PHP RSA签名(公钥、私钥)
RSA的使用,众所周知,Java和PHP使用密钥的格式是不一样的,本人已跳坑。
直入主题:
a. 服务端Java给的公钥、私钥
b. 客户端PHP将私钥公钥格式化
/*私钥格式化*/
function formatPriKey($priKey) {
$fKey = “——-BEGIN PRIVATE KEY——-\n”;
$len = strlen($priKey);
for($i = 0; $i < $len; ) {
$fKey = $fKey . substr($priKey, $i, 64) . “\n”;
$i += 64;
}
$fKey .= “——-END PRIVATE KEY——-“;
return $fKey;
}
/*私钥格式化*/
function formatPubKey($pubKey) {
$fKey = “——-BEGIN PUBLIC KEY——-\n”;
$len = strlen($pubKey);
for($i = 0; $i < $len; ) {
$fKey = $fKey . substr($pubKey, $i, 64) . “\n”;
$i += 64;
}
$fKey .= “——-END PUBLIC KEY——-“;
return $fKey;
}
/*私钥签名*/
/**
- 生成签名
- @param string $signString 待签名字符串
- @param [type] $priKey 私钥
-
@return string base64结果值
*/
function getSign($signString,$priKey){
$privKeyId = openssl_pkey_get_private($priKey);
$signature = ‘’;
openssl_sign($signString, $signature, $privKeyId);
openssl_free_key($privKeyId);
return base64_encode($signature);
}
/*公钥验签*/
/**
- 校验签名
- @param string $pubKey 公钥
- @param string $sign 签名
- @param string $toSign 待签名字符串
- @param string $signature_alg 签名方式 比如 sha1WithRSAEncryption 或者sha512
-
@return bool
*/
function checkSign($pubKey,$sign,$toSign,$signature_alg=OPENSSL_ALGO_SHA1){
$publicKeyId = openssl_pkey_get_public($pubKey);
$result = openssl_verify($toSign, base64_decode($sign), $publicKeyId,$signature_alg);
openssl_free_key($publicKeyId);
return $result === 1 ? true : false;
}
/*公钥加密*/
/
公钥加密
@param string $sign_str 待加密字符串
@param string $public_key 公钥
@param string $signature_alg 加密方式
@return string
/
function get_public_sign($sign_str,$public_key,$signature_alg=OPENSSL_ALGO_SHA1){
$public_key = openssl_pkey_get_public($public_key);//加载密钥
openssl_sign($sign_str,$signature,$public_key,$signature_alg);//生成签名
$signature = base64_encode($signature);
openssl_free_key($public);
return $signature;
}
/*私钥解密*/
/*
私钥解密
@param string $sign_str 待加密字符串
@param string $sign sign
@param string $private_key 私钥
@param string $signature_alg 加密方式
@return bool
/
function private_verify($sign_str,$sign,$private_key,$signature_alg=OPENSSL_ALGO_SHA1){
$private_key = openssl_get_privatekey($private_key);
$verify = openssl_verify($sign_str, base64_decode($sign), $private_key, $signature_alg);
openssl_free_key($private_key);
return $verify==1;//false or true
}
PHP案例如下:
<?php
$pubKey = ‘——-BEGIN PUBLIC KEY——-
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDr6H/ictALLsV9/63lPFSYDPQK
gRwEM2FiewfR/BYaPGfpgdl8lelNYqFxnqBRKbGnbFOwOxOu7oiiPYaJxcSU94hI
d3S0/UsSXyRfTaHT8ZZv+5luikQAG62hwkxqcSdL3aEMbqsHRfQ9RXiFAneiJJwZ
1D0nHPANfBA4UN+OXQIDAQAB
——-END PUBLIC KEY——-‘;
$priKey = ‘——-BEGIN PRIVATE KEY——-
MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAOvof+Jy0AsuxX3/
reU8VJgM9AqBHAQzYWJ7B9H8Fho8Z+mB2XyV6U1ioXGeoFEpsadsU7A7E67uiKI9
honFxJT3iEh3dLT9SxJfJF9NodPxlm/7mW6KRAAbraHCTGpxJ0vdoQxuqwdF9D1F
eIUCd6IknBnUPScc8A18EDhQ345dAgMBAAECgYEAoNlVIQShn45TcBa97dhV4Zqr
