<?php
/**
* ras 生成钥对,加密/解密码,加密验证
* @author
*
*/
class Ras
{
// 公钥
private $publicKey = __DIR__ . './ras/publicKey.pem';
// 私钥
private $privateKey = __DIR__ . './ras/privateKey.pem';
//配置需要用到环境配置文件 openssl.cnf
private $config_path = 'D:/phpstudy_pro/Extensions/Apache2.4.39/conf/openssl.cnf';
/**
* 测试生成签名对
*/
public function testRas()
{
// 生成新的公私钥对
$this->create_ras_key_pair();
// 要加密的字符串
$str = 'test123';
echo "要加密的字符串:{$str} \n\n";
// 加密生成字符串
$encrypt_str = $this->public_encrypt($str);
echo "加密生成的字符串:" . $encrypt_str;
echo "\n\n ----- \n\n";
// 解密由加密生成的字符串
$decrypt_str = $this->private_decrypt($encrypt_str);
echo "解密生成的字符串:" . $decrypt_str;
echo "\n\n ----- \n\n";
// 字符串生成签名
$sign_str = $this->sign($decrypt_str);
echo "生成签名:" . $sign_str;
echo "\n\n ----- \n\n";
// 验证签名生成的字符串
$res = $this->verify($decrypt_str,$sign_str);
echo "验证签名:";
var_dump($res);
}
/**
* 生成公钥和私钥对
* @return false|void
*/
public function create_ras_key_pair()
{
$config = array(
'digest_alg' => 'sha512',
'private_key_bits' => 4096,
'private_key_type' => OPENSSL_KEYTYPE_RSA,
'config' => realpath($this->config_path)
);
$new_key = openssl_pkey_new($config);
if(!$new_key)
{
return false;
}
openssl_pkey_export($new_key,$private_key,null,$config);
$public_key = openssl_pkey_get_details($new_key);
// 公钥
file_put_contents($this->publicKey,$public_key['key']);
// 密钥
file_put_contents($this->privateKey,$private_key);
// echo "public_key:\n";
// var_dump($public_key);
// echo "\n\n\n\n private_key:\n";
// var_dump($private_key);
openssl_free_key($new_key);
}
/**
* 公钥加密
* @param $str 要加密的明文
* @return string
*/
public function public_encrypt($str){
$public_key = file_get_contents($this->publicKey);
openssl_public_encrypt($str, $encrypt_str, $public_key);
return base64_encode($encrypt_str);
}
/**
* 私钥解密
* @param $encrypt_str 要解密的密文
* @return mixed
*/
public function private_decrypt($encrypt_str){
$private_key_str = file_get_contents($this->privateKey);
$private_key = openssl_get_privatekey($private_key_str);
$encrypt_str_result = base64_decode($encrypt_str);
openssl_private_decrypt($encrypt_str_result,$decrypt_str,$private_key);
return $decrypt_str;
}
/**
* 私钥签名
* @param $plain 要签的明文
* @return false|string|void
*/
public function sign($plain)
{
try{
$priv_key = file_get_contents($this->privateKey);
$pkeyid = openssl_get_privatekey($priv_key);
if(!is_resource($pkeyid)){
return false;
}
openssl_sign($plain, $signature,$pkeyid,OPENSSL_ALGO_SHA256);
openssl_free_key($pkeyid);
return base64_encode($signature);
}catch(Exception $e){
print_r($e);
}
}
/**
* @param $plain 要签的明文
* @param $signature 生成的签名
*/
public function verify($plain,$signature){
$signature = base64_decode($signature);
$cert = file_get_contents($this->publicKey);
$pubkeyid = openssl_get_publickey($cert);
if(!is_resource($pubkeyid)){
return false;
}
$ok = openssl_verify($plain, $signature,$pubkeyid,OPENSSL_ALGO_SHA256);
@openssl_free_key($pubkeyid);
if($ok == 1){
return true;
}
return false;
}
}
(new Ras())->testRas();
/*
要加密的字符串:test123
加密生成的字符串:KSd7kRWCiWiCapmFeWfrO3Zuy4iG+wg6zmAWPDp5x2117BZO/++ECRTFKU+JNtXLaODJwo3a/nUACVgp/aKGDNyWNOi60K/GQYDeOIBJbv9CwUfHUL/3U9+qmyGA25+Br/AfnUyTLXw2xAGpO0wsx71uJdg19rWiPLoSxM7PO+WS1q3ekqK3dktOIzeS8EwtIhuC8G9WG6HoMeNZl8CzVUtEr/s34qtA7npgDjje8DziCrXCmJk0nMGuKZaYJc9MGQ6F1/ULpPilm2HQxj5ZhTmJc5Z5fQtfEVrIbg7Z+wQOlSjXSR4wU4SHdVOyjyIzC/CV6+lB2isNMCWCnE9kj+TJ+hM7e3bZr+v1KLcyXi0NirGO/SOd8Mh49Vf22eahME2pwKm/B0hFcuMTsDTNLcjA93c9akfjo4w2PFGY+rpvFqB6WTQhgZVfKmFosiHqyGmBg3H/rVS2NRZ7VCvBwt+RN2DDH/2Wpcrod7x3JylYVbZBK+BTRUpVPoVN+l3e62a0iqLKlM4fdHB/vHn/OD3OBw1OTCZzZdzbIra0ykDgrkW+IqQI/HDALUcPRfp6klAi7IEjsW3Z4VTgKAhNzPUarWkjaKm5oaVXSaT5NTcoPOpSC2hK6Vcd+wChKuXC8iScxjTjKJoG8tnMtNC6SfBQkXneDjTuBpZ2w1rns8g=
-----
解密生成的字符串:test123
-----
生成签名:TuELg67wti693pURJjZ4V9NeqoZQscUVL72uuNyu4QGI0ed0JrJQEPMeNWA6T7kAtHra5rSKIgVb9vhOpPSy4fycqXp4TJyDsKvY2DIqAdzYDx62HCBMZSjwOjLDHGn+4B/j2B//x2igdgpxUOSmD5iXvutuLASlvSkTQI8KoKOfc13IYy8kIrgrd464wC8nePfFy+oKFw4Efl0ZWwRZ3UzRW+ip8BFJSnMMjkuB6JdcdlphqdCniN8I7WenJnuOy0OGEj7uQHbUjDeaJDr7sKvyASuh8eWieNzbUMMLXLwC2vcJX2IGu+ozYvAmIEBUXZmBkTiD0GWHEWTCg0/V93AoJYAINP87TCQuzuM4O7cjlmicVtfXlQwT9ShxOgJvki/hrLrE9noElpiaFXJ81RO7qMlFz4nMNofDNAVDD8DibiBlVONgf2JpAGiidDAoo6ct6VdsGvAs9nV+WddoXyhtv/lBlo9JN4pUaiKfzkCL2WfbAxTWiU58jkwe7EjfbH0HiIJDtEDLgbtdNIauhXOXbced61VScaFHh9jk4grXgVtqBL+K0aOweq/Q9Gqx2PYuVE2kYuFDYhjYLoGVssgB9PGDgeHeIPzDvudkcsydexaM3BtSIMPyvu3TR3GnRv9kdEWNwaJPFkpf6dRvo0RSK+ZPidxqI01Qg6I5i+k=
-----
验证签名:bool(true)
*/