FilesExpand file tree

 master

/

openssl_crypt.php

Copy path

Blame

More file actions

Blame

More file actions

Latest commit

 

History

History

History

executable file

·

219 lines (185 loc) · 7.44 KB

 master

/

openssl_crypt.php

Top

File metadata and controls

• Code
• Blame

executable file

·

219 lines (185 loc) · 7.44 KB

Raw

Copy raw file

Download raw file

Open symbols panel

Edit and raw actions

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58

59

60

61

62

63

64

65

66

67

68

69

70

71

72

73

74

75

76

77

78

79

80

81

82

83

84

85

86

87

88

89

90

91

92

93

94

95

96

97

98

99

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

<?php

/**

*

* http://blog.csdn.net/clh604/article/details/20224735/

* http://www.oschina.net/code/snippet_248412_18578

*

* 用 PRIVATE KEY 生成 PUBLI CKEY

* openssl genrsa -out key.pem 1024

* openssl rsa -in key.pem -pubout -out pubkey.pem

*

* 从证书中提取 PUBLIC KEY

* openssl x509 -pubkey -in cert.pem -out pubkey.pem

*

* 对应的PHP语法

* openssl_pkey_get_public(mixed $certificate);

*

* RSA一般有两种应用场景

* 1. 公钥加密\私钥解密,用于数据安全通信

* 2. 私钥加密\公钥解密,主要用于数字签名

*

* 用 pkcs7 加解密时务必使用绝对路径

*

*

*/

if (!extension_loaded('openssl')) exit("no openssl extension loaded.");

echo "<pre>\r\n\r\n<center>如果能读懂, 说明加密及解密成功\r\n\r\n";

$string = "This is a read able string.你好";

/************ RSA Method ****************/

$passwd = 'abc123';

$enstr = encrypted($string, $passwd);

$destr = decrypted($enstr, $passwd);

echo $destr . "\r\n\r\n";

/************ RSA KEY ****************/

$key = pw_key()['key'];

$pub = pw_key()['pub'];

$type = 'private';

$enstr = rsa_encrypted($string, $type, $key);

echo rsa_decrypted($enstr, $type, $pub) . "\r\n\r\n";

//echo chunk_split($enstr, 76);

/************ PKCS7 ****************/

pkcs7_encrypt($string) . " => ";

echo pkcs7_decrypt($enc_file = null);

/************ 函数区 ****************/

function encrypted($string, $passwd){

$iv = "1234567812345678";

$options = '0';

$method = 'aes-256-cfb';

$enc_string = openssl_encrypt($string, $method, $passwd, $options, $iv);

return $enc_string;

}

function decrypted($enc_string, $passwd){

$iv = "1234567812345678";

$options = '0';

$method = 'aes-256-cfb';

$dec_string = openssl_decrypt($enc_string, $method, $passwd, $options, $iv);

return $dec_string;

}

# 若用 $key 加密,则用 $pubkey 解密,两者可以互换

function rsa_encrypted($src, $type = 'private', $key){

# 对明文进行分片段(块)加密

# ceil()进一法取整, 对余数$rem 用空格补充为整数后多加两个空格

$chunks = 64;

$max = ceil(strlen($src) / $chunks);

$rem = $chunks - strlen($src) % $chunks;

$src = str_pad($src, strlen($src) + $rem);

$src .= ' ';

$output = '';

while($src){

$input = substr($src, 0, $max);

$src = substr($src, $max);

if($type == 'private'){

$ok = openssl_private_encrypt($input, $enc_string, $key);

}else{

$ok = openssl_public_encrypt($input, $enc_string, $key);

}

$output .= $enc_string;

}

return base64_encode($output);

}

function rsa_decrypted($enc_string, $type = 'private', $pubkey){

# 循环拆分为128字节片段进行解密

$src = base64_decode($enc_string);

$max = 128;

$output = '';

while($src){

$input = substr($src, 0, $max);

