PHP RSA 非对称加密解密实例

技术文档 - PHP文档 作者: xcheng1986 发布于:2017-04-07 阅读(323) (暂无评论)  

PHP服务端与客户端交互、提供开放api时,通常需要对敏感的部分api数据传输进行数据加密,这时候rsa非对称加密就能派上用处了,下面通过一个例子来说明如何用php来实现数据的加密解密


1、加密解密的第一步是生成公钥、私钥对,私钥加密的内容能通过公钥解密(反过来亦可以)

下载开源RSA密钥生成工具openssl(通常Linux系统都自带该程序),解压缩至独立的文件夹,进入其中的bin目录,执行以下命令:

#1.生成原始 RSA私钥文件 rsa_private_key.pem
openssl genrsa -out rsa_private_key.pem 1024
#2.将原始 RSA私钥转换为 pkcs8格式
openssl pkcs8 -topk8 -inform PEM -in rsa_private_key.pem -outform PEM -nocrypt -out private_key.pem
#3.生成RSA公钥 rsa_public_key.pem
openssl rsa -in rsa_private_key.pem -pubout -out rsa_public_key.pem

从上面看出通过私钥能生成对应的公钥,因此我们将私钥private_key.pem用在服务器端,公钥发放给Android跟iOS等前端


2、php中用生成的公钥、私钥进行加密解密

//rsa.php :
<?php
//私钥
$private_key = '-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQDlRTEqGarpu6eesOseMMw4S7orIL43DJEU7LbOc8g1YWCRiQRK
BIiz3iyeAxAgOjRuSP+4mIL8V6FOS75lPPVM7F4FhrZzrqJaOcsCXrIUZ2cDoQ9+
Z17gHWmPVPVA9Q4QPO1A6KpeXpGjRmSSqIeLBmm3GtuSAN6tEP9KNSf/JQIDAQAB
AoGAWhUDqj0HkGqxA4MT/nrB4uSuMz/cPRjs8EHJ2fhYE9E89jHVw5dgdvu2oCcn
8OGttB9uioMyBCASOwc7ud9nqaEm7A8vS0QAV5thYC7hrn4x4HmskfpxdkGUol3i
xy7roe3sjtyG6E4VtVvCWr05HxBYPBSVXl9w6ODBHS3SeYkCQQD94Js1IlQpnPwx
OUpBopMOfr5qnu9sJoaxsCdo22B3alc5phP+2+Fz9ElaLi/3Jnn92hGuFTjF1pmd
M/mgY6v7AkEA5y/q0xsq1x+ya/oXjT6dkC4D1xaCduvASaKUiSEp3SbYjWx4FP7v
jgl2nrCGXjpPjW36rVyjbYDEAE+ZrvT3XwJAZlqFeJiMgfJuopHMZEXdL/zdXDMT
p/CoYT75xIadj8dpvy475YZUkOEuKZNxdx0mFbgzZJHdv7VTXVO1EnrcvQJBAJw3
KLnVVbFfXbTQnTF36ggOz9F7CFVLH/ehwDSZECy7nwCRFuM5EK4tftXj+ieZxz+N
3SFfw56ur8J2BybNqIkCQBLSa4KhNzHUcD7ZgfNTkvc6X2ajhgEBD47UIxQ80kRd
fPiAiZcfZnoRmi7NykALVilO32fUgovvfopi3aPeKCo=
-----END RSA PRIVATE KEY-----';

//公钥
$public_key = '-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDlRTEqGarpu6eesOseMMw4S7or
IL43DJEU7LbOc8g1YWCRiQRKBIiz3iyeAxAgOjRuSP+4mIL8V6FOS75lPPVM7F4F
hrZzrqJaOcsCXrIUZ2cDoQ9+Z17gHWmPVPVA9Q4QPO1A6KpeXpGjRmSSqIeLBmm3
GtuSAN6tEP9KNSf/JQIDAQAB
-----END PUBLIC KEY-----';

//echo $private_key;
$pi_key = openssl_pkey_get_private($private_key);//这个函数可用来判断私钥是否是可用的,可用返回资源id Resource id
$pu_key = openssl_pkey_get_public($public_key);//这个函数可用来判断公钥是否是可用的
print_r($pi_key);echo "\n";
print_r($pu_key);echo "\n";


$data = "www.lixiaocheng.com";//原始数据
$encrypted = ""; 
$decrypted = ""; 

echo "source data:",$data,"\n";

echo "private key encrypt:\n";

openssl_private_encrypt($data,$encrypted,$pi_key);//私钥加密
$encrypted = base64_encode($encrypted);//加密后的内容通常含有特殊字符,需要编码转换下,在网络间通过url传输时要注意base64编码是否是url安全的
echo $encrypted,"\n";

echo "public key decrypt:\n";

openssl_public_decrypt(base64_decode($encrypted),$decrypted,$pu_key);//私钥加密的内容通过公钥可用解密出来
echo $decrypted,"\n";

echo "---------------------------------------\n";
echo "public key encrypt:\n";

openssl_public_encrypt($data,$encrypted,$pu_key);//公钥加密
$encrypted = base64_encode($encrypted);
echo $encrypted,"\n";

echo "private key decrypt:\n";
openssl_private_decrypt(base64_decode($encrypted),$decrypted,$pi_key);//私钥解密
echo $decrypted,"\n";

运行后输出:


>php rsa.php
Resource id #4
Resource id #5
source data:www.lixiaocheng.com
private key encrypt:
dR2713sx+kXvgY6s+A2i9eIDdo7dYMkN7bcp306TV7RbA7oD4YRHc4pW8S193ks+DyrLzvKllFIsy4IZEFLv+Tw41fpiEE+7ZwYf9j/j6p4JT7OH9LDaBuxSo1rHzhTbCB9ut3zrfD7JUl67UfWVHHNRJgJEbv10TMIKXhz4tQc=
public key decrypt:
www.lixiaocheng.com
---------------------------------------
public key encrypt:
begbEJ2j1FKwzIa4HOFcSw7orLWOZXOvpu85IX0VxXT0W5jqGFYc61zTjzvvBiGtdVrDiP72l61P2mNWFQ3unO5fnaHiBg0YP94wf2WKjPSo2G2JmGuRzvGvDkFUSle2QY2Sv9uHl8LvYNHFRtI4HRAP4ddniJr+3k80YbQKIF8=
private key decrypt:
www.lixiaocheng.com

>