事情中常常会涌现对敏感数据加解密的须要,比如自己当前金融公司涉及到的用户交易数据,用户身份识别验证等。这里有关用户身份识别的用到了RSA加密算法。php这里用到了openss协议。
非对称加密即是私钥加密需用公钥解密;公钥加密的需用私钥解密;公钥和私钥是成对涌现,公钥可以派发给所用人,私钥只可做事端保留。
##做事器是centos7##首先确定做事器是否安装openssl协议(未安装的请实行命令yum install -y openssl-devel):[root@iz2vcf47jzvf8dxrapolf7z test]# openssl versionOpenSSL 1.0.2k-fips 26 Jan 2017[root@iz2vcf47jzvf8dxrapolf7z test]##天生私钥文件rsa_private_key.pem文件[root@iz2vcf47jzvf8dxrapolf7z test]# openssl genrsa -out rsa_private_key.pem 1024Generating RSA private key, 1024 bit long modulus..................................................++++++........................................................................++++++e is 65537 (0x10001)##私钥转成pkcs8模式(文末附各模式解释)[root@iz2vcf47jzvf8dxrapolf7z test]# openssl pkcs8 -topk8 -inform PEM -in rsa_private_key.pem -outform PEM -nocrypt -out private_key.pem##打印私钥文件[root@iz2vcf47jzvf8dxrapolf7z test]# cat rsa_private_key.pem-----BEGIN RSA PRIVATE KEY-----MIICXQIBAAKBgQCh13gUKZWQlx7cuYQvY1A6JuJjArMax8yHcTrtcL+kpa5Cg6mD609QNiTacuJxmh7Q/w+1Lw/cuWN0Q7s3s4WzJET6YCi3fH4zqVmpqWIcKWC/hE3pVV3lJsBvMpoz2bFn1eRwVtmSp4dVAqe542YvbZ13VGheEvkKi5uqWyhY1wIDAQABAoGAIYSjjOFz5Wc28BXH55yU8AY/mqvjdidtF5v+zVAtkKbzqTjlcbnZSk58YXWrqkV2HmjE0wx1J4yJqXmhm46loLkIpWdQfzRyFFnK3xmo9Lc6jXbIrKmFYyN7FTqT5cADvrTJ2jO9BlDG0ddTp7pl6dRi00jkrTRU3mgxZZ1kOWkCQQDRZZl9LKs+lz0vkOEKGuhjfHpFYpjce/mg0XfOZuFIqYXdm/nO1nx/KAr+xtUhiqkRzdxADOA0NrxgalCtT1NbAkEAxdxotvcFYKOFES1aOAg35mv7Inlnjelbj1Jx0wtGRVUV/0nvMVKfTLInECD2mUaE00OWjuXanAI2FQQWbML1NQJBAL/AGDRGaXJhsIgUVd+ZEGG6JYXQakbNyKR57Qo3r+mIQ6vSH4pHY65VjuwMTDPw9C33o8+LeuyVix+He+WZFK0CQQDAGb+9LFYXPou6Yqr+TdRgLiSUkwScfp27qBMFESQ3umVyB8lovMwXPby5ZxelNxdMuolZ0gaOg4MYonBXRm2lAkAEOjH32XMSTB+HI+lQrLCFiumyRjHpgbRgTcyUQolYfjR63M0E/rzVIneKPqLP+ySOYLFcO3bjuMa75CQic8PF-----END RSA PRIVATE KEY----- ##根据私钥得到相应的公钥 [root@iz2vcf47jzvf8dxrapolf7z test]# openssl rsa -in rsa_private_key.pem -pubout -out rsa_public_key.pem writing RSA key [root@iz2vcf47jzvf8dxrapolf7z test]# cat rsa_public_key.pem -----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCh13gUKZWQlx7cuYQvY1A6JuJj ArMax8yHcTrtcL+kpa5Cg6mD609QNiTacuJxmh7Q/w+1Lw/cuWN0Q7s3s4WzJET6 YCi3fH4zqVmpqWIcKWC/hE3pVV3lJsBvMpoz2bFn1eRwVtmSp4dVAqe542YvbZ13 VGheEvkKi5uqWyhY1wIDAQAB -----END PUBLIC KEY-----
##新建openssl.php
