一、openssl的下載
在此推薦composer下載(原網頁:https://packagist.org/packages/dzgz/mpf-openssl)
cmd進入你想要下載的項目比如(ssl)
H:\www\ssl>composer require dzgz/mpf-openssl
回車下載到ssl項目下,這樣方便項目使用,如果自行測試也可以下載到測試文件夾下面。
下載完成後有一下幾個文件。
二、下面說重點
1、我在這裏用的是:公鑰加密/私鑰解密。因爲項目需求公鑰和私鑰都是提前生成好的,並且我這裏的私鑰是加了密的私鑰。
那麼加密的私鑰和不加密的私鑰有什麼區別呢?你可以看一下你生成的私鑰第一行
-----BEGIN ENCRYPTED PRIVATE KEY----- 私鑰頭有 ENCRYPTED 此類爲加密的私鑰
加密的私鑰在解密的時候要先用 openssl_pkey_get_private() 獲取私鑰後才能解密。
2、首先介紹這次我們使用到的幾個函數:
/**
* openssl_public_encrypt(data加密的數據,crypted這將保存加密的結果,key公鑰) //公鑰加密,
* openssl_pkey_get_private($key私鑰,$passphrase私鑰密碼) // 獲取私鑰
* openssl_private_decrypt(crypted解密的數據,decrypted保存解密出來的結果,key必須是和用來加密數據所用公鑰對應的私鑰。(或者是通過密碼取出來的私鑰結果)) //私鑰解密
**/
3、話不多說我們直接上代碼
//生成密鑰對
$KeyPair = new \mpf\openssl\KeyPair();
$privateKeyPassword = uniqid();
$data=$KeyPair->gen($privateKeyPassword);
var_dump($data);
$KeyPair->genToFile(__DIR__ . '/private.key',__DIR__ . '/public.key',$privateKeyPassword);
//生成證書請求和私鑰:
$CertificateRequest = new \mpf\openssl\CertificateRequest();
$privateKeyPassword = "123456";
$dn = [];
$data = $CertificateRequest->gen($dn,$privateKeyPassword);
var_dump($data);
$CertificateRequest->genToFile($dn,__DIR__ . '/private.key',__DIR__ . '/certificate.req',$privateKeyPassword);
//生成自簽名的證書和私鑰:
$Certificate = new \mpf\openssl\selfSigned\Certificate();
$privateKeyPassword = "123456";
$dn = [];
$days = 365;
$data = $Certificate->gen($dn,$days,$privateKeyPassword);
var_dump($data);
$Certificate->genToFile($dn,$days,__DIR__ . '/private.key',__DIR__ . '/certificate.crt',$privateKeyPassword);
//生成自簽名的PKCS#12兼容的證書和私鑰:
$Pkcs12 = new \mpf\openssl\selfSigned\Pkcs12();
$privateKeyPassword = "123456";
$dn = [];
$days = 365;
$data = $Pkcs12->gen($dn,$days,$privateKeyPassword);
var_dump($data);
$Pkcs12->genToFile($dn,$days,__DIR__ . '/personal.pfx',$privateKeyPassword);
//以下用系統祕鑰對(私鑰是加密私鑰,密碼是123456) 對$privateKeyPassword進行加密,解密。
$system_public_key = '-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDFz6209zhVzZ/wpUuG69F8kbN9
7mmgA7d8lIdzVMRz5Uvg1NP9nlhKR+eV80Kq0ElcEgd9HzBEiKYWYsQGiGqjAWsT
9v/QrFVMluGZvb3WHWqDGVNZYNOJMaZN+YoD6tx5x9UQ/hqKXYcTSu3l0YUd3BWE
i3UEmBF5JWopt94GfQIDAQAB
-----END PUBLIC KEY-----';
$system_private_key="-----BEGIN ENCRYPTED PRIVATE KEY-----
MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIkSUqjUYhqSACAggA
MBQGCCqGSIb3DQMHBAjj4XhUq1ZGkQSCAoCt65W/y+CEzzqUQB1hCrIpVBeg6zQS
vS8At+akGUPxvUGglYhtpgy7w3kpYW7JUm3J2pkbEuHxRUyvAlta7a3NGO5s6Qy0
RRrY2v2dhg0nYINvoh+qcWLxMk6AuwF6HpXBmHhqP7hhkxQLnrZMOQvw7vXv43gh
EEEjg8C321coeodAuls0nQLn1smDnObQ/qAeX1nussGG53ZObv6YLVoh4O+QgUS3
uy2WBG6qeMFxjsDZ2+lkG1lKd7upOm4aP9eQ8AFeTEMRy64oGjoT6BV6OYQyQ/5O
jBsZxcr/x1WpuCQ6hlRklthUQ866fMe8UoVf27gRQLitRxtU7cig1GtuCe5LA7px
AcDmnU5KfzlSNrAF6852R4H4+rIE6+V/NqTSk6WyJNYDRg9sPY24DCr/Gh3AWw+l
7FTOHznfbzM7cCa1He1Oj3BSDmwbq0e4ZtUuMaX9wMAjys170l+yhllE0oAd/ECl
dkja/mfXm6MpPE5V4Rc3B/9WrqhIqxX2VIQkywfZ5mZBDDoEL/OTXJ3JPA8z1Acy
xUtwBcnj/Yij0QJTAQi4jRv/fY+Iq+4R+ZSyDPCKp9MtdNO4xjz0m5uTNeSiSkci
J8ZVPN5g/m7XqXvIg4W9s5c2BoDRyXZftd/+ueKFp7FLxRZRQuIe4OJ0ImJlDMM0
vCyN5NfYN4Xxvi+MGZYMfympvFAIokHx+sfnW1A1QEm6DaqgQ/C33b2L1d4JDwxx
rsH13jExwlAjafBgVpC82gdi/9uwmzKGSF4cQCH5a1DMFxxwRLTrxfr88y1aNX2A
MeUUvMzeFG082FQ2rwbWcuS+faod/gnIpopoI24xgBAby6S1MMP6VEXH
-----END ENCRYPTED PRIVATE KEY-----";
//openssl_public_encrypt 加密, openssl_private_decrypt()解密
if( !openssl_public_encrypt($privateKeyPassword,$privateKeyPassword_cipher,$system_public_key) ){
throw new \Exception(openssl_error_string() );
}
//加密成功
var_dump("系統密鑰對加密前:".$privateKeyPassword."<br>"."系統密鑰對加密後:".base64_encode($privateKeyPassword_cipher));
//獲取私鑰
$res=openssl_pkey_get_private($system_private_key,'123456');
if( !openssl_private_decrypt($privateKeyPassword_cipher,$privateKeyPassword_cipher2,$res) ){
throw new \Exception(openssl_error_string() );
}
//解密成功
var_dump("系統密鑰對解密前:".base64_encode($privateKeyPassword_cipher)."<br>"."系統密鑰對加密後:".$privateKeyPassword_cipher2);
4、此文章是作爲本人在自行測試學習中的總結,具體到項目中如何運用,具體項目具體分析吧哈哈。