Openssl深入探索

生成私钥文件  1024和2048位  注意：私钥owner

openssl genrsa -out rsa_private_key.pem 1024

提取公钥

openssl rsa -in rsa_private_key.pem -pubout -out rsa_public_key.pem

namespace app\common\openssl;

class Openssl

{

//值得注意的是，如果选择密钥是1024bit长的（openssl genrsa -out rsa_private_key.pem 1024），那么支持加密的明文长度字节最多只能是1024/8=128byte

//如果加密的padding填充方式选择的是OPENSSL_PKCS1_PADDING（这个要占用11个字节），那么明文长度最多只能就是128-11=117字节。

//如果超出，那么这些openssl加解密函数会返回false

    CONST DELEN = '256'; //取决于rsa密钥的长度，1024位密钥应设置为128 117

    CONST ENLEN = '245';

    CONST KEY = 'yan';  //用于签名加盐，通常在sdk中使用accessKey代替

    CONST PUB = '-----BEGIN PUBLIC KEY-----

-----END PUBLIC KEY-----';

    CONST PRI = '-----BEGIN RSA PRIVATE KEY-----

-----END RSA PRIVATE KEY-----';

    private $config = [

                'private_key_bits' => 2048,

            ];

    public function makeKey(){

        $resource = openssl_pkey_new($this->config);

        openssl_pkey_export($resource, $privateKey);

        echo $privateKey;

        echo openssl_pkey_get_details($resource)['key'];

    }

    //公钥加密

    public static function PublicEncrypt($data){

        $str = '';

        foreach (str_split($data, self::ENLEN) as $chunk) {

            openssl_public_encrypt($chunk, $encryptData, self::PUB);

            $str .= $encryptData;

        }

        return base64_encode($str);

    }

    //公钥解密

    public static function PublicDecrypt($data){

        $data = base64_decode($data);

        $str = '';

        foreach (str_split($data, self::DELEN) as $chunk) {

            openssl_public_decrypt($chunk, $encryptData, self::PUB);

            $str .= $encryptData;

        }

        return $str;

    }

    //私钥加密

    public static function PrivateEncrypt($data)

{

        $str = '';

        foreach (str_split($data, self::ENLEN) as $chunk) {

            openssl_private_encrypt($chunk, $decryptData, self::PRI);

            $str .= $decryptData;

        }

        return base64_encode($str);

    }

    //私钥解密

    public static function PrivateDecrypt($data)

{

        $data = base64_decode($data);

        $str = '';

        foreach (str_split($data, self::DELEN) as $chunk) {

            openssl_private_decrypt($chunk, $decryptData, self::PRI);

            $str .= $decryptData;

        }

        return $str;

    }

    //私钥加签

    public static function PrivateSign($data){

        openssl_sign($data, $sign, self::PRI, OPENSSL_ALGO_SHA1);

        return base64_encode($sign);

    }

    /**

* 私钥验签

    * @param $str 被加密的原始数据

    * @param $sign 签名

    * @return mixed 结果

*/

    public static function PrivateVerify($str, $sign){

        openssl_verify($str, $sign, self::PRI, OPENSSL_ALGO_SHA1);

        return $sign;

    }

    //公钥验签

    public static function PublicVerify($str, $sign){

        $sign = base64_decode($sign);

        $res = openssl_verify($str, $sign, self::PUB, OPENSSL_ALGO_SHA1);

        return $res;

    }

}