【加密与解密】
在一些数据传输的过程中,使用最广的安全加密方法都是用的rsa2,下面说说在php中RSA2的加密,解密以及接口签名和验签的方法。
RSA加密算法
RSA加密算法又称为非对称加密,是提利用两个密钥来进行加密和解密,这两个秘钥分别是公钥(public key)和私钥(private key),非对称加密适合于对安全性要求很高的场景,适合加密少量数据,比如支付数据、CA数字证书等。
常见的非对称加密算法分为 RSA RSA2
非对称加密的优点:需要两组不同的密钥,安全性高,并且两个密钥可以互相解密
非对称加密的缺点:速度慢,只适合对少量的数据进行加密
PHP RSA2 加密算法的方法
RSA2 所使用的公钥和私钥可以利用一些在线工具生成,也可以在liunx系统中通过命令生成。
示例:
//公钥
$publicKey = '-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmvDCCwuz2tmBbnBF1Vlm
Qrww3xyOpZmRjsRLuGpAcRuH7A5hDiS9TslxoVeF8yZHIFsxPEEFYvlE39FxrBd6
T/UjSsEoK5EJWy9YYbycWA13gATCw0joJHGKS2d/sAVcCewvVe4vOiwyLDMKalwV
4TEfBP4dYySvHPMmsCLGUVXx5ygJTn0eza0mchdnZsVDoO1qHGP1Fj/89eCVOtlM
E4mMJD+uCXFtk4r8fnIJYRm4D34WLa2bI/11B089FUcnVe83UziENHPUqi8UqibJ
HQGkq98ZnHWv4VoNKynixzanbEE8Cu+zmbXliabc5qAMB0N974uGCNj3oSa3XTyS
iQIDAQAB
-----END PUBLIC KEY-----';
//下面是要加密的数据
$data = [
'uid' => '10',
'name' => 'yuzhi',
'host' => 'h2sheji.com',
];
$publicKey = openssl_pkey_get_public($publicKey);
//加密后的数据进行base64加密
$rs = openssl_public_encrypt(json_encode($data), $encrypted, $publicKey) ? base64_encode($encrypted) : null;
//输出加密后的字符串
echo $rs;
输出结果
TYyS0iKUn3OkVTAEO3OJkcQAfjALIVOnMsKIZEJpf16wilT+61r7/1obZmtRg8iIFb/Fqi+VWCkx44Z6t1ummj6hCu4SUBKvsgutbB+HFybycu8QSC8Z/Nc5kCLe0LWJJqHAXz33uPd6qPj/EGziRD2d6vUg9OuNZ3e6pFyUzXMU+H9bPaN+D3Bu9i8C4RakW7zKrlFyiuYO4El+oNw7HD+gVVDw2n0O7VY35Yb/03kLETAAUqIHwOWE7lCETwUlWJYPF6Gk2GNs1JFsbGPdhJcDC6rkF0OMOYpi1/R+y79HpEFNOzw0EjG4wBLTgvynn3yQgaXjejdfzNc9+ikSOA==
PHP RSA2 解密算法的方法
我们哪上面的加密的输出数据来解密
示例
输出结果
Array
(
[uid] => 10
[name] => yuzhi
[host] => h2sheji.com
)
【签名,验签】
在进行数据请求的时候,为了防止数据在传输的过程中被截取或篡改,可以使用签名认证,而RSA2就可以胜任这个工作。原理就是数据发送端根据发送的数据使用RSA2加密,然后将加密后的字符串发送给接受端,接受端解密验证即可!
注意,RSA2进行数据签名时应在数据发送方完成,并使用RSA私钥进行签名,在接受数据端使用公钥进行验签即可!
生成签名
示例
//私钥
$privateKey = '-----BEGIN PRIVATE KEY-----
MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCa8MILC7Pa2YFu
cEXVWWZCvDDfHI6lmZGOxEu4akBxG4fsDmEOJL1OyXGhV4XzJkcgWzE8QQVi+UTf
0XGsF3pP9SNKwSgrkQlbL1hhvJxYDXeABMLDSOgkcYpLZ3+wBVwJ7C9V7i86LDIs
MwpqXBXhMR8E/h1jJK8c8yawIsZRVfHnKAlOfR7NrSZyF2dmxUOg7WocY/UWP/z1
4JU62UwTiYwkP64JcW2Tivx+cglhGbgPfhYtrZsj/XUHTz0VRydV7zdTOIQ0c9Sq
LxSqJskdAaSr3xmcda/hWg0rKeLHNqdsQTwK77OZteWJptzmoAwHQ33vi4YI2Peh
JrddPJKJAgMBAAECggEADwsPG/lv5fC2Q129OgCrEBGrgQ4Jv4RQgJcIbwhJ53Fv
2fhvbesdQjgGw053H+t4fmi8OAhsGHbxO/Xe3oGNC5RWb9yfJNO5H9RR9XNVjqsI
DjLoIgPDHj6z2axb1mA+1mvLEMHGbhR6bpYqDbeRHEMjqt1tRwH5yorFF9bYgG78
FYGrGgBQRA1lY9Pg8s7HxzvNeNjMjkblarMWKZulmLQWVzP/PFLhhxOt7M6UrvDp
iem+/+XOd0gjLXUsMx0A1umga9DGqPdW+vQ4Ot3OiYAzV7jVpXoUvs6sElAxFbhH
AV3JSATKZCrdUcZBF7QqiFGyHRyxpwk5v8rEBzBn8QKBgQDL2ewDea7/4fp3xH1x
Fl3l0R7hQcrrCkNAnAQyjutaLp350InL4CznmDfY+3q8j29b0S2o8yfz2xOCL1KR
