PHP RSA2（非对称加密）签名与验签，加密与解密

RSA加密算法

RSA加密算法又称为非对称加密，是提利用两个密钥来进行加密和解密，这两个秘钥分别是公钥（public key）和私钥（private key），非对称加密适合于对安全性要求很高的场景，适合加密少量数据，比如支付数据、CA数字证书等。

常见的非对称加密算法分为 RSA RSA2

非对称加密的优点：需要两组不同的密钥，安全性高，并且两个密钥可以互相解密

非对称加密的缺点：速度慢，只适合对少量的数据进行加密

PHP RSA2 加密算法的方法

RSA2 所使用的公钥和私钥可以利用一些在线工具生成，也可以在liunx系统中通过命令生成。

示例：

//公钥
$publicKey = '-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmvDCCwuz2tmBbnBF1Vlm
Qrww3xyOpZmRjsRLuGpAcRuH7A5hDiS9TslxoVeF8yZHIFsxPEEFYvlE39FxrBd6
T/UjSsEoK5EJWy9YYbycWA13gATCw0joJHGKS2d/sAVcCewvVe4vOiwyLDMKalwV
4TEfBP4dYySvHPMmsCLGUVXx5ygJTn0eza0mchdnZsVDoO1qHGP1Fj/89eCVOtlM
E4mMJD+uCXFtk4r8fnIJYRm4D34WLa2bI/11B089FUcnVe83UziENHPUqi8UqibJ
HQGkq98ZnHWv4VoNKynixzanbEE8Cu+zmbXliabc5qAMB0N974uGCNj3oSa3XTyS
iQIDAQAB
-----END PUBLIC KEY-----';
//下面是要加密的数据
$data = [
    'uid' => '10',
    'name' => 'yuzhi',
    'host' => 'h2sheji.com',
];
$publicKey = openssl_pkey_get_public($publicKey); 
//加密后的数据进行base64加密
$rs = openssl_public_encrypt(json_encode($data), $encrypted, $publicKey) ? base64_encode($encrypted) : null; 
//输出加密后的字符串
echo $rs;

输出结果

TYyS0iKUn3OkVTAEO3OJkcQAfjALIVOnMsKIZEJpf16wilT+61r7/1obZmtRg8iIFb/Fqi+VWCkx44Z6t1ummj6hCu4SUBKvsgutbB+HFybycu8QSC8Z/Nc5kCLe0LWJJqHAXz33uPd6qPj/EGziRD2d6vUg9OuNZ3e6pFyUzXMU+H9bPaN+D3Bu9i8C4RakW7zKrlFyiuYO4El+oNw7HD+gVVDw2n0O7VY35Yb/03kLETAAUqIHwOWE7lCETwUlWJYPF6Gk2GNs1JFsbGPdhJcDC6rkF0OMOYpi1/R+y79HpEFNOzw0EjG4wBLTgvynn3yQgaXjejdfzNc9+ikSOA==

PHP RSA2 解密算法的方法

我们哪上面的加密的输出数据来解密

示例

输出结果

Array
(
    [uid] => 10
    [name] => yuzhi
    [host] => h2sheji.com
)

【签名，验签】

在进行数据请求的时候，为了防止数据在传输的过程中被截取或篡改，可以使用签名认证，而RSA2就可以胜任这个工作。原理就是数据发送端根据发送的数据使用RSA2加密，然后将加密后的字符串发送给接受端，接受端解密验证即可！

