PHP使用OpenSSL生成证书及加密解密

php使用openssl加密解密数据步骤分解

<?php

/**
 * PHP使用OpenSSL生成证书及加密解密
 * Class Rsa
 */
class Rsa {

    public $publicKey  = '';
    public $privateKey = '';

    /**
     * 获取证书文件
     * @param $publicKey
     * @param $privateKey
     */
    public function __construct($publicKey, $privateKey) {

        $this->publicKey = $publicKey;
        $this->privateKey = $privateKey;
    }

    /**
     * 加密解密
     * @param $string
     * @param string $operation
     * @return string
     */
    public function authcode($string, $operation = 'encrypt') {

        if (!(file_exists($this->publicKey) || file_exists($this->privateKey))) {
            echo '秘钥文件不存在';
            return false;
        }
        $publicKey = openssl_pkey_get_public(file_get_contents($this->publicKey));
        $privateKey = openssl_pkey_get_private(file_get_contents($this->privateKey));
        if (!($privateKey || $publicKey)) {
            echo '证书错误';
            return false;
        }
        $data = "";
        if ($operation == 'decrypt') {
            openssl_private_decrypt(base64_decode($string), $data, $privateKey);
        }
        else {
            openssl_public_encrypt($string, $data, $publicKey);
            $data = base64_encode($data);
        }
        return $data;
    }

    /**
     * 生成证书
     * @return bool
     */
    public function exportOpenSSLFile() {

        $publicKey = $privateKey = '';

        //参数设置
        $config = [
            "digest_alg"       => "sha512",
            //文件路径根据自己的要求进行填充
            "config"           => "./conf/openssl.cnf",
            //字节数    512 1024  2048   4096 等
            "private_key_bits" => 1024,
            //加密类型
            "private_key_type" => OPENSSL_KEYTYPE_RSA,
        ];

        //创建私钥和公钥
        $res = openssl_pkey_new($config);
        if ($res == false) {
            //创建失败,请检查openssl.cnf文件是否存在
            echo '生成秘钥失败';
            return false;
        }

        //将密钥导出为PEM编码的字符串，并输出（通过引用传递）。
        openssl_pkey_export($res, $privateKey, null, $config);
        $publicKey = openssl_pkey_get_details($res);
        $publicKey = $publicKey["key"];

        //生成证书
        $createPublicFileRet = file_put_contents($this->publicKey, $publicKey);
        $createPrivateFileRet = file_put_contents($this->privateKey, $privateKey);
        if (!($createPublicFileRet || $createPrivateFileRet)) {
            echo '创建秘钥文件失败';
            return false;
        }

        openssl_free_key($res);
        return true;
    }
}

$certPublic = "./conf/cert_public.key";
$certPrivate = "./conf/cert_private.key";

$rsaObj = new Rsa($certPublic, $certPrivate);
//生成一个证书
$rsaObj->exportOpenSSLFile();
//原始数据
$sourceDat = '{"name":"jack","age":"22","address":"beijing"}';
echo 'source data:' . PHP_EOL, $sourceDat . PHP_EOL;
//加密
$encryptStr = $rsaObj->authcode($sourceDat);
echo 'string encrypt:' . PHP_EOL, $encryptStr . PHP_EOL;
//解密
$decryptStr = $rsaObj->authcode($encryptStr, 'decrypt');
echo 'string decrypt:' . PHP_EOL, $decryptStr . PHP_EOL;

/*
打印结果:
source data:
{"name":"jack","age":"22","address":"beijing"}
string encrypt:
teZXimlTfb3lqttxMoYd9L+0mSa2CiZ1UZdzYhZio4vZgxTXzBkZ0ruPv67l6CfgiSr87awMiHiC3RAFOCSpRxh9Ls03D2ZyRh6Va1oZboMf7Cz6L/oBiXFn3eki22U8dP0KIe
mVljLOP6L35Iy6WQpxTg49pRX3T78FEW0H2xo3VIUD4By6Z9UnW2QYNMad8lB0qKYnjPIzUf+UTDl0jyeFrAsKXaltCJMnuDcuCvEtS68v0+aL50Ce8H7hMQInxSAk0jBwC9bv
J0fhZD42h8x2mHqa+UlEWb7YUcsrWAfDFiEancLEZL7v50I1H4u50Ex22grb/fkLyD8JeaqnLrwVS4y4J8Ih+r1W0uVbW6HM5jbnTc6VKf9EpEjOYIg20JTpMRY4gBxZdl7SVI
kov5eMeCH4KKuNEUUXYQpsUGTx+rl5nt7f4RHZiQXTYEQN6Z/FN/cTo2rxDvOPRPq2G2G9uzHy8z6aU1N280iZdLbg6SJWZMk/2qH5CmCksVA2UkkAZaAa3Df5RHxe/I1NwVML
dNxQbwluS2XNPeFKZj2lFndtofhTwdWSq7F2TEKz2mUtAFWWVYMY5FxRKEA6mxmUMvVQm9P+YIqm/3+5LMqFLLVZVBHW+JbVcP9aQC1tYkK3hHXFZqMWOh6klLifQOUXHa5Qd0
Nz5LumIzrIv4k=
string decrypt:
{"name":"jack","age":"22","address":"beijing"}
 */