TOC

PHP,openssl,rsa

准备

创建私钥:

openssl genrsa -out mykey.pem 2048

创建公钥:

openssl rsa -in mykey.pem -pubout > mykey.pub
# 或:
# openssl rsa -in mykey.pem -pubout -out mykey.pub

代码


$privateKeyPath = '/tmp/mykey.pem';
$publicKeyPath = '/tmp/mykey.pub';

$fp = fopen($privateKeyPath, 'r');
$privateKeyStr = fread($fp, 8192);
fclose($fp);

$fp = fopen($publicKeyPath, 'r');
$publicKeyStr = fread($fp, 8192);
fclose($fp);

$privateKey = openssl_pkey_get_private($privateKeyStr);
$publicKey = openssl_pkey_get_public($publicKeyStr);

function sshEncodePublicKey($privateKey)
{
    $keyInfo = openssl_pkey_get_details($privateKey);
    // var_dump($keyInfo);
    $buffer = pack('N', 7) . 'ssh-rsa' .
        sshEncodeBuffer($keyInfo['rsa']['e']) .
        sshEncodeBuffer($keyInfo['rsa']['n']);
    return 'ssh-rsa ' . base64_encode($buffer);
}

function sshEncodeBuffer($buffer)
{
    $len = strlen($buffer);
    if (ord($buffer[0]) & 0x80) {
        $len++;
        $buffer = chr(0) . $buffer;
    }
    return pack('Na*', $len, $buffer);
}

// echo 'KeySSHFormated: ', sshEncodePublicKey($privateKey) . PHP_EOL;

$originalData = json_encode(array('name' => '胡昂', 'age' => '28', 'email' => 'admin@example.com'), JSON_UNESCAPED_UNICODE);

echo '原始数据:', $originalData . PHP_EOL;
echo '------------------------------------------------------------' . PHP_EOL;
openssl_private_encrypt($originalData, $encryptedByPri, $privateKey);
echo '私钥加密:' . bin2hex($encryptedByPri) . PHP_EOL;
openssl_public_decrypt($encryptedByPri, $decryptedByPub, $publicKey);
echo '公钥解密:' . $decryptedByPub . PHP_EOL;
echo '------------------------------------------------------------' . PHP_EOL;
openssl_public_encrypt($originalData, $encryptedByPub, $publicKey);
echo '公钥加密:' . bin2hex($encryptedByPub) . PHP_EOL;
openssl_private_decrypt($encryptedByPub, $decryptedByPri, $privateKey);
echo '私钥解密:' . $decryptedByPri . PHP_EOL;

// 原始数据:{"name":"胡昂","age":"28","email":"admin@example.com"}
// ------------------------------------------------------------
// 私钥加密:1a4d06d64af9ddbf059abe554b90cff3ae804f6c604990738a713db2568ed2d5d5909ae18d9bcaedd4326b6b2d0da26b98e6c50f741efd4976e0e839aa26a2bdc46500a4722e821d0c9f69970545247a9a4ce1e63ad9703aec82d420f1b43b5f6f7a25482f25dc0c1ce922dc99e189ecb1ded57ea05fb1336c7bfb69173bbf01c523384cd7131326b7894da0eff30597c734ca4f7f5561bb09b508832b990a5364d74016be92796097ffd839b687044bd004fd4f0ffdfeffbf8617ad06fab8ffd5158af345739c68a5478e08a93ddfcaabe5dd58f889f1985bce1955a6522cf11c8651029b25f4babcaf4b78dd9baf767c1d2117b7d2dae792edf08d3e3c9a2a
// 公钥解密:{"name":"胡昂","age":"28","email":"admin@example.com"}
// ------------------------------------------------------------
// 公钥加密:4600cfcb9e5c2de103c8b20ad2753334f350d8f2e63f19f72e8ecb3ff50e6780de2529eeb00e1aecd48964aaa8b51a8abf97bfa63645e03c5a2824307781a118ce800e2e522cb573313392a58df465ab752cb5c6242fd8f50baecc79acf895c7c9ab7b8b961cd18a1ddfe747447f0f83d898d724c699c1afb9f33052a4812abc72975faaba670bea2c59a54537af62a3760e34ff3e5d396c34db9335141a5fa3b087e6716bc8c0b1ef47a88bc2bbfa788f884e77186838e28e5242d336a60cd5bb27e3d2a455529c0465829b083d90e97131a4387e0cc3a6f2b87d42e76597d53c360f50662638aedee71fc54c68ed0479d0fe723286d730986dfb3694c8df4a
// 私钥解密:{"name":"胡昂","age":"28","email":"admin@example.com"}