使用非对称加密主要是借助openssl的公钥和私钥,用公钥加密私钥解密,或者私钥加密公钥解密。
1.linux需要安装openssl和php的openssl扩展
2.生成私钥:openssl genrsa 用于生成rsa私钥文件,生成是可以指定私钥长度和密码保护
openssl genrsa -out rsa_private_key.pem 1024
3.生成公钥:rsa命令用于处理RSA密钥、格式转换和打印信息
openssl rsa -in rsa_private_key.pem -pubout -out rsa_public_key.pem
4.测试代码
<?php
//密钥
$secret = 'e10adc3949ba59abbe56e057f20f883e';
//测试数据
$_POST = array();
$_POST['id'] = 1;
$_POST['name'] = 'zhansan';
//生成签名
$sign = MakeSign($_POST, $secret);
$public_key = '-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDAbfx4VggVVpcfCjzQ+nEiJ2DL
nRg3e2QdDf/m/qMvtqXi4xhwvbpHfaX46CzQznU8l9NJtF28pTSZSKnE/791MJfV
nucVcJcxRAEcpPprb8X3hfdxKEEYjOPAuVseewmO5cM+x7zi9FWbZ89uOp5sxjMn
lVjDaIczKTRx+7vn2wIDAQAB
-----END PUBLIC KEY-----';
//打印签名
echo $sign;
echo '<br>';
//利用公钥加密签名
openssl_public_encrypt($sign, $token, $public_key);
//token为加密的sign,后面用私钥解密获取sign
$token = base64_encode($token);
//打印token
echo $token;
echo '<br>';
//rsa 私钥
$private_key='-----BEGIN RSA PRIVATE KEY-----
MIICXQIBAAKBgQDAbfx4VggVVpcfCjzQ+nEiJ2DLnRg3e2QdDf/m/qMvtqXi4xhw
vbpHfaX46CzQznU8l9NJtF28pTSZSKnE/791MJfVnucVcJcxRAEcpPprb8X3hfdx
KEEYjOPAuVseewmO5cM+x7zi9FWbZ89uOp5sxjMnlVjDaIczKTRx+7vn2wIDAQAB
AoGAZzUWajxKTZeJqh5FjBgmwZi5M7voFynZAjRWAkCkqZye0FfY7e70kA92C1AL
aVqySnNr4WYZuGorEeOFGqHIv1XSowTLgfLkVBZ/SXiep2QYJrR0YevjysvLnTfb
mrdWCqWSj+0AlQg+AvDA/qtvBVMxKymbpo+4bj5H2pPPZ1ECQQDi1PwJQJBYPbpL
vGmP3AmWg467tCeQ+aJGgtQTOK5BH+p0BWFVDX583R437vllkKI8EXgZfqQfsQcj
7XUAXyZVAkEA2SyFbO8roH9JLrEoxxKGeiGZvhPfNl9nXLhX0OFS0ywQaVBJno39
9W5bX5iP5Jzeb3UWsZ/TxzhGc/b4WjAlbwJBAOFuIn1feRT5Y+hY++BJIg4/+N57
EMd4ENpas0HXFvcKLQvZPP42Rvr5FksoaRuTPmjMQ7uyrJICccI3AAy6g3ECQQDE
AyH9+zRmLNxRj0advsOvUcpgu7DYc21oS12/Qs+tl3TMiNGZkNDphwxjkOA217sP
4B92fCn6AnncSslHJXNzAkBo6ujxqIfrZMOG3ON9nXxkWlq39GFS6CzXWscHA3Xz
FMVT1WWU3FR2Kf2QSKiMGv02YcI2xfowim3JnT6600N0
-----END RSA PRIVATE KEY-----';
$token = base64_decode($token);
//利用私钥解密获取sigi签名
openssl_private_decrypt($token, $sign2, $private_key);
//打印sign
echo $sign2;
echo '<br>';
if($sign2 == MakeSign($_POST, $secret)){
exit('token校验成功');
}else{
exit('token校验失败') ;
}
/**
* 生成签名
* 备注:sign不参与签名
* $data # 数组
* $secret # 密钥
*/
function MakeSign($data = '', $secret = '')
{
//签名步骤一:按字典序排序参数
ksort($data);
//签名步骤二:格式化成url参数
$buff = "";
foreach ($data as $k => $v)
{
if($k != "sign"){
$buff .= $k . "=" . $v . "&";
}
}
$string = trim($buff, "&");
//签名步骤三:在string后加入KEY
$string = $string . "&secret=".$secret;
//签名步骤四:MD5加密
$string = md5($string);
//签名步骤五:所有字符转为大写
$result = strtoupper($string);
return $result;
}
测试结果
签名
AB1FAD5119B796DD87FAF8C88D57EF86
加密后的签名用于传输
sEHmlQqxShwDYcoEEDwIh7Aa7BYDbvOQmVUqlPppwWLpta4+Xxb+GTaQopsuKBgQ1sJgQahuOjvohHuSgj9tRQt4VtqItHyEA+Yj8NNZcZzxMB5AoLeVkc+D51A2jBkksiujdUCMNMjCaF8L/BhHGZaaXK5GOk6E4HPIIkeOU6o=
解密后的签名
AB1FAD5119B796DD87FAF8C88D57EF86
判断签名是否一致,校验成功