开发环境
ubuntu
php 7.4.8
------------------------------------------------------------------------------------------------------------------------------
/* 私钥签名
* @param $string
* @param $key
* @return string
* */
function privateSign($string , $key){
$private_key = openssl_pkey_get_private($key);
openssl_sign($string,$signature,$private_key);
return base64_encode($signature);
}
/* 公钥验证
* @param $string
* @param $key
* @return string
* */
function publicVerify($string , $key , $signature){
$public_key = openssl_pkey_get_public($key);
//print_r($public_key);
$result = openssl_verify($string,base64_decode($signature),$public_key);
openssl_free_key($public_key);
return $result === 1 ? true : false ;
}
/** 生成rsa密钥对
* @return array
*/
function rsaKey(){
$dn = [
"countryName" => "CN",
"stateOrProvinceName" => "GuangDong",
"localityName" => "Guangzhou",
"organizationName" => "Lab",
"organizationalUnitName"=> "Developer",
"commonName" => "Yil Chan",
"emailAddress" => "kkkkkkkkkkky@qq.com"
];
$config = [
"private_key_bits" => 4096,
//指定应该使用多少位来生成私钥 512 1024 2048 4096等
"private_key_type" => OPENSSL_KEYTYPE_RSA,
//选择在创建CSR时应该使用哪些扩展。可选值有 OPENSSL_KEYTYPE_DSA, OPENSSL_KEYTYPE_DH, OPENSSL_KEYTYPE_RSA 或 OPENSSL_KEYTYPE_EC. 默认值是 OPENSSL_KEYTYPE_RSA.
];
//生成证书
$private = openssl_pkey_new($config);
$csr = openssl_csr_new($dn, $private);
$sscert = openssl_csr_sign($csr, null, $private, 1);
//这里获取私钥
openssl_pkcs12_export($sscert, $privatekey, $private, '123456');
openssl_pkcs12_read($privatekey, $certs, '123456');
//这里获取公钥
openssl_x509_export($sscert, $csrkey);
$pub_key = openssl_pkey_get_public($csrkey);
$keyData = openssl_pkey_get_details($pub_key);
return [
'private' => $certs['pkey'],
'public' => $keyData['key'],
];
}
以上是实现此验证用到的重要函数
-------------------------------------------------------------------------------------------------------------------------------
第一步,生成密钥对
rsaKey() 函数返回的参数 private 由用户端保存,即接口的调用方
public 由服务器保存,接口的提供方
第二步,向服务器请求数据
如果我要向服务器请求最新的订单数据
pagesize,page,timestamp
那么就要进行加签操作
$ori_str = sprintf('%s%s%s',$pagesize,$page,$timestamp);
$sign_str=privateSign($ori_str,$private_key);
pagesize,page,timestamp,sign_str 都提交上去服务器
第三步,服务器验证数据是否来自授权用户
$ori_str = sprintf('%s%s%s',$pagesize,$page,$timestamp);
$sign_str=get($sign_str);
publicVerify($ori_str,$public_key,$sign_str);