一、openssl的下载
在此推荐composer下载(原网页:
cmd进入你想要下载的项目比如(ssl)
H:\www\ssl>composer require dzgz/mpf-openssl
回车下载到ssl项目下,这样方便项目使用,如果自行测试也可以下载到测试文件夹下面。
下载完成后有一下几个文件。
二、下面说重点
1、我在这里用的是:公钥加密/私钥解密。因为项目需求公钥和私钥都是提前生成好的,并且我这里的私钥是加了密的私钥。
那么加密的私钥和不加密的私钥有什么区别呢?你可以看一下你生成的私钥第一行
-----BEGIN ENCRYPTED PRIVATE KEY----- 私钥头有 ENCRYPTED 此类为加密的私钥复制代码
加密的私钥在解密的时候要先用 openssl_pkey_get_private() 获取私钥后才能解密。
2、首先介绍这次我们使用到的几个函数:
/*** openssl_public_encrypt(data加密的数据,crypted这将保存加密的结果,key公钥) //公钥加密,* openssl_pkey_get_private($key私钥,$passphrase私钥密码) // 获取私钥* openssl_private_decrypt(crypted解密的数据,decrypted保存解密出来的结果,key必须是和用来加密数据所用公钥对应的私钥。(或者是通过密码取出来的私钥结果)) //私钥解密**/复制代码
3、话不多说我们直接上代码
//生成密钥对$KeyPair = new \mpf\openssl\KeyPair();$privateKeyPassword = uniqid();$data=$KeyPair->gen($privateKeyPassword);var_dump($data);$KeyPair->genToFile(__DIR__ . '/private.key',__DIR__ . '/public.key',$privateKeyPassword);//生成证书请求和私钥:$CertificateRequest = new \mpf\openssl\CertificateRequest();$privateKeyPassword = "123456";$dn = [];$data = $CertificateRequest->gen($dn,$privateKeyPassword);var_dump($data);$CertificateRequest->genToFile($dn,__DIR__ . '/private.key',__DIR__ . '/certificate.req',$privateKeyPassword);//生成自签名的证书和私钥:$Certificate = new \mpf\openssl\selfSigned\Certificate();$privateKeyPassword = "123456";$dn = [];$days = 365;$data = $Certificate->gen($dn,$days,$privateKeyPassword);var_dump($data);$Certificate->genToFile($dn,$days,__DIR__ . '/private.key',__DIR__ . '/certificate.crt',$privateKeyPassword);//生成自签名的PKCS#12兼容的证书和私钥:$Pkcs12 = new \mpf\openssl\selfSigned\Pkcs12();$privateKeyPassword = "123456";$dn = [];$days = 365;$data = $Pkcs12->gen($dn,$days,$privateKeyPassword);var_dump($data);$Pkcs12->genToFile($dn,$days,__DIR__ . '/personal.pfx',$privateKeyPassword); //以下用系统秘钥对(私钥是加密私钥,密码是123456) 对$privateKeyPassword进行加密,解密。$system_public_key = '-----BEGIN PUBLIC KEY-----MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDFz6209zhVzZ/wpUuG69F8kbN97mmgA7d8lIdzVMRz5Uvg1NP9nlhKR+eV80Kq0ElcEgd9HzBEiKYWYsQGiGqjAWsT9v/QrFVMluGZvb3WHWqDGVNZYNOJMaZN+YoD6tx5x9UQ/hqKXYcTSu3l0YUd3BWEi3UEmBF5JWopt94GfQIDAQAB-----END PUBLIC KEY-----';$system_private_key="-----BEGIN ENCRYPTED PRIVATE KEY-----MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIkSUqjUYhqSACAggAMBQGCCqGSIb3DQMHBAjj4XhUq1ZGkQSCAoCt65W/y+CEzzqUQB1hCrIpVBeg6zQSvS8At+akGUPxvUGglYhtpgy7w3kpYW7JUm3J2pkbEuHxRUyvAlta7a3NGO5s6Qy0RRrY2v2dhg0nYINvoh+qcWLxMk6AuwF6HpXBmHhqP7hhkxQLnrZMOQvw7vXv43ghEEEjg8C321coeodAuls0nQLn1smDnObQ/qAeX1nussGG53ZObv6YLVoh4O+QgUS3uy2WBG6qeMFxjsDZ2+lkG1lKd7upOm4aP9eQ8AFeTEMRy64oGjoT6BV6OYQyQ/5OjBsZxcr/x1WpuCQ6hlRklthUQ866fMe8UoVf27gRQLitRxtU7cig1GtuCe5LA7pxAcDmnU5KfzlSNrAF6852R4H4+rIE6+V/NqTSk6WyJNYDRg9sPY24DCr/Gh3AWw+l7FTOHznfbzM7cCa1He1Oj3BSDmwbq0e4ZtUuMaX9wMAjys170l+yhllE0oAd/ECldkja/mfXm6MpPE5V4Rc3B/9WrqhIqxX2VIQkywfZ5mZBDDoEL/OTXJ3JPA8z1AcyxUtwBcnj/Yij0QJTAQi4jRv/fY+Iq+4R+ZSyDPCKp9MtdNO4xjz0m5uTNeSiSkciJ8ZVPN5g/m7XqXvIg4W9s5c2BoDRyXZftd/+ueKFp7FLxRZRQuIe4OJ0ImJlDMM0vCyN5NfYN4Xxvi+MGZYMfympvFAIokHx+sfnW1A1QEm6DaqgQ/C33b2L1d4JDwxxrsH13jExwlAjafBgVpC82gdi/9uwmzKGSF4cQCH5a1DMFxxwRLTrxfr88y1aNX2AMeUUvMzeFG082FQ2rwbWcuS+faod/gnIpopoI24xgBAby6S1MMP6VEXH-----END ENCRYPTED PRIVATE KEY-----";//openssl_public_encrypt 加密, openssl_private_decrypt()解密if( !openssl_public_encrypt($privateKeyPassword,$privateKeyPassword_cipher,$system_public_key) ){ throw new \Exception(openssl_error_string() );}//加密成功var_dump("系统密钥对加密前:".$privateKeyPassword.""."系统密钥对加密后:".base64_encode($privateKeyPassword_cipher));//获取私钥$res=openssl_pkey_get_private($system_private_key,'123456');if( !openssl_private_decrypt($privateKeyPassword_cipher,$privateKeyPassword_cipher2,$res) ){ throw new \Exception(openssl_error_string() );}//解密成功var_dump("系统密钥对解密前:".base64_encode($privateKeyPassword_cipher).""."系统密钥对加密后:".$privateKeyPassword_cipher2);复制代码
4、此文章是作为本人在自行测试学习中的总结,具体到项目中如何运用,具体项目具体分析吧哈哈。