许久的理论知识最近终于有机会付诸实践了,引用原文描述OpenSSL如下:
This module uses the functions of OpenSSL for generation and verification of signatures and for sealing (encrypting) and opening (decrypting) data. OpenSSL offers many features that this module currently doesn't support. Some of these may be added in the future.
实践步骤:
第一步创建签名:
方法一是直接使用命令行工具,在Linux或Mac OS X如下:
生成私钥:openssl genrsa -out privatekey.pem 2048
生成对应的公钥:openssl rsa -in privatekey.pem -pubout -out pubkey.pem
方法二是使用PHP调用OpenSSL
//data you want to sign
$data='my data';
//Create new private and public key
$new_key_pair=openssl_pkey_new(array(
"private_key_bits" => 2048,
"private_key_type" => OPENSSL_KEYTYPE_RSA
));
openssl_pkey_export($new_key_pair,$private_key_pem);//Get private key
//openssl_pkey_export_to_file($new_key_pair,"aaron.pem");//just can import private key
$details=openssl_pkey_get_details($new_key_pair);//just can get public key
$public_key_pem=$details['key'];
第二步生产签名:
//Create signature
openssl_sign($data,$signature,$private_key_pem,OPENSSL_ALGO_SHA256);
//Save for later
file_put_contents('private_key.pem',$private_key_pem);//Save key in pem file
file_put_contents('public_key.pem', $public_key_pem);
file_put_contents('signature.dat', $signature);
//$private_key=file_get_contents('private_key.pem');//Get key from pem file
最后验证签名:
//Verify signature
$r=openssl_verify($data,$signature,$public_key_pem,"sha256WithRSAEncryption");
// $r=openssl_verify($data,$signature,$public_key_pem,OPENSSL_ALGO_SHA256);
echo($r);
更多信息,请访问
http://php.net/manual/en/book.openssl.php