MarkJane
7/11/2017 - 6:41 AM
openssl_encrypt 加密 rsa加密
openssl_encrypt 加密 rsa加密
//生成前端请求需要的token
public function get_client_token(){
$uniqid = $this->I("uniqid",FALSE);
if (empty($uniqid)) {
$this->json_exit(array('status'=>FALSE,'msg'=>'参数异常'));
}
$adsb_config = array('iv'=>'hBMg5$la5Z_6eRFh','secret'=>'lRRcR1tfC2SE%6h*','appid'=>'4WNQDS1MZI3Ur_(X');
// 密文保持是16的倍数
$length = 16;
// 有效期
$valid_period = $this->uid > 0 ? 600 : 180;
// rand:user_id:timesp:int
$text = rand(1, 100000) . ':'. $uniqid . ':' . time() . ':' . $valid_period;
// 保证文本长度是length倍数,用空格填充
$text = str_pad($text, ceil(strlen($text)/$length) * $length, ' ');
$encrypt = base64_encode(openssl_encrypt($text,'AES-128-CBC',$adsb_config['secret'],OPENSSL_RAW_DATA|OPENSSL_ZERO_PADDING,$adsb_config['iv']));
$this->json_exit(array("status"=>TRUE,"appid"=>$appid,"token"=>$encrypt));
}<?php
/*RSA 与 RSA2
算法名称 标准名称 备注
RSA2 SHA256WithRSA 强制要求RSA密钥的长度至少为2048
RSA SHA1WithRSA 对RSA密钥的长度不限制,推荐使用2048位以上
RSA2 比 RSA 有更强的安全能力。
蚂蚁金服,新浪微博 都在使用 RSA2 算法。
创建公钥和私钥:
openssl genrsa -out private_key.pem 2048
openssl rsa -in private_key.pem -pubout -out public_key.pem
执行上面命令,会生成 private_key.pem 和 public_key.pem 两个文件。*/
class Rsa2
{
private static $PRIVATE_KEY = 'private_key.pem 内容';
private static $PUBLIC_KEY = 'public_key.pem 内容';
/**
* 获取私钥
* @return bool|resource
*/
private static function getPrivateKey()
{
$privateKey = self::$PRIVATE_KEY;
return openssl_pkey_get_private($privateKey);
}
/**
* 获取公钥
* @return bool|resource
*/
private static function getPublicKey()
{
$publicKey = self::$PUBLIC_KEY;
return openssl_pkey_get_public($publicKey);
}
/**
* 私钥加密
* @param string $data
* @return null|string
*/
public static function privateEncrypt($data = '')
{
if (!is_string($data)) {
return null;
}
return openssl_private_encrypt($data,$encrypted,self::getPrivateKey()) ? base64_encode($encrypted) : null;
}
/**
* 公钥加密
* @param string $data
* @return null|string
*/
public static function publicEncrypt($data = '')
{
if (!is_string($data)) {
return null;
}
return openssl_public_encrypt($data,$encrypted,self::getPublicKey()) ? base64_encode($encrypted) : null;
}
/**
* 私钥解密
* @param string $encrypted
* @return null
*/
public static function privateDecrypt($encrypted = '')
{
if (!is_string($encrypted)) {
return null;
}
return (openssl_private_decrypt(base64_decode($encrypted), $decrypted, self::getPrivateKey())) ? $decrypted : null;
}
/**
* 公钥解密
* @param string $encrypted
* @return null
*/
public static function publicDecrypt($encrypted = '')
{
if (!is_string($encrypted)) {
return null;
}
return (openssl_public_decrypt(base64_decode($encrypted), $decrypted, self::getPublicKey())) ? $decrypted : null;
}
/**
* 创建签名
* @param string $data 数据
* @return null|string
*/
public function createSign($data = '')
{
if (!is_string($data)) {
return null;
}
return openssl_sign($data, $sign, self::getPrivateKey(), OPENSSL_ALGO_SHA256) ? base64_encode($sign) : null;
}
/**
* 验证签名
* @param string $data 数据
* @param string $sign 签名
* @return bool
*/
public function verifySign($data = '', $sign = '')
{
if (!is_string($sign) || !is_string($sign)) {
return false;
}
return (bool)openssl_verify($data, base64_decode($sign), self::getPublicKey(), OPENSSL_ALGO_SHA256);
}
}
$rsa2 = new Rsa2();
$privateEncrypt = $rsa2->privateEncrypt('锄禾日当午');
echo '私钥加密后:'.$privateEncrypt.'<br>';
$publicDecrypt = $rsa2->publicDecrypt($privateEncrypt);
echo '公钥解密后:'.$publicDecrypt.'<br>';
$publicEncrypt = $rsa2->publicEncrypt('锄禾日当午');
echo '公钥加密后:'.$publicEncrypt.'<br>';
$privateDecrypt = $rsa2->privateDecrypt($publicEncrypt);
echo '私钥解密后:'.$privateDecrypt.'<br>';
$sign = $rsa2->createSign('锄禾日当午');
echo '生成签名:'.$privateEncrypt.'<br>';
$status = $rsa2->verifySign('锄禾日当午', $sign);
echo '验证签名:'.($status ? '成功' : '失败') ;