PHP实现OpenSSL秘钥签名、验签 

<?php
namespace com\openssl\fba;

include_once realpath(__DIR__ . '/../../autoload.php');

function executeRequest()
{
    $handler = new YYSign();
    $handler->run();
}

class YYSign
{
    private $private_key_path;
    private $public_key_path;
    private $crypt_key;
    const SIGNROOT = __DIR__ . '/keys/';
    public function __construct() {
        $this ->  crypt_key = 'rootsdfsdffsdf';
        $this -> private_key_path = self::SIGNROOT . 'privkey.pem';
        $this -> public_key_path =  self::SIGNROOT . 'pubkey.pem';
    }

    public function run()
    {
        $action = filter_input(INPUT_GET, 'action');
        switch ($action)
        {
            case 'ppk':
                $this -> createPrivateKeyAndPublicKey();
                break;
            case 'sign':
                $this -> sign();
                break;
            case 'verify':
                $this -> verify();
            default:
                break;
        }
    }

    /**
     * 生成私钥公钥
     * @param array $configargs 配置
     * @return bool [description]
     */
    private function createPrivateKeyAndPublicKey($configargs = array())
    {
        $data = 'tengfeisun1';
        if (empty($configargs)) {
            $configargs = array(
                'private_key_bits' => 1024, // Size of Key.
                'private_key_type' => OPENSSL_KEYTYPE_RSA
            );
        }
        //$openssl_config_path = "D:/develop_tools/phpstudy/PHPTutorial/Apache/conf/openssl.cnf";
        $openssl_config_path = "/etc/pki/tls/openssl.conf";
        $res = openssl_pkey_new($configargs);
        if(!$res) {
            $configargs['config'] = $openssl_config_path;
            $res = openssl_pkey_new($configargs);
        }
        openssl_pkey_export($res, $private_key_pem, null, $configargs);//将一个密钥的可输出表示转换为字符串
        $details = openssl_pkey_get_details($res);
        $public_key_pem = $details['key'];
        file_put_contents($this->private_key_path, $private_key_pem);
        file_put_contents($this->public_key_path, $public_key_pem);
        outputjson(array('code'=>0,'msg'=>'create pub and priv key success'));
    }


    /**
     * 生成签名
     * @param string $data 明文
     * @return string 加密信息
     */
    private function sign($data='')
    {
        $data = 'tengfeisun1';
        $private_key_pem = file_get_contents($this -> private_key_path);
        // compute signature
        openssl_sign($data, $signature, $private_key_pem, OPENSSL_ALGO_SHA256);
        file_put_contents(self::SIGNROOT . 'signature.dat', $signature);
        outputjson(array('code'=>0,'msg'=>'signature success'));
    }

    /**
     * 公钥验证签名
     * @param string $data 明文
     * @param string $signMsg 加密信息
     * @return bool 是否验证通过
     */
    private function verify()
    {
        $data = 'abcd';
        $public_key_pem = file_get_contents($this->public_key_path);
        $signature = file_get_contents(self::SIGNROOT . 'sig.bin');
        // state whether signature is okay or not
        $r = openssl_verify($data, $signature, $public_key_pem, "sha2WithRSAEncryption");
        if ($r == 1) {
            echo "good";
        } elseif ($r == 0) {
            echo "bad";
        } else {
            echo "ugly, error checking signature";
        }
    }
}

 

posted @ 2018-03-28 11:08  SOARING-SUN  阅读(307)  评论(0编辑  收藏  举报