👨‍💼
Hamm Blog
个人主页GithubGitee
  • 🇨🇳Hi Welcome!
  • 📚分享文章
    • CentOS7
      • CentOS7安装Python3的方法
      • CentOS7搭建L2TP服务端一键脚本
      • CentOS7使用CertBot工具获取LetSencrypt泛域名HTTPS证书
    • Wechat
      • 微信公众号网页跳转避免出现导航栏的小技巧
      • 微信公众号php环境无法获取POST值
    • Git
      • GIT进行代码量统计和贡献统计
      • GIT删除仓库的历史提交记录脚本示例
    • HTTP
      • HTTP关于HEADER的详细解释
      • HTTP关于Code状态码的详细解释
      • HTTP协议对URI长度POST数据长度及COOKIE长度限制说明
    • JavaScript
      • 使用ElementUI配合API数据快速渲染合并表格
      • JavaScript调用语音合成Speech Synthesis API
      • JavaScript解析并遍历Excel示例代码
      • JavaScript下的RSA对称加密DEMO
    • MySQL
      • MySQL腾讯云数据库导出备份到本地服务器导入
      • MySQL设计与使用规范
      • MySQL在5.7及以上版本中的ONLY_FULL_GROUP_BY问题处理方案
      • MySQL字符串截取
    • PHP
      • PHP大文件视频上传WebUploader
      • PHP的坑XML转JSON
      • PHP多进程同时处理任务示例DEMO代码
      • PHP高精度计算常用代码
      • PHP获取上周、本周、上月、本月、本季度、上季度时间方法
      • PHP获取真实IP之IP代理 IP伪造 真实IP
      • PHP获取URL HTTP_HOST和SERVER_NAME
      • PHP简单实现QQ登录代码
      • PHP解密微信小程序手机号简单DEMO
      • PHP实现二叉查找树的简单代码实现
      • PHP实现微博登录简单代码
      • PHP实现Web方式发起一个超时任务的处理请求
      • PHP使用独占文件指针实现阻塞少量并发
      • PHP使用root权限执行系统命令和切换到www用户
      • PHP微信JSSDK开发DEMO
      • PHP下的RSA对称加解密 根证书自签与签发子证书
      • PHP下phpMyAdmin数据字典美化代码
      • PHP下RSA对称加密超长字符串分段加密DEMO
    • Nginx
      • Nginx反向代理中的Host参数传递遇到的坑
      • 利用Nginx实现Java后端在开发中的高可用
      • Nginx反向代理NodeJS实现WSS协议
      • Nginx负载均衡的lnmp环境初始化脚本
      • Nginx配置HTTPS与HTTP2.0
      • Nginx图片递归代理服务器DEMO
    • NodeJS
      • NodeJS控制台简单表格打印
      • NodeJS实现超级方便的Git自动发布Webhook
      • NodeJS实现串口通讯简单例程
      • NodeJS实现微信协议登录
      • NodeJS实现UDP数据报套接字通讯
      • NodeJS实现Websocket聊天室
      • NodeJS使用express模块无法收到phpCurl的值
      • NodeJS使用jimp和qrcode-reader识别解析二维码
      • NodeJS使用Request模块实现CURL
      • NodeJS一些冷门但实用的npm包
      • NodeJS转码amr到mp3
      • NWJS配置文件
    • Python
      • Python3实现Webhook
      • Python3使用jieba分词并生成WordCloud词云图
      • Python3使用Pool进程池实现多进程并发
      • Python3使用request进行CURL操作
      • Python3使用Selenium进行自动化测试手册
    • Linux
      • Linux 信号说明列表说明
      • Linux利用CronTab定时执行ThinkPHP命令行模式
  • 😍分享生活
    • 我有个锤子的生活
由 GitBook 提供支持
在本页
  1. 分享文章
  2. PHP

PHP下的RSA对称加解密 根证书自签与签发子证书

<?php
namespace app\test\controller;
use app\test\Test;

class Rsa extends Test {
    protected $public_key='-----BEGIN PUBLIC KEY-----
your public key here...
-----END PUBLIC KEY-----';
    protected $private_key='-----BEGIN PRIVATE KEY-----
your private key here...
-----END PRIVATE KEY-----';
    public function index(){
	    echo <<<html
	    <a href="/test/rsa/root" target="_blank">ROOT根证书自签</a><br>
	    <a href="/test/rsa/sub" target="_blank">根证书与子证书加密解密</a><br>
	    <a href="/test/rsa/cert" target="_blank">签发子证书</a><br>
	    <a href="/test/rsa/javascript" target="_blank">JS版RSA加密解密demo</a><br>
	    <a href="/test/rsa/largeRsa" target="_blank">RSA分段加解密PHPdemo</a><br>
html;
    }
	public function root() {
	    echo "<h2><pre>";
        $config = array(
            "countryName" => "CN",
            "stateOrProvinceName" => "ChongQing",
            "localityName" => "ChongQing",
            "organizationName" => "Hamm Root Certificate Authority",
            "organizationalUnitName" => "Hamm Root CA",
            "commonName" => "Hamm.cn",
            "emailAddress" => "admin@hamm.cn"
        );
        $private = openssl_pkey_new(array(
            "private_key_bits" => 2048,
            "private_key_type" => OPENSSL_KEYTYPE_RSA,
        ));
        $public = openssl_pkey_get_details($private);
        $public_key = $public['key'];
        
        $csr = openssl_csr_new($config, $private, array('digest_alg' => 'sha256'));
        $x509 = openssl_csr_sign($csr, null, $private, $days=36500, array('digest_alg' => 'sha256'));
        openssl_csr_export($csr, $csrout);
        openssl_x509_export($x509, $certout);
        openssl_pkey_export($private, $private_key);
        $rsa=["cert"=>$certout,"private"=>$private_key,"public"=>$public_key];
        print_r($rsa);
        $private_key = openssl_pkey_get_private($private_key);
        $public_key = openssl_pkey_get_public($public_key);
        echo "<h2><hr>";
        $str_1 = "Hello World!";
        echo "<h2><br>源数据:</h2>".$str_1."<hr>";
        
        openssl_private_encrypt($str_1, $str_2, $private_key);
        echo "<h2>私钥加密后:</h2>".base64_encode($str_2)."<hr>";
        openssl_public_decrypt($str_2, $str_3, $public_key);
        echo "<h2>公钥解密后:</h2>".$str_3."<hr>";
        
        
        openssl_public_encrypt($str_1, $str_2, $public_key);
        echo "<h2>公钥加密后:</h2>".base64_encode($str_2)."<hr>";
        openssl_private_decrypt($str_2, $str_3, $private_key);
        echo "<h2>私钥解密后:</h2>".$str_3."<hr>";
         
	}
	public function sub(){
	    echo <<<html
	    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
    <head>
        <title>测试</title>
        <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
        <meta name="format-detection" content="telephone=no" />
        <meta name="apple-mobile-web-app-capable" content="yes" />
        <meta name="apple-mobile-web-app-status-bar-style" content="black">
        <meta name="viewport" content="width=device-width,initial-scale=1,minimum-scale=1,maximum-scale=1,user-scalable=no" />
        <link rel="stylesheet" href="/static/weui/0.4.3/style/weui.min.css">
        <link rel="stylesheet" href="/static/jquery-weui/0.8.2/css/jquery-weui.min.css">
        <link rel="stylesheet" href="//at.alicdn.com/t/font_666204_6s0kgt126smdkj4i.css"  media="all">
        <style>
        body, html{
            margin:0;
            padding:20px;
            display:inline-block;
            word-break:break-word;
        }
        hr{
            margin-bottom:50px;
        }
        </style>
html;

        $config = array(
            "countryName" => "CN",
            "stateOrProvinceName" => "sub_cert_test",
            "localityName"  => "sub_cert_test",
            "organizationName"  => "sub_cert_test",
            "organizationalUnitName"  => "sub_cert_test",
            "commonName" => "sub_cert_test",
            "emailAddress"  => "sub_cert_test"
        );
        $private_sub = openssl_pkey_new(array(
            "private_key_bits" => 2048,
            "private_key_type" => OPENSSL_KEYTYPE_RSA,
        ));
        
        $public_sub = openssl_pkey_get_details($private_sub);
        $public_key_sub = $public_sub['key'];
        
        $csr = openssl_csr_new($config, $private, array('digest_alg' => 'sha256'));
        $x509 = openssl_csr_sign($csr,file_get_contents("./certs/root.crt"), [file_get_contents("./certs/root.key"),''], 3650);
        // openssl_csr_export($csr, $csrout);
        // openssl_x509_export($x509, $cert_sub);
        openssl_pkey_export($private_sub, $private_key_sub);
        
        $str_1 = "Hello World";
        echo "<h2>源数据串:</h2>".($str_1)."<hr>";
        
        $private_key_sub = openssl_pkey_get_private($private_key_sub);
        $public_key_sub = openssl_pkey_get_public($public_key_sub);
        
        $private_key = openssl_pkey_get_private(file_get_contents("./certs/root.key"));
        $public_key = openssl_pkey_get_public(file_get_contents("./certs/root.pub"));
        
        
        openssl_public_encrypt($str_1, $str_2, $public_key_sub);
        echo "<h2>子 公钥加密后:</h2>".base64_encode($str_2)."<hr>";
        openssl_private_decrypt($str_2, $str_3, $private_key_sub);
        echo "<h2>子 私钥解密后:</h2>".$str_3."<hr>";
        openssl_private_decrypt($str_2, $str_3, $private_key);
        echo "<h2>根 私钥解密后:</h2>".$str_3."<hr>";
        
        
        openssl_private_encrypt($str_1, $str_2, $private_key_sub);
        echo "<h2>子 私钥加密后:</h2>".base64_encode($str_2)."<hr>";
        openssl_public_decrypt($str_2, $str_3, $public_key_sub);
        echo "<h2>子 公钥解密后:</h2>".$str_3."<hr>";
        openssl_public_decrypt($str_2, $str_3, $public_key);
        echo "<h2>根 公钥解密后:</h2>".$str_3."<hr>";
        
        
        openssl_public_encrypt($str_1, $str_2, $public_key);
        echo "<h2>根 公钥加密后:</h2>".base64_encode($str_2)."<hr>";
        openssl_private_decrypt($str_2, $str_3, $private_key);
        echo "<h2>根 私钥解密后:</h2>".$str_3."<hr>";
        openssl_private_decrypt($str_2, $str_3, $private_key_sub);
        echo "<h2>子 私钥解密后:</h2>".$str_3."<hr>";
        
        
        openssl_private_encrypt($str_1, $str_2, $private_key);
        echo "<h2>根 私钥加密后:</h2>".base64_encode($str_2)."<hr>";
        openssl_public_decrypt($str_2, $str_3, $public_key);
        echo "<h2>根 公钥解密后:</h2>".$str_3."<hr>";
        openssl_public_decrypt($str_2, $str_3, $public_key_sub);
        echo "<h2>子 公钥解密后:</h2>".$str_3."<hr>";
        
        echo <<<html
</body>
</html>
html;
        
        
        
	}
	public function javascript(){
	    return $this->show();
	}
	public function cert() {
        if($this->request->isPost()){
            header("Content-type:application/x-x509-ca-cert");
            header("Content-Disposition:attachment;filename=sub.crt");
            $config = array(
                "countryName" => "CN",
                "stateOrProvinceName" => empty($_REQUEST['province'])?"sub_cert_test":urldecode($_REQUEST['province']),
                "localityName" => empty($_REQUEST['city'])?"sub_cert_test":urldecode($_REQUEST['city']),
                "organizationName" => empty($_REQUEST['orgname'])?"sub_cert_test":urldecode($_REQUEST['orgname']),
                "organizationalUnitName" => empty($_REQUEST['depart'])?"sub_cert_test":urldecode($_REQUEST['depart']),
                "commonName" => empty($_REQUEST['username'])?"sub_cert_test":urldecode($_REQUEST['username']),
                "emailAddress" => empty($_REQUEST['email'])?"admin@hamm.cn":urldecode($_REQUEST['email'])
            );
            $private = openssl_pkey_new(array(
                "private_key_bits" => 2048,
                "private_key_type" => OPENSSL_KEYTYPE_RSA,
            ));
            
            $public = openssl_pkey_get_details($private);
            $public_key = $public['key'];
            
            $csr = openssl_csr_new($config, $private, array('digest_alg' => 'sha256'));
            $x509 = openssl_csr_sign($csr,file_get_contents("./certs/root.crt"), [file_get_contents("./certs/root.key"),''], 3650);
            openssl_csr_export($csr, $csrout);
            openssl_x509_export($x509, $certout);
            openssl_pkey_export($private, $private_key);
            
            print_r($certout."\n\n\n".$public_key."\n\n\n".$private_key);
            die;
        }else{
            echo <<<____
<style>
input{
    border:1px solid #ddd;
    padding:10px 20px;
    font-size:16px;
    margin:5px;
}
</style>
<form action="" method="POST" style="width:100%;text-align:left;">
<span style="width:120px;display:inline-block;">NAME:</span><input type="text" name="username" placeholder="Your name"/><br>
<span style="width:120px;display:inline-block;">EMAIL:</span><input type="text" name="email" placeholder="Your email" value="test@test.com"/><br>
<span style="width:120px;display:inline-block;">ORGNAME:</span><input type="text" name="orgname" placeholder="Your orgname" value="Group"/><br>
<span style="width:120px;display:inline-block;">DEPART:</span><input type="text" name="depart" placeholder="Your depart" value="IT depart"/><br>
<span style="width:120px;display:inline-block;">PROVINCE:</span><input type="text" name="province" placeholder="Your province" value="Beijing"/><br>
<span style="width:120px;display:inline-block;">CITY:</span><input type="text" name="city" placeholder="Your city" value="haidian"/><br>
<input type="submit" value="To sign a Cert">
</form>
____;
        }
	}
	public function largeRsa(){
        $private_key=$this->private_key;
        $private_key = openssl_pkey_get_private($private_key);
        
