php读取证书加密,PHP中使用OpenSSL来产生证书加密解密源代码- -
PHP中使用OpenSSL来产生证书加密解密源代码- -
我想这段代码足够简单,没必要写函数说明了吧。
该程序在linux+Apache 2.0 + PHP Version 4.2.2 中运行通过。
大致功能有:1。产生证书;2。使用RSA算法加密解密任意长度数据。
--------------------------------------------------
/*
* Class COPenSSLCrypt
* Author : pigo chu
* Date : 2004-11-12
* Version : 0.01
* Revision History:
* Lihui Lei 2005-05-18
*/
class COpenSSLCrypt {
/* All member variable is private */
var $publicKey = "";
var $privateKey = "";
var $resourcePubKey = NULL;
var $resourcePriKey = NULL;
var $lastError = "";
var $debugMode = false;
var $keyLength = 64;
var $config = NULL;
/*
* Construct Method
* if $dn is not null , then this class will Generate CSR with $dn
* NOTE $dn is an array like this :
* array(
* "countryName" => "UK",
* "stateOrProvinceName" => "Somerset",
* "localityName" => "Glastonbury",
* "organizationName" => "The Brain Room Limited",
* "organizationalUnitName" => "PHP Documentation Team",
* "commonName" => "Wez Furlong",
* "emailAddress" => "wez@example.com"
* );
*/
function COpenSSLCrypt( $dn=NULL , $passphrase=NULL )
{
if(is_array( $dn ))
{
$this->GenerateKey($dn , $passphrase);
}
}
/*
* Generate CSR and create all key , if $dn is NULL then use default dn to generate
*/
function GenerateKey($dn=NULL , $config= NULL , $passphrase=NULL )
{
if(!$dn)
{
$dn = array(
"countryName" => "CN",
"stateOrProvinceName" => "BEIJING",
"localityName" => "BeiJing",
"organizationName" => "IVT Corporation",
"organizationalUnitName" => "BlueSoleil Group",
"commonName" => "www.bluesolei.com",
"emailAddress" => "support@bluesoleil.com"
);
}
$privkey = openssl_pkey_new();
if (!$config)
{
$config = array(
"digest_alg" => "sha1",
"private_key_bits" => $keyLength,
"private_key_type" => OPENSSL_KEYTYPE_RSA,
"encrypt_key" => false
);
}
$csr = openssl_csr_new($dn, $privkey);
$sscert = openssl_csr_sign($csr, null, $privkey, 365);
echo "
CSR:
";
openssl_csr_export($csr, $csrout);
echo "
Certificate: public key
";
openssl_x509_export($sscert, $certout);
echo "
private key:
";
if($passphrase != NULL){
openssl_pkey_export($privkey, $pkeyout, $passphrase);
}else{
openssl_pkey_export($privkey, $pkeyout);
}
$this->setPublicKey($certout);
$this->setPrivateKey($pkeyout);
}
/*
* Generate CSR and create all key , if $dn is NULL then use default dn to generate
*/
function GenerateKeyToFile($csrFile=NULL, $certFile=NULL, $privkeyFile=NULL )
{
if (!csrFile or !certFile or !privkeyFile)
{
echo "
Please set key files' name and path.
