<?php /** * Created by PhpStorm. * User: Administrator * Date: 2018/4/1 * Time: 1:50 */ //注意格式一定要有下面的标识符 $pub_key = "-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCjwmQtK4aYLSL/aOSH4g4fdTBT1JLzeRchbR6fMylOvTjGMh4IngxCwi7NAbTm8Edr02s7HXmo7oweLfqDRHvYPz7aH5Kt6gtjGzokfIVo6nN+3jDfoNBws+pPDaro5KbeIVO0kK16m+51yPS4R3lFF6bZcrGb+xq8A/QrPHxWNQIDAQAB -----END PUBLIC KEY-----"; $pri_key = "-----BEGIN RSA PRIVATE KEY----- MIICXQIBAAKBgQCjwmQtK4aYLSL/aOSH4g4fdTBT1JLzeRchbR6fMylOvTjGMh4IngxCwi7NAbTm8Edr02s7HXmo7oweLfqDRHvYPz7aH5Kt6gtjGzokfIVo6nN+3jDfoNBws+pPDaro5KbeIVO0kK16m+51yPS4R3lFF6bZcrGb+xq8A/QrPHxWNQIDAQABAoGAemICn8dRlVTWPO7VK8ADMftQnLXXBOJQKQj1w6BmlJPRZD18OJB1NUcN1uQZoCWeGrUsBEfo7hko2j0eZQ+/RRCanxM34l0cHP4WQLVYzZ5jGcAyFl3f6Ra4MKELGD3daynfct8z5+XsnD7Fwg/kWNWZ8NJIKHICoqBrgF6wnJkCQQDZUBhAarJsMdebDPw/wj8ovTYZWJf0oqoL+FjDsJF4p8e0MDMIGmsBTPbv5wVaF+8/EFTQ7PDhD0oWRKBpeT6/AkEAwOmgUPXWmxi/TtwjFfX7290GXERjkCwGc5Yj8bVh4YdjPl2ijaFFrogvr3gCKFDd9AD/Oz5zKcrxSl4H5sZcCwJBAMiUuD3E/fkFrFduDeqf1YI52xRcBK4F8mToDq5ZbHxsiNUVZBUHpVrm+kqG9xaoXujbnx3UhaWGYkDZiSKxiasCQQCD7MEX3KcgdbIOqfjMgeX1G5fH7XTxGUpoLVrzZwlDBCVYdww9MvbGPpfttXI0Q+klfrEMwM5c3E5afyeEKE61AkA0m6sjb5ypwXMbXo5+uSEHkpL0Qqb87SCRVV/Bli7OJNuv9DrdwVO27AA192WxUoDfC23faeeETB1Su4M785U6 -----END RSA PRIVATE KEY-----"; $str = "这个是要加密的字符串888"; //这个例子是演示RSA加密 //非对称加密 分为 公钥和私钥 //通常 公钥加密 私钥解密,私钥加密,公钥用来验签 /* * 用到的加密函数 openssl_private_decrypt — Decrypts data with private key openssl_private_encrypt — Encrypts data with private key openssl_public_decrypt — Decrypts data with public key openssl_public_encrypt — Encrypts data with public key * */ //echo $private_key; $pi_key = openssl_pkey_get_private($pri_key);//这个函数可用来判断私钥是否是可用的,可用返回资源id Resource id $pu_key = openssl_pkey_get_public($pub_key);//这个函数可用来判断公钥是否是可用的 //print_r($pi_key);echo " "; //print_r($pu_key);echo " "; //公钥加密过程 $enStr = ''; openssl_public_encrypt($str,$enStr,$pu_key); //参数的意义: 密文数据, 加密解密后的数据,密钥,加密解密的填充(没填) //加密后的字符 有些无法显示 需要 base64_encode ( string $data ) ,解密的时候不需要要 base64_decode ( string $data ) echo base64_encode ($enStr); echo "<br/>"; //私钥解密过程 $deStr = ''; //$enStr = base64_decode ( $enStr); openssl_private_decrypt($enStr,$deStr,$pi_key); echo $deStr; echo "<br/>"; //下面是签名验证例子 $binary_signature = ""; // At least with PHP 5.2.2 / OpenSSL 0.9.8b (Fedora 7) // there seems to be no need to call openssl_get_privatekey or similar. // Just pass the key as defined above openssl_sign($str, $binary_signature, $pi_key, OPENSSL_ALGO_SHA1); // Check signature $ok = openssl_verify($str, $binary_signature, $pu_key, OPENSSL_ALGO_SHA1); echo "check #1: "; if ($ok == 1) { echo "signature ok (as it should be) "; } elseif ($ok == 0) { echo "bad (there's something wrong) "; } else { echo "ugly, error checking signature "; }
还有验签 一定是用对方的公钥,去验证人家私钥加密的内容哦..
淘宝开放平台,安全签名就是用的此算法, 我自己(商家开发者)生成有商家私钥和商家公钥,支付宝那边有支付宝私钥和支付宝公钥。具体是商家把商家公钥给支付宝(支付宝用作解密和签名验证),我们获取支付宝公钥(用来对支付宝发来的信息进行解密和签名校验)。
注意,私钥一定是自己用的,公钥给其他人用.
参考地址 : http://php.net/manual/en/function.openssl-private-decrypt.php
https://docs.open.alipay.com/58/103242
生成秘钥:http://php.net/manual/en/function.openssl-private-encrypt.php
$res = openssl_pkey_new(); // Get private key openssl_pkey_export($res, $privkey); // Get public key $pubkey = openssl_pkey_get_details($res); $pubkey = $pubkey["key"]; var_dump($privkey); var_dump($pubkey);
在加密解密的时候,对秘钥的格式一定要注意,
$str = trim(self::$priKey); $str = chunk_split($str, 64, PHP_EOL);//在每一个64字符后加一个 $key = "-----BEGIN RSA PRIVATE KEY-----".PHP_EOL.$str."-----END RSA PRIVATE KEY-----".PHP_EOL; echo $key;
$signature = ''; if (openssl_sign($data, $signature, openssl_pkey_get_private($key), OPENSSL_ALGO_SHA256)) { $res = base64_encode($signature); return $res; }
秘钥一定是下面格式才可以加密解密成功:
