PHP实现OpenSSL秘钥签名、验签
<?php namespace com\openssl\fba; include_once realpath(__DIR__ . '/../../autoload.php'); function executeRequest() { $handler = new YYSign(); $handler->run(); } class YYSign { private $private_key_path; private $public_key_path; private $crypt_key; const SIGNROOT = __DIR__ . '/keys/'; public function __construct() { $this -> crypt_key = 'rootsdfsdffsdf'; $this -> private_key_path = self::SIGNROOT . 'privkey.pem'; $this -> public_key_path = self::SIGNROOT . 'pubkey.pem'; } public function run() { $action = filter_input(INPUT_GET, 'action'); switch ($action) { case 'ppk': $this -> createPrivateKeyAndPublicKey(); break; case 'sign': $this -> sign(); break; case 'verify': $this -> verify(); default: break; } } /** * 生成私钥公钥 * @param array $configargs 配置 * @return bool [description] */ private function createPrivateKeyAndPublicKey($configargs = array()) { $data = 'tengfeisun1'; if (empty($configargs)) { $configargs = array( 'private_key_bits' => 1024, // Size of Key. 'private_key_type' => OPENSSL_KEYTYPE_RSA ); } //$openssl_config_path = "D:/develop_tools/phpstudy/PHPTutorial/Apache/conf/openssl.cnf"; $openssl_config_path = "/etc/pki/tls/openssl.conf"; $res = openssl_pkey_new($configargs); if(!$res) { $configargs['config'] = $openssl_config_path; $res = openssl_pkey_new($configargs); } openssl_pkey_export($res, $private_key_pem, null, $configargs);//将一个密钥的可输出表示转换为字符串 $details = openssl_pkey_get_details($res); $public_key_pem = $details['key']; file_put_contents($this->private_key_path, $private_key_pem); file_put_contents($this->public_key_path, $public_key_pem); outputjson(array('code'=>0,'msg'=>'create pub and priv key success')); } /** * 生成签名 * @param string $data 明文 * @return string 加密信息 */ private function sign($data='') { $data = 'tengfeisun1'; $private_key_pem = file_get_contents($this -> private_key_path); // compute signature openssl_sign($data, $signature, $private_key_pem, OPENSSL_ALGO_SHA256); file_put_contents(self::SIGNROOT . 'signature.dat', $signature); outputjson(array('code'=>0,'msg'=>'signature success')); } /** * 公钥验证签名 * @param string $data 明文 * @param string $signMsg 加密信息 * @return bool 是否验证通过 */ private function verify() { $data = 'abcd'; $public_key_pem = file_get_contents($this->public_key_path); $signature = file_get_contents(self::SIGNROOT . 'sig.bin'); // state whether signature is okay or not $r = openssl_verify($data, $signature, $public_key_pem, "sha2WithRSAEncryption"); if ($r == 1) { echo "good"; } elseif ($r == 0) { echo "bad"; } else { echo "ugly, error checking signature"; } } }