6TBGtjuLwM67PvzZNlZeipQUETZ/h2kE/pF2BOeUK2spH9Bq02qcxBwhQiRNFmu+
174EkTGHl7CxXIJ38iaifr5D9QKBgQDCk7OmabB1Z/MoStHQYym/LI9NAHxq7IHW
ZdR3FPG38ffhiIW1Fnlvabb0qUmOVj+GAwpDuQ+3k1HkIoYd8b5ytjadJp9GdGYL
5VWqnQROzXvaWmfxrq3xfLeOkHN5Z/Af9zt/3OQhiBQ2DkOm7l1VIX34KVA9KwkE
+TVv6tPLxQKBgF4RJ6nK4whNHSlbUI94xMeiIl/L3nlrePE9jWpPLSemT1vR8WRV
BCOyyEKmeVK91aNG+Yz29769n1j5wV53fsGCoiOxSzR4snEBdAWYaRCBiOZ8c+fM
GQ+e38Yt6vtFJQXGnXHNxTVLsjioWfvszlCJN5PcWbred44l/dIKLn5pAoGALsFX
NfHHmS61W0U/TZfGfE200YgAXaEfQemOOF8sBkt6iRNJLc6Mt5zrfbcAGdfXw9gP
K17Yy//2eZ9iIufoH6BxVynktAVcUBd3klvQoS73R+zZdVXILnMNmJBVbyLurH+4
KG1n1DbixGqBDyfP/ZjisDMdONWSgUNw98exxRECgYBiClGPWa4OQAl7FGD7vfp8
0Jz0JKf9DKimXO6i8HFnapO6Fko0nVn2MjaPeF93smV3Kosx+pZuqOzK5aEE7rLC
7Qpc9qoiVMD2SJJvZAuL1kKOHyBbZs8fpaHJcPN3aIIjkDphgaeYokJQ5qixB39u
PNOOMZ+rikAEshVb201T5A==
-----END PRIVATE KEY-----';
//下面是要加密的数据
$data = [
'uid' => '10',
'name' => 'yuzhi',
'host' => 'h2sheji.com',
];
$privateKey = openssl_pkey_get_private($privateKey);
$sign_str = openssl_sign(json_encode($data), $sign, $privateKey, OPENSSL_ALGO_SHA256) ? base64_encode($sign) : null;
//输入签名
echo $sign_str;
输出结果:
CvpvFjCkfYIJJJWoQl3+S7riT8a5/9dlEqqy/1vU/CIBLeslqXhsZyz2wFpU8dRIx7bUyv3mlGHrfbt44swdD8sUrLA9S3iFFlm7934IKkGf4N0YJ1UW0Tx/i38zU9Fwi17LiYytapD3nzh6Weg1pbAkEVhe5KsZVLrpcJyQ5WsYuYoTjPc5aAKm9a6DwLLWi4gA2CxjXIfV82hXhDi44GExPmvvEfj0PQ0Dcfi2udcGE3W9OuT8hBKytBf9RdFD/sTkR8QnFg2hmoRqQuEm6XzpVKIuQy57zC9Z7Jyx09zfzobk+bLXJ0u/rT1TmGbPCeW6GrluWKvL7GyRXD1xCQ==
PHP RSA2验证签名的方法
php示例代码
$sign_str='CvpvFjCkfYIJJJWoQl3+S7riT8a5/9dlEqqy/1vU/CIBLeslqXhsZyz2wFpU8dRIx7bUyv3mlGHrfbt44swdD8sUrLA9S3iFFlm7934IKkGf4N0YJ1UW0Tx/i38zU9Fwi17LiYytapD3nzh6Weg1pbAkEVhe5KsZVLrpcJyQ5WsYuYoTjPc5aAKm9a6DwLLWi4gA2CxjXIfV82hXhDi44GExPmvvEfj0PQ0Dcfi2udcGE3W9OuT8hBKytBf9RdFD/sTkR8QnFg2hmoRqQuEm6XzpVKIuQy57zC9Z7Jyx09zfzobk+bLXJ0u/rT1TmGbPCeW6GrluWKvL7GyRXD1xCQ==';
//公钥
$publicKey = '-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmvDCCwuz2tmBbnBF1Vlm
Qrww3xyOpZmRjsRLuGpAcRuH7A5hDiS9TslxoVeF8yZHIFsxPEEFYvlE39FxrBd6
T/UjSsEoK5EJWy9YYbycWA13gATCw0joJHGKS2d/sAVcCewvVe4vOiwyLDMKalwV
4TEfBP4dYySvHPMmsCLGUVXx5ygJTn0eza0mchdnZsVDoO1qHGP1Fj/89eCVOtlM
E4mMJD+uCXFtk4r8fnIJYRm4D34WLa2bI/11B089FUcnVe83UziENHPUqi8UqibJ
HQGkq98ZnHWv4VoNKynixzanbEE8Cu+zmbXliabc5qAMB0N974uGCNj3oSa3XTyS
iQIDAQAB
-----END PUBLIC KEY-----';
$data = array(
'uid' => '10',
'name' => 'yuzhi',
'host' => 'h2sheji.com',
);
$publicKey = openssl_pkey_get_public($publicKey);
$rs = openssl_verify(json_encode($data), base64_decode($sign_str), $publicKey, OPENSSL_ALGO_SHA256);
if ($rs) {
echo '验签成功';
} else {
echo '验签失败';
}