php读取证书加密,PHP中使用OpenSSL来产生证书加密解密源代码- -

PHP中使用OpenSSL来产生证书加密解密源代码- -

我想这段代码足够简单，没必要写函数说明了吧。

该程序在linux+Apache 2.0 + PHP Version 4.2.2 中运行通过。

大致功能有：1。产生证书；2。使用RSA算法加密解密任意长度数据。

--------------------------------------------------

* Class COPenSSLCrypt

* Author : pigo chu

* Date : 2004-11-12

* Version : 0.01

* Revision History:

* Lihui Lei 2005-05-18

class COpenSSLCrypt {

/* All member variable is private */

var $publicKey = "";

var $privateKey = "";

var $resourcePubKey = NULL;

var $resourcePriKey = NULL;

var $lastError = "";

var $debugMode = false;

var $keyLength = 64;

var $config = NULL;

* Construct Method

* if $dn is not null , then this class will Generate CSR with $dn

* NOTE $dn is an array like this :

* array(

* "countryName" => "UK",

* "stateOrProvinceName" => "Somerset",

* "localityName" => "Glastonbury",

* "organizationName" => "The Brain Room Limited",

* "organizationalUnitName" => "PHP Documentation Team",

* "commonName" => "Wez Furlong",

* "emailAddress" => "wez@example.com"

* );

function COpenSSLCrypt( $dn=NULL , $passphrase=NULL )

{

if(is_array( $dn ))

{

$this->GenerateKey($dn , $passphrase);

}

* Generate CSR and create all key , if $dn is NULL then use default dn to generate

function GenerateKey($dn=NULL , $config= NULL , $passphrase=NULL )

{

if(!$dn)

{

$dn = array(

"countryName" => "CN",

"stateOrProvinceName" => "BEIJING",

"localityName" => "BeiJing",

"organizationName" => "IVT Corporation",

"organizationalUnitName" => "BlueSoleil Group",

"commonName" => "www.bluesolei.com",

"emailAddress" => "support@bluesoleil.com"

);

}

$privkey = openssl_pkey_new();

if (!$config)

{

$config = array(

"digest_alg" => "sha1",

"private_key_bits" => $keyLength,

"private_key_type" => OPENSSL_KEYTYPE_RSA,

"encrypt_key" => false

);

}

$csr = openssl_csr_new($dn, $privkey);

$sscert = openssl_csr_sign($csr, null, $privkey, 365);

echo "

CSR:

openssl_csr_export($csr, $csrout);

echo "

Certificate: public key

openssl_x509_export($sscert, $certout);

echo "

private key:

if($passphrase != NULL){

openssl_pkey_export($privkey, $pkeyout, $passphrase);

}else{

openssl_pkey_export($privkey, $pkeyout);

}

$this->setPublicKey($certout);

$this->setPrivateKey($pkeyout);

}

* Generate CSR and create all key , if $dn is NULL then use default dn to generate

function GenerateKeyToFile($csrFile=NULL, $certFile=NULL, $privkeyFile=NULL )

{

if (!csrFile or !certFile or !privkeyFile)

{

echo "

Please set key files' name and path.

return false;

}

if(!$dn)

{

$dn = array(

"countryName" => "CN",

"stateOrProvinceName" => "BEIJING",

"localityName" => "BeiJing",

"organizationName" => "IVT Corporation",

"organizationalUnitName" => "BlueSoleil Group",

"commonName" => "www.bluesolei.com",

"emailAddress" => "support@bluesoleil.com"

);

}

$privkey = openssl_pkey_new();

$csr = openssl_csr_new($dn, $privkey);

$sscert = openssl_csr_sign($csr, null, $privkey, 365);

openssl_csr_export_to_file($csr, $csrFile);//and debug_zval_dump($csrout);;

openssl_x509_export_to_file($sscert, $certFile);

if($passphrase != NULL){

openssl_pkey_export_to_file($privkey, $privkeyFile, $passphrase);

}else{

openssl_pkey_export_to_file($privkey, $privkeyFile);

}

return true;

}

function setPublicKey( $key )

{

$this->publicKey = $key;

if( !($this->resourcePubKey = @openssl_get_publickey($key)) )

{

$this->setDebug();

return false;

}

return true;

}

function setPrivateKey( $key , $passphrase="" )

{

$this->privateKey = $key;

if( !($this->resourcePriKey = @openssl_get_privatekey($key , $passphrase)) )

{

$this->setDebug();

return false;

}

return true;

}

function getPublicKey()

{

return $this->publicKey;

}

function getPrivateKey()

{

return $this->privateKey;

}

function encrypt( $source )

{

if(!$this->resourcePubKey)

{

$this->setDebug("decrypt(string) error : No Public Key Resource.\n");

return false;

}

$ret = "";

$len = strlen($source);

echo "The encrypted source length is ". $len;

* Why encrypt each 64 bytes ?