";
return false;
}
if(!$dn)
{
$dn = array(
"countryName" => "CN",
"stateOrProvinceName" => "BEIJING",
"localityName" => "BeiJing",
"organizationName" => "IVT Corporation",
"organizationalUnitName" => "BlueSoleil Group",
"commonName" => "www.bluesolei.com",
"emailAddress" => "support@bluesoleil.com"
);
}
$privkey = openssl_pkey_new();
$csr = openssl_csr_new($dn, $privkey);
$sscert = openssl_csr_sign($csr, null, $privkey, 365);
openssl_csr_export_to_file($csr, $csrFile);//and debug_zval_dump($csrout);;
openssl_x509_export_to_file($sscert, $certFile);
if($passphrase != NULL){
openssl_pkey_export_to_file($privkey, $privkeyFile, $passphrase);
}else{
openssl_pkey_export_to_file($privkey, $privkeyFile);
}
return true;
}
function setPublicKey( $key )
{
$this->publicKey = $key;
if( !($this->resourcePubKey = @openssl_get_publickey($key)) )
{
$this->setDebug();
return false;
}
return true;
}
function setPrivateKey( $key , $passphrase="" )
{
$this->privateKey = $key;
if( !($this->resourcePriKey = @openssl_get_privatekey($key , $passphrase)) )
{
$this->setDebug();
return false;
}
return true;
}
function getPublicKey()
{
return $this->publicKey;
}
function getPrivateKey()
{
return $this->privateKey;
}
function encrypt( $source )
{
if(!$this->resourcePubKey)
{
$this->setDebug("decrypt(string) error : No Public Key Resource.\n");
return false;
}
$ret = "";
$len = strlen($source);
echo "The encrypted source length is ". $len;
/*
* Why encrypt each 64 bytes ?
* Because openssl_public_enrypt() can't encrypt large data
* Anyone know why ?
*/
for($i=0;$i
{
if(!openssl_public_encrypt(substr($source,$i,64),$new_out,$this->resourcePubKey))
{
$errorText = "encrypt(string) error : " . openssl_error_string() . "\n";
$errorText.= "Data Dump : \n" . strtoupper(bin2hex($source)) ."\n";
$this->setDebug( $errorText );
return false;
}
$ret .= $new_out;
}
return $ret;
}
function publicEncrypt_keyFromFile($data, $publicKeyFile, $passphrase=NULL)
{
$fp=fopen($publicKeyFile, "r");
$public_key=fread($fp,8192);
fclose($fp);
// $passphrase is required if your key is encoded (suggested)
if($passphrase != NULL)
$res = openssl_get_publickey($public_key);
else
$res = openssl_get_publickey($public_key);
openssl_public_encrypt($data, $encrypted, $res);
return $encrypted;
}
function privateDecrypt_keyFromFile($data, $privateKeyFile, $passphrase=NULL)
{
$fp=fopen ($privateKeyFile,"r");
$private_key=fread($fp,8192);
fclose($fp);
if($passphrase != NULL)
openssl_get_privatekey($private_key, $passphrase);
else
openssl_get_privatekey($private_key);
openssl_private_decrypt($data, $decrpted, $private_key);
return $decrpted;
}
function decrypt( $cryptedData )
{
if(!$this->resourcePriKey)
{
$this->setDebug("decrypt(string) error : No Private Key Resource.\n");
return false;
}
$ret = "";
$len = strlen($cryptedData);
/*
* Why decrypt each 128 bytes?
* Because openssl_private_decrypt can't decrypt large data.
* And when use openssl_public_enrypt to crypt data . It will create a 128 bytes string(Encoded)
*/
for($i=0;$i
{
if(!openssl_private_decrypt(substr($cryptedData,$i,128),$new_out,$this->resourcePriKey))
{
$errorText = "decrypt(string) error : " . openssl_error_string() . "\n";
$errorText.= "Data Dump : \n" . strtoupper(bin2hex($cryptedData)) ."\n";
$this->setDebug( $errorText );
return false;
}
$ret .= $new_out;
}
return $ret;
}
function setKeyLength( $bitNum=64 )
{
$keyLength = $bitNum;
}
function getLastError()
{
return $this->lastError;
}
function setDebugMode( $bl=false )
{
$this->debugMode = $bl;
}
function setDebug( $msg="" )
{
if(!$msg)
$this->lastError = openssl_error_string();
else
$this->lastError = $msg;
if( $this->debugMode )
echo $this->lastError;
}
}
//echo phpinfo();
echo "
Openssl Encrypt/Decrypt Example:
";
// use a large data for test
$testStr= <
EOT;
// Now I am server
$server_ssl = new COpenSSLCrypt;
$server_ssl->setDebugMode(true);
//Generate Key File.
