PHP uses OpenSSL to generate certificates and encrypt and decrypt sample code

OpenSSL is a Secure Sockets Layer cryptographic library that includes major cryptographic algorithms, commonly used key and certificate encapsulation management functions, and SSL protocols, and provides a wealth of applications for testing or other purposes use.

After OpenSSL was exposed to serious security vulnerabilities, it was discovered that most websites encrypted through the SSL protocol use an open source software package called OpenSSL. The OpenSSL vulnerability not only affects websites starting with https, hackers can also use this vulnerability to directly launch "Heartbleed" attacks on personal computers. According to analysis, a large number of software on Windows use the vulnerable OpenSSL code library and may be attacked by hackers to capture the memory data on the user's computer.

This article mainly introduces the use of OpenSSL to generate certificates and encryption and decryption in PHP. Friends who need it can refer to it

Depends on OpenSSL extension

/*加密解密*/
function authcode($string, $operation = 'E') {
  $ssl_public = file_get_contents(DATA_PATH."/conf/cert_public.key");
  $ssl_private = file_get_contents(DATA_PATH."/conf/cert_private.pem");
  $pi_key = openssl_pkey_get_private($ssl_private);//这个函数可用来判断私钥是否是可用的，可用返回资源id Resource id
  $pu_key = openssl_pkey_get_public($ssl_public);//这个函数可用来判断公钥是否是可用的
  if(false == ($pi_key || $pu_key)) return '证书错误';
  $data = "";
  if($operation=='D'){
    openssl_private_decrypt(base64_decode($string),$data,$pi_key);//私钥解密
  }else{
    openssl_public_encrypt($string,$data,$pu_key);//公钥加密
    $data = base64_encode($data);
  }
  return $data;
}
/*生成证书*/
function exportOpenSSLFile(){
  $config = array(
    "digest_alg"    => "sha512",
    "private_key_bits" => 4096,           //字节数  512 1024 2048  4096 等
    "private_key_type" => OPENSSL_KEYTYPE_RSA,   //加密类型
  );
  $res = openssl_pkey_new($config);
  if($res == false) return false;
  openssl_pkey_export($res, $private_key);
  $public_key = openssl_pkey_get_details($res);
  $public_key = $public_key["key"];
  file_put_contents(DATA_PATH."/conf/cert_public.key",$public_key);
  file_put_contents(DATA_PATH."/conf/cert_private.pem",$private_key);
  openssl_free_key($res);
}

The above is the detailed content of PHP uses OpenSSL to generate certificates and encrypt and decrypt sample code. For more information, please follow other related articles on the PHP Chinese website!