加密公鑰解密如下:' . PHP_EOL;
$tmpstr = $rsaObj->encryptByPrivateKey($str); //用私鑰加密
echo '私鑰加密後的數據:' . PHP_EOL;
echo $tmpstr . PHP_EOL;
$tmpstr = $rsaObj->decryptByPublicKey($tmpstr); //用公鑰解密
echo '公鑰解密結果:' . $tmpstr . PHP_EOL;

echo PHP_EOL;
echo PHP_EOL;
$signature = $rsaObj->generateSignature($tmpstr);
echo '簽名結果爲:' . $signature . PHP_EOL;

var_dump($rsaObj->checkSignature($tmpstr, $signature));
發表評論
所有評論
還沒有人評論,想成為第一個評論的人麼? 請在上方評論欄輸入並且點擊發布.
相關文章

全方位深度剖析PHP7底层源码

wy53780 2020-04-23 15:39:33

Redis主從複製以及主從複製原理

LoyaltyLu 2019-02-24 23:12:38

nginx+php執行請求的工作原理

xavier 2019-02-24 15:52:41

配置Nginx支持php,出現No input file specified錯誤的解決方法

lvqingpu 2019-02-24 13:15:35

PHP7源碼編譯安裝詳解

揚那個楊 2019-02-24 12:59:32

windows下配置php

jason1982 2019-02-24 12:57:09

PHP hebrev()函數用法講解

php参考手册 2019-02-24 12:43:05

php中file_get_contents()函數用法實例

laozhang 2019-02-24 12:43:05

PHP中的pack和unpack函數

tlanyan 2019-02-24 12:35:02

php面試問答

凌楓 2019-02-24 00:25:10

<<深入PHP面向對象、模式與實踐>>讀書筆記:面向對象設計和過程式編程

tusi 2019-02-23 17:14:59

【PHP源碼分析】small內存規格的計算

LNMPR源碼研究 2019-02-23 16:42:36

源碼分析(五)—配置篇

瀟塵淵 2019-02-23 15:22:46

ASP、JSP、PHP 三種技術比較

lichenjing9 2019-02-23 14:06:52

php項目開發經驗

ncusoho 2019-02-23 14:06:17