MarkJane
7/11/2017 - 6:41 AM

openssl_encrypt 加密 rsa加密

openssl_encrypt 加密 rsa加密

//生成前端请求需要的token
    public function get_client_token(){
        $uniqid = $this->I("uniqid",FALSE);
        if (empty($uniqid)) {
            $this->json_exit(array('status'=>FALSE,'msg'=>'参数异常'));
        }
        $adsb_config = array('iv'=>'hBMg5$la5Z_6eRFh','secret'=>'lRRcR1tfC2SE%6h*','appid'=>'4WNQDS1MZI3Ur_(X');
        // 密文保持是16的倍数
        $length = 16;
        // 有效期
        $valid_period = $this->uid > 0 ? 600 : 180;
        // rand:user_id:timesp:int
        $text = rand(1, 100000) . ':'. $uniqid . ':' . time() . ':' . $valid_period;
        // 保证文本长度是length倍数,用空格填充
        $text = str_pad($text, ceil(strlen($text)/$length) * $length, ' ');
        $encrypt = base64_encode(openssl_encrypt($text,'AES-128-CBC',$adsb_config['secret'],OPENSSL_RAW_DATA|OPENSSL_ZERO_PADDING,$adsb_config['iv']));
        $this->json_exit(array("status"=>TRUE,"appid"=>$appid,"token"=>$encrypt));
    }
<?php
/*RSA 与 RSA2
算法名称	标准名称	备注
RSA2	SHA256WithRSA	强制要求RSA密钥的长度至少为2048
RSA	SHA1WithRSA	对RSA密钥的长度不限制,推荐使用2048位以上
RSA2 比 RSA 有更强的安全能力。

蚂蚁金服,新浪微博 都在使用 RSA2 算法。

创建公钥和私钥:

openssl genrsa -out private_key.pem 2048
openssl rsa -in private_key.pem -pubout -out public_key.pem
执行上面命令,会生成 private_key.pem 和 public_key.pem 两个文件。*/

class Rsa2 
{
    private static $PRIVATE_KEY = 'private_key.pem 内容';
    private static $PUBLIC_KEY  = 'public_key.pem 内容';

    /**
     * 获取私钥
     * @return bool|resource
     */
    private static function getPrivateKey()
    {
        $privateKey = self::$PRIVATE_KEY;
        return openssl_pkey_get_private($privateKey);
    }

    /**
     * 获取公钥
     * @return bool|resource
     */
    private static function getPublicKey()
    {
        $publicKey = self::$PUBLIC_KEY;
        return openssl_pkey_get_public($publicKey);
    }

    /**
     * 私钥加密
     * @param string $data
     * @return null|string
     */
    public static function privateEncrypt($data = '')
    {
        if (!is_string($data)) {
            return null;
        }
        return openssl_private_encrypt($data,$encrypted,self::getPrivateKey()) ? base64_encode($encrypted) : null;
    }

    /**
     * 公钥加密
     * @param string $data
     * @return null|string
     */
    public static function publicEncrypt($data = '')
    {
        if (!is_string($data)) {
            return null;
        }
        return openssl_public_encrypt($data,$encrypted,self::getPublicKey()) ? base64_encode($encrypted) : null;
    }

    /**
     * 私钥解密
     * @param string $encrypted
     * @return null
     */
    public static function privateDecrypt($encrypted = '')
    {
        if (!is_string($encrypted)) {
            return null;
        }
        return (openssl_private_decrypt(base64_decode($encrypted), $decrypted, self::getPrivateKey())) ? $decrypted : null;
    }

    /**
     * 公钥解密
     * @param string $encrypted
     * @return null
     */
    public static function publicDecrypt($encrypted = '')
    {
        if (!is_string($encrypted)) {
            return null;
        }
        return (openssl_public_decrypt(base64_decode($encrypted), $decrypted, self::getPublicKey())) ? $decrypted : null;
    }

    /**
     * 创建签名
     * @param string $data 数据
     * @return null|string
     */
    public function createSign($data = '')
    {
        if (!is_string($data)) {
            return null;
        }
        return openssl_sign($data, $sign, self::getPrivateKey(), OPENSSL_ALGO_SHA256) ? base64_encode($sign) : null;
    }

    /**
     * 验证签名
     * @param string $data 数据
     * @param string $sign 签名
     * @return bool
     */
    public function verifySign($data = '', $sign = '')
    {
        if (!is_string($sign) || !is_string($sign)) {
            return false;
        }
        return (bool)openssl_verify($data, base64_decode($sign), self::getPublicKey(), OPENSSL_ALGO_SHA256);
    }
}

$rsa2 = new Rsa2();
        
$privateEncrypt = $rsa2->privateEncrypt('锄禾日当午');
echo '私钥加密后:'.$privateEncrypt.'<br>';

$publicDecrypt = $rsa2->publicDecrypt($privateEncrypt);
echo '公钥解密后:'.$publicDecrypt.'<br>';

$publicEncrypt = $rsa2->publicEncrypt('锄禾日当午');
echo '公钥加密后:'.$publicEncrypt.'<br>';

$privateDecrypt = $rsa2->privateDecrypt($publicEncrypt);
echo '私钥解密后:'.$privateDecrypt.'<br>';

$sign = $rsa2->createSign('锄禾日当午');
echo '生成签名:'.$privateEncrypt.'<br>';

$status = $rsa2->verifySign('锄禾日当午', $sign);
echo '验证签名:'.($status ? '成功' : '失败') ;