php rsa加密解密实例 及签名验证-自己实践

<?php
/**
 * Created by PhpStorm.
 * User: Administrator
 * Date: 2018/4/1
 * Time: 1:50
 */

//注意格式一定要有下面的标识符
$pub_key = "-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCjwmQtK4aYLSL/aOSH4g4fdTBT1JLzeRchbR6fMylOvTjGMh4IngxCwi7NAbTm8Edr02s7HXmo7oweLfqDRHvYPz7aH5Kt6gtjGzokfIVo6nN+3jDfoNBws+pPDaro5KbeIVO0kK16m+51yPS4R3lFF6bZcrGb+xq8A/QrPHxWNQIDAQAB
-----END PUBLIC KEY-----";
$pri_key = "-----BEGIN RSA PRIVATE KEY-----
MIICXQIBAAKBgQCjwmQtK4aYLSL/aOSH4g4fdTBT1JLzeRchbR6fMylOvTjGMh4IngxCwi7NAbTm8Edr02s7HXmo7oweLfqDRHvYPz7aH5Kt6gtjGzokfIVo6nN+3jDfoNBws+pPDaro5KbeIVO0kK16m+51yPS4R3lFF6bZcrGb+xq8A/QrPHxWNQIDAQABAoGAemICn8dRlVTWPO7VK8ADMftQnLXXBOJQKQj1w6BmlJPRZD18OJB1NUcN1uQZoCWeGrUsBEfo7hko2j0eZQ+/RRCanxM34l0cHP4WQLVYzZ5jGcAyFl3f6Ra4MKELGD3daynfct8z5+XsnD7Fwg/kWNWZ8NJIKHICoqBrgF6wnJkCQQDZUBhAarJsMdebDPw/wj8ovTYZWJf0oqoL+FjDsJF4p8e0MDMIGmsBTPbv5wVaF+8/EFTQ7PDhD0oWRKBpeT6/AkEAwOmgUPXWmxi/TtwjFfX7290GXERjkCwGc5Yj8bVh4YdjPl2ijaFFrogvr3gCKFDd9AD/Oz5zKcrxSl4H5sZcCwJBAMiUuD3E/fkFrFduDeqf1YI52xRcBK4F8mToDq5ZbHxsiNUVZBUHpVrm+kqG9xaoXujbnx3UhaWGYkDZiSKxiasCQQCD7MEX3KcgdbIOqfjMgeX1G5fH7XTxGUpoLVrzZwlDBCVYdww9MvbGPpfttXI0Q+klfrEMwM5c3E5afyeEKE61AkA0m6sjb5ypwXMbXo5+uSEHkpL0Qqb87SCRVV/Bli7OJNuv9DrdwVO27AA192WxUoDfC23faeeETB1Su4M785U6
-----END RSA PRIVATE KEY-----";

$str = "这个是要加密的字符串888";

//这个例子是演示RSA加密
//非对称加密 分为 公钥和私钥
//通常 公钥加密 私钥解密，私钥加密，公钥用来验签

/*
 * 用到的加密函数
openssl_private_decrypt — Decrypts data with private key
openssl_private_encrypt — Encrypts data with private key
openssl_public_decrypt — Decrypts data with public key
openssl_public_encrypt — Encrypts data with public key
 *
 */

//echo $private_key;
$pi_key =  openssl_pkey_get_private($pri_key);//这个函数可用来判断私钥是否是可用的，可用返回资源id Resource id
$pu_key = openssl_pkey_get_public($pub_key);//这个函数可用来判断公钥是否是可用的
//print_r($pi_key);echo "\n";
//print_r($pu_key);echo "\n";

//公钥加密过程
$enStr = '';
openssl_public_encrypt($str,$enStr,$pu_key); //参数的意义: 密文数据, 加密解密后的数据,密钥,加密解密的填充(没填)

//加密后的字符 有些无法显示 需要 base64_encode ( string $data ) ,解密的时候不需要要 base64_decode ( string $data )
echo base64_encode ($enStr);
echo "<br/>";
//私钥解密过程
$deStr = '';
//$enStr = base64_decode ( $enStr);
openssl_private_decrypt($enStr,$deStr,$pi_key);
echo $deStr; echo "<br/>"; 

//下面是签名验证例子
$binary_signature = "";
// At least with PHP 5.2.2 / OpenSSL 0.9.8b (Fedora 7)
// there seems to be no need to call openssl_get_privatekey or similar.
// Just pass the key as defined above
openssl_sign($str, $binary_signature, $pi_key, OPENSSL_ALGO_SHA1);
// Check signature
$ok = openssl_verify($str, $binary_signature, $pu_key, OPENSSL_ALGO_SHA1);
echo "check #1: ";
if ($ok == 1)
{
    echo "signature ok (as it should be)\n";
}
elseif ($ok == 0)
{
    echo "bad (there's something wrong)\n";
}
else
{
    echo "ugly, error checking signature\n";
}

还有验签 一定是用对方的公钥，去验证人家私钥加密的内容哦..

淘宝开放平台，安全签名就是用的此算法， 我自己（商家开发者）生成有商家私钥和商家公钥，支付宝那边有支付宝私钥和支付宝公钥。具体是商家把商家公钥给支付宝（支付宝用作解密和签名验证），我们获取支付宝公钥（用来对支付宝发来的信息进行解密和签名校验）。

注意，私钥一定是自己用的，公钥给其他人用.

参考地址 ： http://php.net/manual/en/function.openssl-private-decrypt.php

https://docs.open.alipay.com/58/103242

生成秘钥：http://php.net/manual/en/function.openssl-private-encrypt.php

$res = openssl_pkey_new();

// Get private key
openssl_pkey_export($res, $privkey);

// Get public key
$pubkey = openssl_pkey_get_details($res);
$pubkey = $pubkey["key"];
var_dump($privkey);
var_dump($pubkey);

在加密解密的时候，对秘钥的格式一定要注意，

        $str        = trim(self::$priKey);
        $str        = chunk_split($str, 64, PHP_EOL);//在每一个64字符后加一个\n
        $key = "-----BEGIN RSA PRIVATE KEY-----".PHP_EOL.$str."-----END RSA PRIVATE KEY-----".PHP_EOL;
        echo $key;

        $signature = '';
        if (openssl_sign($data, $signature, openssl_pkey_get_private($key), OPENSSL_ALGO_SHA256)) {
            $res = base64_encode($signature);
            return $res;
        }

秘钥一定是下面格式才可以加密解密成功：