$src = substr($src, $max);

if($type == 'private'){

$ok = openssl_public_decrypt($input, $out, $pubkey);

}else{

$ok = openssl_private_decrypt($input, $out, $pubkey);

}

$output .= $out;

}

return trim($output);

}

function pkcs7_encrypt($string){

$cert = pw_key()['cert'];

$src_file = file_path()['src'];

$enc_file = file_path()['enc'];

file_put_contents($src_file, $string);

$headers = array(

"To" => "[email protected]",

"From" => "webmaster<[email protected]>",

"Reply-to" => "[email protected]",

"Subject" => "Test",

"Date" => date("r"),

"X-Mailer" => "Bynews(PHP/" . phpversion() . ")"

);

openssl_pkcs7_encrypt($src_file, $enc_file, $cert, NULL); # $headers替换null

$enc = file_get_contents($enc_file);

unlink($src_file);

return $enc;

}

function pkcs7_decrypt($enc_file){

$cert = pw_key()['cert'];

$key = pw_key()['key'];

$passwd = pw_key()['pw'];

if(empty($enc_file)) $enc_file = file_path()['enc'];

$dec_file = file_path()['dec'];

openssl_pkcs7_decrypt($enc_file, $dec_file, $cert, array($key, $passwd));

$dec = file_get_contents($dec_file);

unlink($dec_file);

return $dec;

}

# pkcs7 加解密方法中需要的文件

function file_path(){

$path = getcwd();

$src_file = $path . 'msg.inc';

$enc_file = $path . 'msg.inc_smime.p7m';

$dec_file = $path . 'msg.inc.dec';

return array('src' => $src_file, 'enc' => $enc_file, 'dec' => $dec_file);

}

# 私钥\私钥密码\证书

function pw_key(){

$passwd = 'mm123456';

$private_key =

-----BEGIN RSA PRIVATE KEY-----

MIICXgIBAAKBgQC1z3t8kIIjLYoYlIma0qPJ8sFJZXRdwUo6qATQilkXuUrQEttR

J/EgzDIn8L7IcfUjxHYAEJPyckEaKosGlNvo3FjJ+XEtVFCjLFqN0FrE7kpq+6FA

5bFXLMuqB5i8FOzVPMnVIr+6n/WGeE+rRGIUTUuNcELJRT9SBbjtsXPQtQIDAQAB

AoGBAJS3q2MxMcJktdl1Zznlo2TF1aWb/5vRSE7CsW2EPWxSfQfG5O91pKAXZ8+T

9fswfD1NrthOtzZSjz5AHoi7q0VkyKg+aHZyj0w5CQpSmJLkMJpveSQV/8ehiSWz

Z9e7chq+1hSg5A2ICjxNz29F29e8uDOSny8B5a9ZzdwmB4nhAkEA7H/Q4mDAoVDj

jlAmMDnun69iV2Q19+ERtW7aGupvksTwZ/mABIfhhZIZm36kq5Q4b0TKyTiMgTZv

uhyeu8epewJBAMTNQkD4QchTw2XbUoUa0CIyXQg8y+XPhMNEyTeb8kGyu66RgoIn

lLzn+EQZqgFQOEc9C7jKlT1E+MLk+xW+348CQQDdCFxupySB4Dq9MFVwr0RBREZy

DPuPj2/glRkNHNxoXN2fH4WxNlnlX3XFaSh4H9Ba1f188PgIb5seY09Li0DvAkEA

msdv/xcA7aPrPnWS3fprjSmc/3iJSDHAka7Mrj6o9kCy2SW5xdGJalTqbezdRvEn

geeiC3DQlQJkvytFyiF3QwJAVidp6GnuoFqUScSXzB2xXV5R+9T0hPlqiSJAiXPN

20epQSumQ3NRork2e2FH6rXK+5DEbHacQeoXouFViWYr3g==

-----END RSA PRIVATE KEY-----';

