神刀安全网

Openssl深入探索

生成私钥文件  1024和2048位  注意:私钥owner

openssl genrsa -out rsa_private_key.pem 1024

提取公钥

openssl rsa -in rsa_private_key.pem -pubout -out rsa_public_key.pem

namespace app/common/openssl;

class Openssl

{

//值得注意的是,如果选择密钥是1024bit长的(openssl genrsa -out rsa_private_key.pem 1024),那么支持加密的明文长度字节最多只能是1024/8=128byte

//如果加密的padding填充方式选择的是OPENSSL_PKCS1_PADDING(这个要占用11个字节),那么明文长度最多只能就是128-11=117字节。

//如果超出,那么这些openssl加解密函数会返回false

    CONST DELEN = ‘256’; //取决于rsa密钥的长度,1024位密钥应设置为128 117

    CONST ENLEN = ‘245’;

    CONST KEY = ‘yan’;  //用于签名加盐,通常在sdk中使用accessKey代替

    CONST PUB = ‘—–BEGIN PUBLIC KEY—–

—–END PUBLIC KEY—–‘;

    CONST PRI = ‘—–BEGIN RSA PRIVATE KEY—–

—–END RSA PRIVATE KEY—–‘;

    private $config = [

                ‘private_key_bits’ => 2048,

            ];

    public function makeKey(){

        $resource = openssl_pkey_new($this->config);

        openssl_pkey_export($resource, $privateKey);

        echo $privateKey;

        echo openssl_pkey_get_details($resource)[‘key’];

    }

    //公钥加密

    public static function PublicEncrypt($data){

        $str = ”;

        foreach (str_split($data, self::ENLEN) as $chunk) {

            openssl_public_encrypt($chunk, $encryptData, self::PUB);

            $str .= $encryptData;

        }

        return base64_encode($str);

    }

    //公钥解密

    public static function PublicDecrypt($data){

        $data = base64_decode($data);

        $str = ”;

        foreach (str_split($data, self::DELEN) as $chunk) {

            openssl_public_decrypt($chunk, $encryptData, self::PUB);

            $str .= $encryptData;

        }

        return $str;

    }

    //私钥加密

    public static function PrivateEncrypt($data)

{

        $str = ”;

        foreach (str_split($data, self::ENLEN) as $chunk) {

            openssl_private_encrypt($chunk, $decryptData, self::PRI);

            $str .= $decryptData;

        }

        return base64_encode($str);

    }

    //私钥解密

    public static function PrivateDecrypt($data)

{

        $data = base64_decode($data);

        $str = ”;

        foreach (str_split($data, self::DELEN) as $chunk) {

            openssl_private_decrypt($chunk, $decryptData, self::PRI);

            $str .= $decryptData;

        }

        return $str;

    }

    //私钥加签

    public static function PrivateSign($data){

        openssl_sign($data, $sign, self::PRI, OPENSSL_ALGO_SHA1);

        return base64_encode($sign);

    }

    /**

* 私钥验签

    * @param $str 被加密的原始数据

    * @param $sign 签名

    * @return mixed 结果

*/

    public static function PrivateVerify($str, $sign){

        openssl_verify($str, $sign, self::PRI, OPENSSL_ALGO_SHA1);

        return $sign;

    }

    //公钥验签

    public static function PublicVerify($str, $sign){

        $sign = base64_decode($sign);

        $res = openssl_verify($str, $sign, self::PUB, OPENSSL_ALGO_SHA1);

        return $res;

    }

}

转载本站任何文章请注明:转载至神刀安全网,谢谢神刀安全网 » Openssl深入探索

分享到:更多 ()