        $public_key=$this->public_key;
        $public_key = openssl_pkey_get_public($public_key);
        
        $data_source = 'Hello World!Hello World!Hello World!Hello World!Hello World!Hello World!Hello World!Hello World!Hello World!Hello World!Hello World!Hello World!Hello World!Hello World!Hello World!Hello World!Hello World!Hello World!Hello World!Hello World!Hello World!Hello World!Hello World!Hello World!Hello World!Hello World!Hello World!Hello World!Hello World!Hello World!Hello World!Hello World!Hello World!Hello World!Hello World!Hello World!Hello World!Hello World!Hello World!Hello World!Hello World!Hello World!Hello World!Hello World!Hello World!Hello World!Hello World!Hello World!Hello World!Hello World!Hello World!Hello World!Hello World!Hello World!Hello World!Hello World!Hello World!Hello World!Hello World!Hello World!Hello World!Hello World!Hello World!Hello World!Hello World!Hello World!Hello World!Hello World!Hello World!';
        
        echo "<br>源数据:<br>".$data_source."<hr>";
        
        //私钥加密
        $data_encode = $this->rsa_encode_private($data_source,$private_key);
        echo "私钥加密后:<br>".$data_encode."<hr>";
        //公钥解密
        $data_decode = $this->rsa_decode_public($data_encode,$public_key);
        echo "公钥解密后:<br>".$data_decode."<hr>";
        //校验结果
        if($data_source === $data_decode){
            echo "<h1>公钥解密成功</h1>";
        }else{
            echo "<h1>公钥解密失败</h1>";
        }
        
        //公钥加密
        $data_encode = $this->rsa_encode_public($data_source,$public_key);
        echo "公钥加密后:<br>".$data_encode."<hr>";
        //私钥解密
        $data_decode = $this->rsa_decode_private($data_encode,$private_key);
        echo "私钥解密后:<br>".$data_decode."<hr>";
        //校验结果
        if($data_source === $data_decode){
            echo "<h1>私钥解密成功</h1>";
        }else{
            echo "<h1>私钥解密失败</h1>";
        }
	}
	
    //私钥加密方法
    protected function rsa_encode_private($data,$private_key,$length_break = 128){
        $index = 0;
        $result='';
        if($length_break > 1024){
            $length_break = 1024;
        }
        while(true){
            $temp = substr($data,$index,$length_break);
            if(strlen($temp)==0 || $index>=strlen($data)-1){
                break;
            }
            openssl_private_encrypt($temp, $temp, $private_key);
            $temp = base64_encode($temp);
            $result .= "\n". $temp;
            $index += $length_break;
        }
        return $result;
    }
    //公钥解密方法
    protected function rsa_decode_public($data,$public_key,$line_key = "\n"){
        $index = 0;
        $result='';
        $arr = explode("\n",$data);
        foreach($arr as $temp){
            if(empty($temp)){
                continue;
            }
            openssl_public_decrypt(base64_decode($temp), $temp, $public_key);
            $result .= $temp;
        }
        return $result;
    }
    
    //公钥加密方法
    protected function rsa_encode_public($data,$public_key,$length_break = 128){
        $index = 0;
        $result='';
        if($length_break > 1024){
            $length_break = 1024;
        }
        while(true){
            $temp = substr($data,$index,$length_break);
            if(strlen($temp)==0 || $index>=strlen($data)-1){
                break;
            }
            openssl_public_encrypt($temp, $temp, $public_key);
            $temp = base64_encode($temp);
            $result .= "\n". $temp;
            $index += $length_break;
        }
        return $result;
    }
    
    //私钥解密方法
    protected function rsa_decode_private($data,$private_key,$line_key = "\n"){
        $index = 0;
        $result='';
        $arr = explode("\n",$data);
        foreach($arr as $temp){
            if(empty($temp)){
                continue;
            }
            openssl_private_decrypt(base64_decode($temp), $temp, $private_key);
            $result .= $temp;
        }
        return $result;
    }
}
上一页PHP微信JSSDK开发DEMO下一页PHP下phpMyAdmin数据字典美化代码
📚