php RSA 生成证书，从证书导出密钥，公钥

generate.php

  
    $dn = array(  

        "countryName" => 'XX', //所在国家名称  

        "stateOrProvinceName" => 'State', //所在省份名称  

        "localityName" => 'SomewhereCity', //所在城市名称  

        "organizationName" => 'MySelf',   //注册人姓名  

        "organizationalUnitName" => 'Whatever', //组织名称  

        "commonName" => 'mySelf', //公共名称  

        "emailAddress" => '[email protected]' //邮箱  

);  

    $privkeypass = '111111'; //私钥密码  

    $numberofdays = 365;     //有效时长  

    $cerpath = "./test.cer"; //生成证书路径  

    $pfxpath = "./test.pfx"; //密钥文件路径  

    

    //生成证书  

    $privkey = openssl_pkey_new(); 

    $csr = openssl_csr_new($dn, $privkey);  

    $sscert = openssl_csr_sign($csr, null, $privkey, $numberofdays);  

    openssl_x509_export_to_file($sscert, $cerpath); //导出证书到文件

    openssl_pkcs12_export_to_file($sscert, $pfxpath, $privkey, $privkeypass); //生成密钥文件  

crypt.php

 

  
     
   //私钥加密
    $cer_key =file_get_contents($pfxpath); //获取密钥内容
   openssl_pkcs12_read($cer_key, $certs, $privkeypass);
   openssl_sign($data, $signMsg, $certs['pkey'],OPENSSL_ALGO_SHA1);//注册生成加密信息
    $signMsg =base64_encode($signMsg); //base64转码加密信息
    echo$signMsg;
   
   
    //公钥解密
    $cer_key =file_get_contents($cerpath); //获取证书内容
   $unsignMsg=base64_decode($signMsg);//base64解码加密信息
    $cer =openssl_x509_read($cer_key); //读取公钥
    $res =openssl_verify($data, $unsignMsg, $cer); //验证
    echo $res;//输出验证结果，1：验证成功，0：验证失败

一个简单的加密解密类：

class RsaCrypt {
    constPRIVATE_KEY_FILE_PATH = './rsa_private_key.pem';
    constPUBLIC_KEY_FILE_PATH = './rsa_public_key.pem';

   
    publicstatic function encode($orignData) {
       //密钥文件的路径
       $privateKeyFilePath = self::PRIVATE_KEY_FILE_PATH;
       extension_loaded('openssl') or die('php需要openssl扩展支持');
       (file_exists($privateKeyFilePath)) or die('密钥的文件路径不正确');
       //生成Resource类型的密钥，如果密钥文件内容被破坏，openssl_pkey_get_private函数返回false
       $privateKey =openssl_pkey_get_private(file_get_contents($privateKeyFilePath));
     
       ($privateKey) or die('密钥不可用');
       //加密以后的数据，用于在网路上传输
       $encryptData = '';
       ///////////////////////////////用私钥加密////////////////////////
       if (openssl_private_encrypt($orignData, $encryptData, $privateKey)){
           return $encryptData;
       } else {
           die('加密失败');
       }
    }
   
    publicstatic function decode($encryptData) {
       //公钥文件的路径
       $publicKeyFilePath = self::PUBLIC_KEY_FILE_PATH;
       extension_loaded('openssl') or die('php需要openssl扩展支持');
       (file_exists($publicKeyFilePath)) or die('公钥的文件路径不正确');
       //生成Resource类型的公钥，如果公钥文件内容被破坏，openssl_pkey_get_public函数返回false
       $publicKey =openssl_pkey_get_public(file_get_contents($publicKeyFilePath));
       ($publicKey) or die('公钥不可用');
       //解密以后的数据
       $decryptData = '';