[加密]--PHP 使用非對稱加密演算法(RSA)
阿新 • • 發佈:2019-01-29
解釋
非對稱加密演算法需要兩個金鑰:公開金鑰(publickey)和私有金鑰(privatekey)。
公開金鑰與私有金鑰是一對,如果用公開金鑰對資料進行加密,只有用對應的私有金鑰才能解密;
如果用私有金鑰對資料進行加密,那麼只有用對應的公開金鑰才能解密。
因為加密和解密使用的是兩個不同的金鑰,所以這種演算法叫作非對稱加密演算法。
使用場景
PHP 為客戶端(Android,Ios)編寫API,對資料進行解密。
建立私鑰、公鑰
openssl genrsa -out rsa_private_key.pem 1024 //生成原始 RSA私鑰檔案 openssl pkcs8 -topk8 -inform PEM -in rsa_private_key.pem -outform PEM -nocrypt -out private_key.pem //將原始 RSA私鑰轉換為 pkcs8格式 openssl rsa -in rsa_private_key.pem -pubout -out rsa_public_key.pem //生成RSA公鑰 //我們將私鑰rsa_private_key.pem用在伺服器端,公鑰發放給android跟ios等前端。
服務端類庫
class Rsa { private static $PRIVATE_KEY = '-----BEGIN RSA PRIVATE KEY-----MIICXgIBAAKBgQCoZZ8iUBprOIc0kGckr5ax6/Fd9IKKMc/XHayKEAvqpS0oz0b1ojEkpkdZBk0OWNhp73YNV+YLKBwwxOwb3u3hl8nBLoG/RilEbBMdCf55cUzNsfn/XF5CiLr/aci/OHuTe6ULvXs280T5M+nUh3iKdiT6z9XrFbH69C+xFoNInwIDAQABAoGAe+ape7msdo+VC5vkCB4ZprePVC3/jmawIfr3ZG4CFpeJ7qjz8O9xcSHXBS2ZrKC6Otex6Idv/213sHpzrt4L7+rSrgMOauWNjSVjr4T4Z168uvsnNocn+3GWfzbBPQj3PhjE64R/MkWDvuq2UK945WYtqFaC6LT1mJAXhjxqpiECQQDYGWYbCsUgQS0LnDzReyotkb9Eyr5UGlI8Nzn3PvwwkIS3N3yUsm2t3UokOw02DlhkC4f1aT097fM1w0FruSNNAkEAx31taitIGwgJg+yPmvwTs8AENm0wxi/V6loEXPBPxX2R4NjSG+ExYzA7/daDq//McKsX0EcYcsFN0E3HwSANmwJBAJUXGOHpUU1Kiihrd25TWissVdjBRATEUB4pP/2738QlwNqjFnmEjLUaak+KyjeUOBl19ywymkUCyPw7pQQMLDUCQQC84DKSDPyuK0PnFjk5QmXdEHZsmaFOY8gjpKrw286La8KMonz8TJCYGvkR8uKkHQMRwcxANLAfJopoKNxyK8j1AkEAwcY3EHeKe4i3FhCjGSqAGAzFFBS1jzTNZxw/cxMMCbfxFH4WvhowqoC1iAKDyZ7HF7V+RcxcfuhoBJi/3+ImEg==-----END RSA PRIVATE KEY-----'; private static $PUBLIC_KEY = '-----BEGIN PUBLIC KEY-----MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCoZZ8iUBprOIc0kGckr5ax6/Fd9IKKMc/XHayKEAvqpS0oz0b1ojEkpkdZBk0OWNhp73YNV+YLKBwwxOwb3u3hl8nBLoG/RilEbBMdCf55cUzNsfn/XF5CiLr/aci/OHuTe6ULvXs280T5M+nUh3iKdiT6z9XrFbH69C+xFoNInwIDAQAB-----END PUBLIC KEY-----'; /** * 獲取私鑰 * @return bool|resource */ private static function getPrivateKey() { $privKey = self::$PRIVATE_KEY; return openssl_pkey_get_private($privKey); } /** * 獲取公鑰 * @return bool|resource */ private static function getPublicKey() { $publicKey = self::$PUBLIC_KEY; return openssl_pkey_get_public($publicKey); } /** * 私鑰加密 * @param string $data * @return null|string */ public static function privEncrypt($data = '') { if (!is_string($data)) { return null; } return openssl_private_encrypt($data,$encrypted,self::getPrivateKey()) ? base64_encode($encrypted) : null; } /** * 公鑰加密 * @param string $data * @return null|string */ public static function publicEncrypt($data = '') { if (!is_string($data)) { return null; } return openssl_public_encrypt($data,$encrypted,self::getPublicKey()) ? base64_encode($encrypted) : null; } /** * 私鑰解密 * @param string $encrypted * @return null */ public static function privDecrypt($encrypted = '') { if (!is_string($encrypted)) { return null; } return (openssl_private_decrypt(base64_decode($encrypted), $decrypted, self::getPrivateKey())) ? $decrypted : null; } /** * 公鑰解密 * @param string $encrypted * @return null */ public static function publicDecrypt($encrypted = '') { if (!is_string($encrypted)) { return null; } return (openssl_public_decrypt(base64_decode($encrypted), $decrypted, self::getPublicKey())) ? $decrypted : null; } }
服務端使用
require_once "Rsa.php"; $rsa = new Rsa(); $data['name'] = 'Tom'; $data['age'] = '20'; $privEncrypt = $rsa->privEncrypt(json_encode($data)); echo '私鑰加密後:'.$privEncrypt.'<br>'; $publicDecrypt = $rsa->publicDecrypt($privEncrypt); echo '公鑰解密後:'.$publicDecrypt.'<br>'; $publicEncrypt = $rsa->publicEncrypt(json_encode($data)); echo '公鑰加密後:'.$publicEncrypt.'<br>'; $privDecrypt = $rsa->privDecrypt($publicEncrypt); echo '私鑰解密後:'.$privDecrypt.'<br>';