PHP pki encryption technology detailed code example

PKI is the abbreviation of Public Key Infrastructure, which translates as public key infrastructure; PKI is a standard-compliant public key encryption technology that provides a security basic platform for the development of e-commerce. technology and specifications.

In the Infrastructure for integrity and accountability services]. Compared with the first concept, this concept not only describes the security services that PKI can provide, but also emphasizes that PKI must support the management of public keys. In other words, just using public key technology cannot be called PKI, and public key management should also be provided. Because PMI only uses public key technology but does not manage public keys, PMI can be described separately without being confused with concepts such as public key certificates. Conceptually distinguishing PKI and PMI in X.509 is beneficial to the description of the standard. However, since PMI uses public key technology, the use and establishment of PMI must first be supported by PKI key management. In other words, PMI has to bind itself to PKI. When we combine the two into one, PMI+PKI falls completely within the scope of PKI defined by the X.509 standard. According to the definition of X.509, PMI+PKI can still be called PKI, and PMI can be regarded as a part of PKI. This article is a detailed analysis and introduction to the pki encryption technology (openssl) in php. Friends in need can refer to it

The code is as follows:

<?php
//pki加密
//使用pki加密需要开启 openssl扩展
//php.ini extension = php_openssl.dll扩展
/*pki模式是
 * 公钥加密，私钥解密；
 * 私钥加密，公钥解密；
 */
//私钥加密，公钥解密
//客户端
//$data数据
$data = &#39;abcd&#39;;
//获取私钥 $priv_key_id
$priv_key_id = openssl_get_privatekey(file_get_contents(&#39;99bill-rsa.pem&#39;, r));
//获取公钥  $pub_key_id
$pub_key_id = openssl_get_publickey(file_get_contents(&#39;99bill-rsa.cer&#39;, r));
//$data首选通过SHA1哈希加密，然后通过$priv_key_id私钥加密，生成签名$signature
//$signature就是加密过的签名
//openssl_sign()加密函数，至于它的解密方法我不知道？？？？？？？？？？？？？？？？？？？？？？
openssl_sign($data, $signature, $priv_key_id, OPENSSL_ALGO_SHA1);
//还有两种加密函数，而且这两种加密函数有解密方法，知道
//第一种：私钥加密，公钥解密
//$data要加密的数据，$crypted是加密生成的数据，$decrypted是解密生成的数据；  $data与$decrypted值相同
//通过$priv_key_id私钥加密，生成$crypted;
openssl_private_encrypt($data, $crypted, $priv_key_id);
echo $crypted;
//通过$pub_key_id公钥解密，生成$decrypted
openssl_public_decrypt($crypted, $decrypted , $pub_key_id);
//第二种：公钥加密，私钥解密
//$data要加密的数据，$crypted是加密生成的数据，$decrypted是解密生成的数据；  $data与$decrypted值相同
//通过$pub_key_id公钥加密，生成$crypted;
openssl_public_encrypt($data, $crypted, $pub_key_id);
//通过$priv_key_id私钥解密，生成$decrypted
openssl_private_decrypt($crypted, $decrypted, $priv_key_id);
//注意事项，我这边的获取公钥与私钥的文件是不对应的
//正常情况，获取公钥与私钥文件是一一对应的，这里我使用快钱的。
//快钱给了私钥生成文件，对应的公钥生成文件在快钱那边
//快钱给了公钥生成文件，对应的私钥生成文件在快钱那边
//也就是缺少了一个公钥生成文件和一个私钥生成文件
//我始终没找到一个一一对应的私钥、公钥生成文件，如果你找的了发我一份，谢谢。
// openssl_verify()方法验证签名是否正确（私钥加密生成的数据返回来，用对应的公钥验证），只有这一种情况。
// $signature公钥加密生成的数据，$data原始数据，成功返回1，失败返回0，错误返回-1
// $pub_key_id公钥
openssl_verify($data, $signature, $pub_key_id);
//从内存中释放私钥或公钥
openssl_free_key($priv_key_id);
openssl_free_key($pub_key_id);

Generate private and public keys
genrsa -out private-rsa.pemrsa -in private-rsa.pem -pubout -out public-rsa.cer

The above is the detailed content of PHP pki encryption technology detailed code example. For more information, please follow other related articles on the PHP Chinese website!