RSA加密传输:
对于初接触RSA加密的童鞋来说,很可能会被绕进去。最近写了一个RSA加密传输的需求,总结一下。希望能对你有点帮助。
首先要明白以下几点:
1:公钥和私钥一定是成对的才可以
2:私钥是保密的,公钥是公开的
3:公钥和私钥,可以互为加密和解密
4:用其中一个密钥加密数据,则只有对应的那个密钥才能解开
主要有两种用法
1:公钥加密
A传输数据给B
(1),A用公钥加密数据,传输给B
(2),B用私钥解密
2:公钥认证
A传输数据给B
(1),A用私钥加密数据(也就是私钥签名),传输给B
(2),B用公钥解密(也就是验签)
示例:证书,公钥认证的过程
签名:
???/** ???signing ?签名 password ??私钥证书需要密码 ????*/ ???public function get_signing_str($data){ ???????//$data=$this->get_request_string(); ???????$certs=array(); ??????// dump(file_get_contents(ROOT_PATH."public/static/"."private_key.pfx")); ???????openssl_pkcs12_read(file_get_contents(ROOT_PATH."public/static/"."private_key.pfx"), $certs, "password"); ???????if(!$certs) return; ???????$signature = ‘‘; ???????openssl_sign($data, $signature, $certs[‘pkey‘],‘sha256‘); ???????//dump(base64_encode($signature)); ???????return base64_encode($signature); ???}验签:
public function verify_signing($rest){ ???????$rest=json_decode($rest,true); ???????$sign=$rest[‘sign‘]; ???????$sign = base64_decode($sign);//签名参数 ???????unset($rest[‘sign‘]); ???????unset($rest[‘sign_type‘]); ???????$verifystr=$this->get_request_str($rest);//验签明文字符串 ???????$pkeyid = openssl_pkey_get_public(file_get_contents(ROOT_PATH."public/static/"."public_key.cer")); ???????$verify = openssl_verify($verifystr,$sign,$pkeyid,‘sha256‘); //验签 ?(明文/签名/key) ??????// $msg = openssl_error_string(); ??????// dump($msg); ??????// dump($verify); ???????openssl_free_key($pkeyid); ???????if($verify==1){ ???????????echo ‘验签通过‘; ??????????// $data=json_encode($rest); ??????????// return $data; ???????}else{ ???????????return ‘验签失败‘; ???????} ???}RSA加密过程
???????$privateKeyStr=file_get_contents(ROOT_PATH."public/static/"."pkcs1_key.pem"); ???????$pi_key=openssl_pkey_get_private($privateKeyStr); ?????????????$encryptSign=""; ???????openssl_private_encrypt($sign_str,$encryptSign,$pi_key); ?//(待加密字符串/加密后的字符串/key)
SHA加密过程
$sign ?= hash(‘sha256‘,$source); ?//(算法/待加密字符串)
RSA 加密传输 (php)
原文地址:http://www.cnblogs.com/ikoala/p/7449999.html