$ret = $server_ssl->GenerateKeyToFile("/home/test/cert.csr",
"/home/test/cert.pem",
"/home/test/privkey.pem");
if (!$ret)
echo "
Error to generate key.";
echo "
The plain text is:".$testStr;
// Start Encrpt process at the server end.
echo "
The encrpyted result is:";
$cryptedData = $server_ssl->publicEncrypt_keyFromFile($testStr, "/home/test/cert.pem");
echo $cryptedData;
// Start Decrpt process at the client end.
echo "
The decrpyted result is:";
$decryptedData = $server_ssl->privateDecrypt_keyFromFile($cryptedData, "/home/test/privkey.pem");
echo $decryptedData;
/*// Now I ma client
$client_ssl = new COpenSSLCrypt;
$client_ssl->setDebugMode(true);
$client_ssl->GenerateKeyToFile("/home/test/cert.csr",
"/home/test/cert.pem",
"/home/test/privkey.pem");
// Now I am server , and client send a public key to me
$client_public_key = $client_ssl->getPublicKey();
$server_ssl->setPublicKey( $client_public_key );
$cryptedText = $server_ssl->encrypt($testStr);
// Now I am client , and I will decrypt $cryptedText
echo "The encrypted length is ". strlen($cryptedText) . "
";
$dumpData = strtoupper(bin2hex($cryptedText));
echo "Dump CryptedText :". $dumpData. "
";
echo "The encrypted length is ". strlen($dumpData) . "
";
echo "Decrypt Text : ". $client_ssl->decrypt( $cryptedText ) . "
"
// Now I am server
$server_ssl = new COpenSSLCrypt;
$server_ssl->setDebugMode(true);
// Now I ma client
$client_ssl = new COpenSSLCrypt;
$client_ssl->setDebugMode(true);
$client_ssl->GenerateKeyToFile("/home/test/cert.pem",
"/home/test/cert.pem",
"/home/test/privkey.pem");
// Now I am server , and client send a public key to me
$client_public_key = $client_ssl->getPublicKey();
$server_ssl->setPublicKey( $client_public_key );
$cryptedText = $server_ssl->encrypt($testStr);
// Now I am client , and I will decrypt $cryptedText
echo "The encrypted length is ". strlen($cryptedText) . "
";
$dumpData = strtoupper(bin2hex($cryptedText));
echo "Dump CryptedText :". $dumpData. "
";
echo "The encrypted length is ". strlen($dumpData) . "
";
echo "Decrypt Text : ". $client_ssl->decrypt( $cryptedText ) . "
"
*/
?>
- 作者: Goooder 2005年05月31日, 星期二 14:47 加入博采
php读取证书加密,PHP中使用OpenSSL来产生证书加密解密源代码- -相关推荐
- nginx反向代理cas-server之2:生成证书,centOS下使用openssl生成CA证书(根证书、server证书、client证书)...
前些天搭好了cas系统,这几天一致再搞nginx和cas的反向代理,一直不成功,但是走http还是测试通过的,最终确定是ssl认证证书这一块的问题,原本我在cas服务端里的tomcat已经配置了证书, ...
- linux 加密文件,如何运用OpenSSL 对文件进行加密和解密
导读 我们在平时的 Linux 运维管理的时候,经常会进行各种数据备份任务.将数据导出然后打包.通常在安全性要求比较高的环境下,我们可以借助 OpenSSL 工具对打包后的数据进行加密,这样能进一步的 ...
- 加密通信(三):CA证书
一 出现背景 加密通信(二):加密通信模型 所述的加密通信中还有两个问题: 如何确认公钥的安全性(确保你拿到的接收者的公钥是真正的接收者的.没有被篡改的).如果每次通信开始时接收者将公钥发送给发送者, ...