[root@iz2vcf47jzvf8dxrapolf7z test]# cat openssl.php<?php/ 私钥加密/公钥解密 @param $str string 待加解密字符串 @param $isEncrypt boolean return string|null / function opensslPrivateEncrypt($str, $isEncrypt = true) { if($isEncrypt){ $privateKey = file_get_contents('./rsa_private_key.pem'); $privateKey = openssl_pkey_get_private($privateKey); return openssl_private_encrypt($str, $encryptedStr, $privateKey) ? base64_encode($encryptedStr) : null; }else{ $publicKey = file_get_contents('./rsa_public_key.pem'); $publicKey = openssl_pkey_get_public($publicKey); return (openssl_public_decrypt(base64_decode($str), $decryptedStr, $publicKey)) ? $decryptedStr : null; }}/ 公钥加密/私钥解密 @param $str string 待加解密字符串 @param $isEncrypt boolean return string|null /function opensslPublicEncrypt($str , $isEncrypt = true){ if($isEncrypt){ $publicKey = file_get_contents('./rsa_public_key.pem'); $publicKey = openssl_pkey_get_public($publicKey); return openssl_public_encrypt($str, $encryptedStr, $publicKey) ? base64_encode($encryptedStr) : null; }else{ $privateKey = file_get_contents('./rsa_private_key.pem'); $privateKey = openssl_pkey_get_private($privateKey); return (openssl_private_decrypt(base64_decode($str), $decryptedStr, $privateKey)) ? $decryptedStr : null; }}$config = array();$config['title'] = 'PHP is the best program language.';$config['comment'] = 'PHPERS are great people.';$privateEncrypt = opensslPrivateEncrypt(json_encode($config));echo(\"大众##privateEncrypt is:\"大众 . PHP_EOL);echo($privateEncrypt . PHP_EOL);$privateDecrypt = opensslPrivateEncrypt($privateEncrypt, false);echo(\"大众##privateDecrypt is:\"大众 . PHP_EOL);echo($privateDecrypt . PHP_EOL);$publicEncrypt = opensslPublicEncrypt(json_encode($config));echo(\"大众##publicEncrypt is:\公众 . PHP_EOL);echo($publicEncrypt . PHP_EOL);$publicDecrypt = opensslPublicEncrypt($publicEncrypt, false);echo(\公众##publicDecrypt is:\"大众 . PHP_EOL);echo($publicDecrypt . PHP_EOL);##实行脚本[root@iz2vcf47jzvf8dxrapolf7z test]# php openssl.php##privateEncrypt is:mLrLIAwbwlE69Yj5/lnNw1t8qSjhnFa+96s/kSMYweAn/HEsV7jfVAJ6mn/FY2DRRWkKeOnguUYsRcFTBcS1ieG7UtqbUAASXA5dwVgtTrFoDcDhHMl7p90+dIO8n+vMoBx1kkUegpvtH03y3MgUVSj/BLkLE8jrFXyjGufIcv0=##privateDecrypt is:{\"大众title\"大众:\公众PHP is the best program language.\"大众,\"大众comment\"大众:\公众PHPERS are great people.\"大众}##publicEncrypt is:NW2k5m2pKrZmEMSHXiK7mfyC+yDjH1+b6TrEMPv+ywBfsUlo2P8eWwcXOQxvsV4UG87a1S4Xa2QySntdEwhpYoim97457ODVVCb6jx+cqqdWJ1wlLS+gx7FJxw7Z0kMPmCm5iMcQwWPK+UzF+dpc/gJFa9uGAAmYczUumOauAx0=##publicDecrypt is:{\公众title\"大众:\公众PHP is the best program language.\公众,\公众comment\公众:\"大众PHPERS are great people.\"大众}