ZuIjRSX3V5uFeIKGW3smastzjAP3ICGI7Jx4uP5RuFMfOMD/Kb5QgTasHhIvdwe0
kuMdUqd8YCLgZaV1u02GWkp5I7bG2HRKAqfrpaExeOJt3Iqmggt208P3BNQLTOa2
NFtNqT+onI1dGwbC120CQQD2BbkrXPv+wGAKkcqIK77Bkrwpg7Iqj91uyVHBAleW
AgfWDFA3rJb8jDCARHte2ehMImmhbsQmVBjdI1DNdYWLAkEA9XnEoVVIL5IA09s0
XtL/Na065loDTJsQZiumdi6VMn6zWafu6GFhS0w5DQdkjtA7qhwpftjVRaWtK0DX
4qpItwJAKxGrbfT0RI/HAHKvYxFNbrPSbu4YNa1D1Y422rQfQyqN1qIHNQfo0sN0
BjB27I73RMTNey5Z9l/IjoYNMjq9qwJABChZ0jm1jUi1xuDRlEGSnQAgHUKtB6Eg
t/pJSXskf8RxmTUk8L6lfTb/SF81rs2MFSeA9GsLwbA6rJ7eiTJFJQJBAJnixcdp
F6knRxyOUDhWoa8uYmnUdcyrfo4dnNyliJbNTTSw0LJAGZsCbo9EDqQIxDrqDa9X
qj0yz6UT1JM37Tk=
——-END PRIVATE KEY——-‘;
//$priKey = formatPriKey($priKey);
//$pubKey = formatPubKey($pubKey);
$params = [
“merchant_id”=>”1”,
“uid”=>”2122334455”,
“out_trade_id”=>”13423423423”,
“amount”=>”88”,
“subject”=>”活动红包”
];
//获取预处理字符串
$signString = getSignString($params);
//预处理字符串为
//amount=88&merchant_id=1&out_trade_id=13423423423&subject=活动红包&uid=2122334455
//获取签名
$sign = getSign($signString,$priKey);
//生成的签名为
//k8DMuhe+q9rDVDgzAk8lFQEE+tZAahXLiZWExmiYl83vJpZlnKTBghLd1DM8itNzw3JYGhxR8ueHCIkkGyVh0BiPuKYmXFyrCwLVif9sMWCu2DFoEDFARZClDRCfE5rV+IDmumCBfVyxFY/uW/DIMS7AO7GlrydW5aVZ6xYKtBw=
//验证签名
$res = checkSign($pubKey,$sign,$signString);
var_dump($res);//结果为 true
/**
- 生成签名
- @param string $signString 待签名字符串
- @param [type] $priKey 私钥
-
@return string base64结果值
*/
function getSign($signString,$priKey){
$privKeyId = openssl_pkey_get_private($priKey);
$signature = ‘’;
openssl_sign($signString, $signature, $privKeyId);
openssl_free_key($privKeyId);
return base64_encode($signature);
}
/**
- 校验签名
- @param string $pubKey 公钥
- @param string $sign 签名
- @param string $toSign 待签名字符串
- @param string $signature_alg 签名方式 比如 sha1WithRSAEncryption 或者sha512
-
@return bool
*/
function checkSign($pubKey,$sign,$toSign,$signature_alg=OPENSSL_ALGO_SHA1){
$publicKeyId = openssl_pkey_get_public($pubKey);
$result = openssl_verify($toSign, base64_decode($sign), $publicKeyId,$signature_alg);
openssl_free_key($publicKeyId);
return $result === 1 ? true : false;
}
/**
- 获取待签名字符串
- @param array $params 参数数组
-
@return string
*/
function getSignString($params){
unset($params[‘sign’]);
ksort($params);
reset($params);$pairs = array();
foreach ($params as $k => $v) {if(!empty($v)){
$pairs[] = "$k=$v";
}
}
return implode(‘&’, $pairs);
}
/**
- 格式化私钥
*/
function formatPriKey($priKey) {
$fKey = “——-BEGIN PRIVATE KEY——-\n”;
$len = strlen($priKey);
for($i = 0; $i < $len; ) {
}$fKey = $fKey . substr($priKey, $i, 64) . "\n";
$i += 64;
$fKey .= “——-END PRIVATE KEY——-“;
return $fKey;
}
/**
- 格式化公钥
*/
function formatPubKey($pubKey) {
$fKey = “——-BEGIN PUBLIC KEY——-\n”;
$len = strlen($pubKey);
for($i = 0; $i < $len; ) {
}$fKey = $fKey . substr($pubKey, $i, 64) . "\n";
$i += 64;
$fKey .= “——-END PUBLIC KEY——-“;
return $fKey;
}
?>