You can use openssl to achieve asymmetric encryption in php. Using asymmetric encryption mainly relies on the public key and private key of openssl, using the public key to encrypt the private key to decrypt, or the private key to encrypt and decrypt the public key. It is simple. Asymmetric encryption algorithms require two keys for encryption and decryption.
Recommended: "PHP Video Tutorial"
php uses openssl to achieve asymmetry Encryption
First explain what asymmetric encryption is:
Symmetric encryptionAlgorithmThe same secret key is used for encryption and decryption. ;The asymmetric encryption algorithm requires two keys for encryption and decryption. These two secret keys are public keys(public key, referred to as public key for short) key) and private key (private key, referred to as private key).
As shown in the figure above, asymmetric encryption is used between Party A and Party B to complete the secure transmission of important information.
#1. Party B generates a pair of keys (public key and private key) and discloses the public key to other parties. (The other party is the trusting party)
2. Party A who obtains the public key uses the key to encrypt the confidential information and then sends it to Party B.
3. Party B then uses another dedicated key (private key) saved by itself to decrypt the encrypted information. Party B can only use its private key (private key) to decrypt the information encrypted by the corresponding public key.
During the transmission process, even if the attacker intercepts the transmitted ciphertext and obtains B's public key, he cannot decipher the ciphertext because only B's private key can decrypt the ciphertext.
Similarly, if B wants to reply to encrypted information to A, then A needs to first publish A's public key to B for encryption, and A himself saves A's private key for decryption.
Asymmetric encryption has better security than symmetric encryption: In symmetric encryption, both parties to the communication use the same secret key. If one party's secret key is leaked, the entire communication will be cracked. Asymmetric encryption uses a pair of secret keys, one for encryption and one for decryption. The public key is public and the secret key is kept by itself. There is no need to synchronize the secret key before communication like symmetric encryption.
The disadvantage of asymmetric encryption is that encryption and decryption take a long time and are slow, and are only suitable for encrypting a small amount of data.
The main algorithms used in asymmetric encryption are: RSA, Elgamal, backpack algorithm, Rabin, D-H, ECC (elliptic curve cryptography algorithm), etc.
Different algorithms have different implementation mechanisms. Please refer to the detailed information of the corresponding algorithm.
Using asymmetric encryption mainly relies on the public key and private key of openssl, using public key encryption and private key decryption, or private key encryption and public key decryption.
1. Install the openssl extension of openssl and php
2. Generate private key: openssl genrsa is used to generate rsa private key file. The private key length and password protection can be specified during generation
openssl genrsa -out rsa_private_key.pem 1024
3. Generate public key: rsa command is used to process RSA keys, format conversion and print information
openssl rsa -in rsa_private_key.pem -pubout -out rsa_public_key.pem
4. Here we use private key encryption and public key decryption
<?php /** * 使用私钥加密,公钥解密 * 密钥文件的路径 */ $privateKeyFilePath = 'rsa_private_key.pem'; /** * 公钥文件的路径 */ $publicKeyFilePath = 'rsa_public_key.pem'; extension_loaded('openssl') or die('php需要openssl扩展支持'); (file_exists($privateKeyFilePath) && file_exists($publicKeyFilePath)) or die('密钥或者公钥的文件路径不正确'); /** * 生成Resource类型的密钥,如果密钥文件内容被破坏,openssl_pkey_get_private(获取私钥)函数返回false */ $privateKey = openssl_pkey_get_private(file_get_contents($privateKeyFilePath)); /** * 生成Resource类型的公钥,如果公钥文件内容被破坏,openssl_pkey_get_public(获取公钥)函数返回false */ $publicKey = openssl_pkey_get_public(file_get_contents($publicKeyFilePath)); ($privateKey && $publicKey) or die('密钥或者公钥不可用'); /** * 原数据 */ $originalData = '啦啦啦'; /** * 加密以后的数据, */ $encryptData = ''; //echo '原数据为:', $originalData, PHP_EOL; //openssl_private_encrypt — 使用私钥加密数据 //openssl_private_encrypt() 使用私钥 key 加密数据 data 并且将结果保存至变量 crypted中。 //加密后的数据可以通过openssl_public_decrypt()函数来解密。 if (openssl_private_encrypt($originalData, $encryptData, $privateKey)) { /** * 加密后 可以base64_encode后方便在网址中传输 或者打印 否则打印为乱码 * PHP_EOL就是其中的一个,代表php的换行符,这个变量会根据平台而变,在windows下会是/r/n,在linux下是/n,在mac下是/r */ echo '加密成功,加密后数据(base64_encode后)为:', base64_encode($encryptData), PHP_EOL; } else { die('加密失败'); }
5. Now that we have completed the encryption, how should we decrypt it at that time? Because it is private key encryption and public key decryption,
so as long as we know what our public key is, we can use the generated ciphertext to decrypt: (I annotated the relevant knowledge of decryption on the code , to facilitate everyone’s understanding)
/** * 解密以后的数据 * openssl_public_decrypt使用公钥解密数据 */ $publicKeyFilePath = 'rsa_public_key.pem';//生成的公钥文件 //openssl_pkey_get_public使用公钥解密 $publicKey = openssl_pkey_get_public(file_get_contents($publicKeyFilePath)); //print_r($publicKey);exit; ($publicKey) or die('密钥或者公钥不可用'); //下面是我即将进行解密的密文 $encryptData='ldFrMgl9qLWbPEQDt8DMCfzq4WAR2eEfZFmjyE8XUh/+SmkzoDhhOitIr++5muxj8klCqH0KCQqUV6RLRW34z5R5SbYCy82hdIMLjmPqx32LKg2e8iRuR7HreC6rW0CGxaeUlrSDz9M72c/GKjnQLlg66Tsjp0XtwT6PTPXH9ws='; //因为我们加密后数据展示的是base64_encode后(上一行), //所以我们应该还原为原来的密文,如果直接将原本的密文copy过来解密的话也许会导致部分的密文丢失,进一步解密失败; $encryptData=base64_decode($encryptData); $decryptData =''; if (openssl_public_decrypt($encryptData, $decryptData, $publicKey)) { echo '解密成功,解密后数据为:', $decryptData, PHP_EOL; } else { die('解密失败'); }
If there is anything wrong, please point it out, I hope it will be helpful to everyone.
The above is the detailed content of How to implement asymmetric encryption in php. For more information, please follow other related articles on the PHP Chinese website!