* Because openssl_public_enrypt() can't encrypt large data

* Anyone know why ?

for($i=0;$i

{

if(!openssl_public_encrypt(substr($source,$i,64),$new_out,$this->resourcePubKey))

{

$errorText = "encrypt(string) error : " . openssl_error_string() . "\n";

$errorText.= "Data Dump : \n" . strtoupper(bin2hex($source)) ."\n";

$this->setDebug( $errorText );

return false;

}

$ret .= $new_out;

}

return $ret;

}

function publicEncrypt_keyFromFile($data, $publicKeyFile, $passphrase=NULL)

{

$fp=fopen($publicKeyFile, "r");

$public_key=fread($fp,8192);

fclose($fp);

// $passphrase is required if your key is encoded (suggested)

if($passphrase != NULL)

$res = openssl_get_publickey($public_key);

else

$res = openssl_get_publickey($public_key);

openssl_public_encrypt($data, $encrypted, $res);

return $encrypted;

}

function privateDecrypt_keyFromFile($data, $privateKeyFile, $passphrase=NULL)

{

$fp=fopen ($privateKeyFile,"r");

$private_key=fread($fp,8192);

fclose($fp);

if($passphrase != NULL)

openssl_get_privatekey($private_key, $passphrase);

else

openssl_get_privatekey($private_key);

openssl_private_decrypt($data, $decrpted, $private_key);

return $decrpted;

}

function decrypt( $cryptedData )

{

if(!$this->resourcePriKey)

{

$this->setDebug("decrypt(string) error : No Private Key Resource.\n");

return false;

}

$ret = "";

$len = strlen($cryptedData);

* Why decrypt each 128 bytes?

* Because openssl_private_decrypt can't decrypt large data.

* And when use openssl_public_enrypt to crypt data . It will create a 128 bytes string(Encoded)

for($i=0;$i

{

if(!openssl_private_decrypt(substr($cryptedData,$i,128),$new_out,$this->resourcePriKey))

{

$errorText = "decrypt(string) error : " . openssl_error_string() . "\n";

$errorText.= "Data Dump : \n" . strtoupper(bin2hex($cryptedData)) ."\n";

$this->setDebug( $errorText );

return false;

}

$ret .= $new_out;

}

return $ret;

}

function setKeyLength( $bitNum=64 )

{

$keyLength = $bitNum;

}

function getLastError()

{

return $this->lastError;

}

function setDebugMode( $bl=false )

{

$this->debugMode = $bl;

}

function setDebug( $msg="" )

{

if(!$msg)

$this->lastError = openssl_error_string();

else

$this->lastError = $msg;

if( $this->debugMode )

echo $this->lastError;

}

//echo phpinfo();

echo "

Openssl Encrypt/Decrypt Example:

// use a large data for test

$testStr= <

EOT;

// Now I am server

$server_ssl = new COpenSSLCrypt;

$server_ssl->setDebugMode(true);

//Generate Key File.

$ret = $server_ssl->GenerateKeyToFile("/home/test/cert.csr",

"/home/test/cert.pem",

"/home/test/privkey.pem");

if (!$ret)

echo "

Error to generate key.";

echo "

The plain text is:".$testStr;

// Start Encrpt process at the server end.

echo "

The encrpyted result is:";

$cryptedData = $server_ssl->publicEncrypt_keyFromFile($testStr, "/home/test/cert.pem");

echo $cryptedData;

// Start Decrpt process at the client end.

echo "

The decrpyted result is:";

$decryptedData = $server_ssl->privateDecrypt_keyFromFile($cryptedData, "/home/test/privkey.pem");

echo $decryptedData;

/*// Now I ma client

$client_ssl = new COpenSSLCrypt;

$client_ssl->setDebugMode(true);

$client_ssl->GenerateKeyToFile("/home/test/cert.csr",

"/home/test/cert.pem",

"/home/test/privkey.pem");

// Now I am server , and client send a public key to me

$client_public_key = $client_ssl->getPublicKey();

$server_ssl->setPublicKey( $client_public_key );

$cryptedText = $server_ssl->encrypt($testStr);

// Now I am client , and I will decrypt $cryptedText

echo "The encrypted length is ". strlen($cryptedText) . "