注意，RSA2进行数据签名时应在数据发送方完成，并使用RSA私钥进行签名，在接受数据端使用公钥进行验签即可！

生成签名

示例

//私钥
$privateKey = '-----BEGIN PRIVATE KEY-----
MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCa8MILC7Pa2YFu
cEXVWWZCvDDfHI6lmZGOxEu4akBxG4fsDmEOJL1OyXGhV4XzJkcgWzE8QQVi+UTf
0XGsF3pP9SNKwSgrkQlbL1hhvJxYDXeABMLDSOgkcYpLZ3+wBVwJ7C9V7i86LDIs
MwpqXBXhMR8E/h1jJK8c8yawIsZRVfHnKAlOfR7NrSZyF2dmxUOg7WocY/UWP/z1
4JU62UwTiYwkP64JcW2Tivx+cglhGbgPfhYtrZsj/XUHTz0VRydV7zdTOIQ0c9Sq
LxSqJskdAaSr3xmcda/hWg0rKeLHNqdsQTwK77OZteWJptzmoAwHQ33vi4YI2Peh
JrddPJKJAgMBAAECggEADwsPG/lv5fC2Q129OgCrEBGrgQ4Jv4RQgJcIbwhJ53Fv
2fhvbesdQjgGw053H+t4fmi8OAhsGHbxO/Xe3oGNC5RWb9yfJNO5H9RR9XNVjqsI
DjLoIgPDHj6z2axb1mA+1mvLEMHGbhR6bpYqDbeRHEMjqt1tRwH5yorFF9bYgG78
FYGrGgBQRA1lY9Pg8s7HxzvNeNjMjkblarMWKZulmLQWVzP/PFLhhxOt7M6UrvDp
iem+/+XOd0gjLXUsMx0A1umga9DGqPdW+vQ4Ot3OiYAzV7jVpXoUvs6sElAxFbhH
AV3JSATKZCrdUcZBF7QqiFGyHRyxpwk5v8rEBzBn8QKBgQDL2ewDea7/4fp3xH1x
Fl3l0R7hQcrrCkNAnAQyjutaLp350InL4CznmDfY+3q8j29b0S2o8yfz2xOCL1KR
6TBGtjuLwM67PvzZNlZeipQUETZ/h2kE/pF2BOeUK2spH9Bq02qcxBwhQiRNFmu+
174EkTGHl7CxXIJ38iaifr5D9QKBgQDCk7OmabB1Z/MoStHQYym/LI9NAHxq7IHW
ZdR3FPG38ffhiIW1Fnlvabb0qUmOVj+GAwpDuQ+3k1HkIoYd8b5ytjadJp9GdGYL
5VWqnQROzXvaWmfxrq3xfLeOkHN5Z/Af9zt/3OQhiBQ2DkOm7l1VIX34KVA9KwkE
+TVv6tPLxQKBgF4RJ6nK4whNHSlbUI94xMeiIl/L3nlrePE9jWpPLSemT1vR8WRV
BCOyyEKmeVK91aNG+Yz29769n1j5wV53fsGCoiOxSzR4snEBdAWYaRCBiOZ8c+fM
GQ+e38Yt6vtFJQXGnXHNxTVLsjioWfvszlCJN5PcWbred44l/dIKLn5pAoGALsFX
NfHHmS61W0U/TZfGfE200YgAXaEfQemOOF8sBkt6iRNJLc6Mt5zrfbcAGdfXw9gP
K17Yy//2eZ9iIufoH6BxVynktAVcUBd3klvQoS73R+zZdVXILnMNmJBVbyLurH+4
KG1n1DbixGqBDyfP/ZjisDMdONWSgUNw98exxRECgYBiClGPWa4OQAl7FGD7vfp8
0Jz0JKf9DKimXO6i8HFnapO6Fko0nVn2MjaPeF93smV3Kosx+pZuqOzK5aEE7rLC
7Qpc9qoiVMD2SJJvZAuL1kKOHyBbZs8fpaHJcPN3aIIjkDphgaeYokJQ5qixB39u
PNOOMZ+rikAEshVb201T5A==
-----END PRIVATE KEY-----';
//下面是要加密的数据
$data = [
    'uid' => '10',
    'name' => 'yuzhi',
    'host' => 'h2sheji.com',
];
$privateKey = openssl_pkey_get_private($privateKey);
$sign_str = openssl_sign(json_encode($data), $sign, $privateKey, OPENSSL_ALGO_SHA256) ? base64_encode($sign) : null;
//输入签名
echo $sign_str;

输出结果：

CvpvFjCkfYIJJJWoQl3+S7riT8a5/9dlEqqy/1vU/CIBLeslqXhsZyz2wFpU8dRIx7bUyv3mlGHrfbt44swdD8sUrLA9S3iFFlm7934IKkGf4N0YJ1UW0Tx/i38zU9Fwi17LiYytapD3nzh6Weg1pbAkEVhe5KsZVLrpcJyQ5WsYuYoTjPc5aAKm9a6DwLLWi4gA2CxjXIfV82hXhDi44GExPmvvEfj0PQ0Dcfi2udcGE3W9OuT8hBKytBf9RdFD/sTkR8QnFg2hmoRqQuEm6XzpVKIuQy57zC9Z7Jyx09zfzobk+bLXJ0u/rT1TmGbPCeW6GrluWKvL7GyRXD1xCQ==

PHP RSA2验证签名的方法

php示例代码

$sign_str='CvpvFjCkfYIJJJWoQl3+S7riT8a5/9dlEqqy/1vU/CIBLeslqXhsZyz2wFpU8dRIx7bUyv3mlGHrfbt44swdD8sUrLA9S3iFFlm7934IKkGf4N0YJ1UW0Tx/i38zU9Fwi17LiYytapD3nzh6Weg1pbAkEVhe5KsZVLrpcJyQ5WsYuYoTjPc5aAKm9a6DwLLWi4gA2CxjXIfV82hXhDi44GExPmvvEfj0PQ0Dcfi2udcGE3W9OuT8hBKytBf9RdFD/sTkR8QnFg2hmoRqQuEm6XzpVKIuQy57zC9Z7Jyx09zfzobk+bLXJ0u/rT1TmGbPCeW6GrluWKvL7GyRXD1xCQ==';
//公钥
$publicKey = '-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmvDCCwuz2tmBbnBF1Vlm
Qrww3xyOpZmRjsRLuGpAcRuH7A5hDiS9TslxoVeF8yZHIFsxPEEFYvlE39FxrBd6
T/UjSsEoK5EJWy9YYbycWA13gATCw0joJHGKS2d/sAVcCewvVe4vOiwyLDMKalwV
4TEfBP4dYySvHPMmsCLGUVXx5ygJTn0eza0mchdnZsVDoO1qHGP1Fj/89eCVOtlM
E4mMJD+uCXFtk4r8fnIJYRm4D34WLa2bI/11B089FUcnVe83UziENHPUqi8UqibJ
HQGkq98ZnHWv4VoNKynixzanbEE8Cu+zmbXliabc5qAMB0N974uGCNj3oSa3XTyS
iQIDAQAB
-----END PUBLIC KEY-----';
$data = array(
    'uid' => '10',
    'name' => 'yuzhi',
    'host' => 'h2sheji.com',
);
$publicKey = openssl_pkey_get_public($publicKey);
$rs = openssl_verify(json_encode($data), base64_decode($sign_str), $publicKey, OPENSSL_ALGO_SHA256);
if ($rs) {
    echo '验签成功';
} else {
    echo '验签失败';
}