- 在Exchange Server 2007中使用多主机名称证书
相信接触过Exchange Server 2007的朋友都清楚很多场景都离不开SSL证书的,这些场景包括:OWA,Outlook Anywhere,Autodiscover的使用和配置.我们通常的做法 ...
- 像素旋转:一种在加密图像中实现安全的可逆数据隐藏方案
文章目录 前言 一.提出的PR-RDHEI方案 二.算法步骤简介 1.图像加密 2.数据嵌入(重点) 3.图像恢复(重点) 总结 收获与思考 前言 原文题目<Reversal of pixel ...
- android crt证书,android https 抓包,root安装证书
1,背景介绍: 由于车机无法安装证书,所以需要获取root权限,通过push的方式添加证书. 系统需安装openssl 2,证书转换: fidder 的证书是cer格式,需要转换成crt格式 open ...
- PHP的OpenSSL加密扩展学习(三):证书操作
PHP的OpenSSL加密扩展学习(三):证书操作 关于对称和非对称的加密操作,我们已经学习完两篇文章的内容了,接下来,我们就继续学习关于证书的生成. 生成 CSR 证书签名请求 CSR 是用于生成证 ...
- 【Android 安全】DEX 加密 ( 代理 Application 开发 | 项目中配置 OpenSSL 开源库 | 使用 OpenSSL 开源库解密 dex 文件 )
文章目录 一.项目中配置 OpenSSL 开源库 二.OpenSSL 开源库解密参考代码 三.解密 dex 文件的 Java 代码 四.解密 dex 文件的 Jni 代码 参考博客 : [Androi ...
- 内网使用openssl自签名证书开启https连接,同时解决chrome浏览器中的不安全访问
1.在内网中开启https访问,使用ip,请直接看第二步.如果是外网域名的话,建议直接去从 阿里云或者其他的网站中直接用权威机构颁发的证书.地址 2.请先安装OpenSSL 3.生成证书 创建根证书 ...
最新文章
- java判断表是否存在_java怎么判断表是否存在?
- 为甚么 国企做互联网总做不起来?
- svn切换分支 如何判断 是否完成_SVN创建分支/合并分支/切换分支
- 北京大学2016年高等代数与解析几何考研试题
- java script 调用c_用vs2008调试Javacscript
- 一步一步学习PHP(4)——函数
- 红包裂变被动吸粉引流方法,如何通过红包裂变的方式吸粉
- fir高通滤波器matlab程序,FIR数字滤波器的Matlab实现[高等教育]
- 如何选择合适的工业相机
- Win11的筛选键怎么关闭
- 华为模拟器eNSP配置DHCP自动分配IP地址
- vs code c语言安装视频,vscode怎样安装c语言环境
- 商家招牌的分类与检测
- Java数据类型:基本数据类型和引用数据类型
- 断点续传的原理(转)
- 基于STM32与OneNet平台的智能家居系统设计(代码开源含自制APP代码)
- Linux下构建 uniapp h5 应用(非命令行创建项目)
- Ubuntu更新-换源问题
- 【面试题解】详解前端基石-CSS选择器
- 用于C U I应用程序:/ S U B S Y S T E M : C O N D O L E,而用于G U I :S U B S Y S T E M : W
热门文章
- 生活的改变是需要勇气跟智慧的
- 扁平化商务风格团队管理培训PPT模板
- 项目实训----Unity多人游戏开发----第九篇
- 2020年泛血管手术机器人行业现状与竞争格局分析,市场将蓬勃发展「图」
- linux网卡没有显示link,以下显示是一个Linux系统的网络配置信息:eth0 Link encap:..._考试资料网...
- ubuntu下qt模拟键盘按键按下_基于Linux+Qt软键盘设计及其实现.pdf
- RTThread 线程管理
- 软件智能:aaas系统 语言规范的基础
- Background concurrent copying GC freed 107384(8MB) AllocSpace objects, 0(0B) LOS objects, 49% 原因記錄
- 面试准备——(一)测试基础(3)测试用例的编写