$dumpData = strtoupper(bin2hex($cryptedText));

echo "Dump CryptedText :". $dumpData. "

echo "The encrypted length is ". strlen($dumpData) . "

echo "Decrypt Text : ". $client_ssl->decrypt( $cryptedText ) . "

// Now I am server

$server_ssl = new COpenSSLCrypt;

$server_ssl->setDebugMode(true);

// Now I ma client

$client_ssl = new COpenSSLCrypt;

$client_ssl->setDebugMode(true);

$client_ssl->GenerateKeyToFile("/home/test/cert.pem",

"/home/test/cert.pem",

"/home/test/privkey.pem");

// Now I am server , and client send a public key to me

$client_public_key = $client_ssl->getPublicKey();

$server_ssl->setPublicKey( $client_public_key );

$cryptedText = $server_ssl->encrypt($testStr);

// Now I am client , and I will decrypt $cryptedText

echo "The encrypted length is ". strlen($cryptedText) . "

$dumpData = strtoupper(bin2hex($cryptedText));

echo "Dump CryptedText :". $dumpData. "

echo "The encrypted length is ". strlen($dumpData) . "

echo "Decrypt Text : ". $client_ssl->decrypt( $cryptedText ) . "

- 作者： Goooder 2005年05月31日, 星期二 14:47 加入博采

php读取证书加密,PHP中使用OpenSSL来产生证书加密解密源代码- -相关推荐

nginx反向代理cas-server之2:生成证书，centOS下使用openssl生成CA证书(根证书、server证书、client证书)...
前些天搭好了cas系统,这几天一致再搞nginx和cas的反向代理,一直不成功,但是走http还是测试通过的,最终确定是ssl认证证书这一块的问题,原本我在cas服务端里的tomcat已经配置了证书, ...
linux 加密文件,如何运用OpenSSL 对文件进行加密和解密
导读我们在平时的 Linux 运维管理的时候,经常会进行各种数据备份任务.将数据导出然后打包.通常在安全性要求比较高的环境下,我们可以借助 OpenSSL 工具对打包后的数据进行加密,这样能进一步的 ...
加密通信（三）：CA证书
一出现背景加密通信(二):加密通信模型所述的加密通信中还有两个问题: 如何确认公钥的安全性(确保你拿到的接收者的公钥是真正的接收者的.没有被篡改的).如果每次通信开始时接收者将公钥发送给发送者, ...
在Exchange Server 2007中使用多主机名称证书
相信接触过Exchange Server 2007的朋友都清楚很多场景都离不开SSL证书的,这些场景包括:OWA,Outlook Anywhere,Autodiscover的使用和配置.我们通常的做法 ...
像素旋转:一种在加密图像中实现安全的可逆数据隐藏方案
文章目录前言一.提出的PR-RDHEI方案二.算法步骤简介 1.图像加密 2.数据嵌入(重点) 3.图像恢复(重点) 总结收获与思考前言原文题目<Reversal of pixel ...
android crt证书,android https 抓包，root安装证书
1,背景介绍: 由于车机无法安装证书,所以需要获取root权限,通过push的方式添加证书. 系统需安装openssl 2,证书转换: fidder 的证书是cer格式,需要转换成crt格式 open ...
PHP的OpenSSL加密扩展学习（三）：证书操作
PHP的OpenSSL加密扩展学习(三):证书操作关于对称和非对称的加密操作,我们已经学习完两篇文章的内容了,接下来,我们就继续学习关于证书的生成. 生成 CSR 证书签名请求 CSR 是用于生成证 ...
【Android 安全】DEX 加密 ( 代理 Application 开发 | 项目中配置 OpenSSL 开源库 | 使用 OpenSSL 开源库解密 dex 文件 )
文章目录一.项目中配置 OpenSSL 开源库二.OpenSSL 开源库解密参考代码三.解密 dex 文件的 Java 代码四.解密 dex 文件的 Jni 代码参考博客 : [Androi ...
内网使用openssl自签名证书开启https连接，同时解决chrome浏览器中的不安全访问
1.在内网中开启https访问,使用ip,请直接看第二步.如果是外网域名的话,建议直接去从阿里云或者其他的网站中直接用权威机构颁发的证书.地址 2.请先安装OpenSSL 3.生成证书创建根证书 ...

php读取证书加密,PHP中使用OpenSSL来产生证书加密解密源代码- -

php读取证书加密,PHP中使用OpenSSL来产生证书加密解密源代码- -相关推荐

最新文章

热门文章