$certificate =

-----BEGIN CERTIFICATE-----

MIIENDCCA52gAwIBAgICAUMwDQYJKoZIhvcNAQEFBQAwgdUxNDAyBgNVBAMTK1Jh

bmdlcnMgUGVyc29uYWwgRnJlZSBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxGjAYBgkq

hkiG9w0BCQEWC2NlcnRAUlBGLkNBMSAwHgYDVQQKExdSYW5nZXJzIE5ldHdvcmtz

IENvLkx0ZDEXMBUGA1UECxMOUEhQIExhYm9yYXRvcnkxETAPBgNVBAcTCFlpbmNo

dWFuMSYwJAYDVQQIEx1OaW5neGlhIEh1aSBBdXRvbm9tb3VzIFJlZ2lvbjELMAkG

A1UEBhMCQ04wHhcNMTAwNzAzMDQwOTMyWhcNMTEwNzAzMDQwOTMyWjCBrTEiMCAG

CSqGSIb3DQEJARYTaW5mb0B5b3Vyc2hlbGwuaW5mbzENMAsGA1UEAxMEd2FsazEL

MAkGA1UEBhMCQ04xJjAkBgNVBAgTHU5pbmd4aWEgSHVpIEF1dG9ub21vdXMgUmVn

aW9uMREwDwYDVQQHEwhZaW5jaHVhbjEgMB4GA1UEChMXUmFuZ2VycyBOZXR3b3Jr

cyBDby5MdGQxDjAMBgNVBAsTBVN0YWZmMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB

iQKBgQC1z3t8kIIjLYoYlIma0qPJ8sFJZXRdwUo6qATQilkXuUrQEttRJ/EgzDIn

8L7IcfUjxHYAEJPyckEaKosGlNvo3FjJ+XEtVFCjLFqN0FrE7kpq+6FA5bFXLMuq

B5i8FOzVPMnVIr+6n/WGeE+rRGIUTUuNcELJRT9SBbjtsXPQtQIDAQABo4IBNzCC

ATMwHQYDVR0OBBYEFAQI/LaNrga160Q+aNeMeLgDR6oyMIIBAgYDVR0jBIH6MIH3

gBQgFsVoaeBCqmN69Y61GkI4MgbgdqGB26SB2DCB1TE0MDIGA1UEAxMrUmFuZ2Vy

cyBQZXJzb25hbCBGcmVlIENlcnRpZmljYXRlIEF1dGhvcml0eTEaMBgGCSqGSIb3

DQEJARYLY2VydEBSUEYuQ0ExIDAeBgNVBAoTF1JhbmdlcnMgTmV0d29ya3MgQ28u

THRkMRcwFQYDVQQLEw5QSFAgTGFib3JhdG9yeTERMA8GA1UEBxMIWWluY2h1YW4x

JjAkBgNVBAgTHU5pbmd4aWEgSHVpIEF1dG9ub21vdXMgUmVnaW9uMQswCQYDVQQG

EwJDToIBATAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAKMKq9zCJ2Qx

vJ0KAe2yogzFJLCy3GCK0URcHBedGi3Emfwngm7LQoHF/PQg8BmJ3entJDMvYPAs

Rwin+2biKiz/kcrGIsOs2rfgl1ubxZi/fFf+aNbJvhDKKBvXozUZMQQp7+kPbC8u

x7W+ZnmjO8yJXTdYfwmQxv2SOulDZtoe

-----END CERTIFICATE-----';

# 转换为openssl可用格式

$resource_cert = openssl_pkey_get_public($certificate);

$public_key = openssl_pkey_get_details($resource_cert)['key'];

$pi_key = openssl_pkey_get_private(str_replace(array("\t",), array(""), $private_key));

$pu_key = openssl_pkey_get_public(str_replace(array("\t",), array(""), $public_key));

return array('cert' => $certificate, 'key' => $pi_key, 'pub' => $pu_key, 'pw' => $passwd);

}