转自:https://www.cnblogs.com/xuweiqiang/p/9784584.html
常用的rsa密钥有两种格式,一种为pkcs1,首尾分别为:
# 公钥
-----BEGIN RSA PUBLIC KEY-----
-----END RSA PUBLIC KEY-----
# 私钥
-----BEGIN RSA PRIVATE KEY-----
-----END RSA PRIVATE KEY-----
另一种为pkcs8,首尾分别为:
# 公钥
-----BEGIN PUBLIC KEY-----
-----END PUBLIC KEY-----
# 私钥
-----BEGIN PRIVATE KEY-----
-----END PRIVATE KEY-----
这里加解密: 公钥是私钥转换pkcs8格式后生成(其实用pkcs1生产的公钥也是一样的),私钥还是用的pkcs1格式
具体实现:
1、加密解密的第一步是生成公钥、私钥对,私钥加密的内容能通过公钥解密(反过来亦可以)
下载开源RSA密钥生成工具openssl(通常Linux系统都自带该程序),解压缩至独立的文件夹,进入其中的bin目录,执行以下命令:
openssl genrsa -out rsa_private_key.pem 1024
openssl pkcs8 -topk8 -inform PEM -in rsa_private_key.pem -outform PEM -nocrypt -out private_key.pem
openssl rsa -in rsa_private_key.pem -pubout -out rsa_public_key.pem
第一条命令生成原始 RSA私钥文件 rsa_private_key.pem
第二条命令将原始 RSA私钥转换为 pkcs8格式
第三条生成RSA公钥 rsa_public_key.pem
#############常用命令集合
##openssl 生成pkcs1格式的私钥,密钥长度1024位, (PKCS1)
openssl genrsa -out private_pkcs1.pem 1024
##PKCS1私钥转换为PKCS8
openssl pkcs8 -topk8 -inform PEM -in private_pkcs1.pem -outform pem -nocrypt -out private_pkcs8.pem
##pkcs8格式私钥转为pkcs1格式私钥:
openssl rsa -in private_pkcs8.pem -out private_pkcs1_from_pkcs8.pem
##从pkcs1私钥中生成pkcs8公钥
openssl rsa -in private_pkcs1.pem -pubout -out public_pkcs8.pem
##从pkcs8私钥中生成pkcs8公钥
openssl rsa -in private_pkcs8.pem -pubout -out public_pkcs8.pem
##pkcs8公钥转pkcs1公钥,这个是打印出来的,需要复制一下放到文件里面(p_pkcs1.pem),空了再找命令
openssl rsa -pubin -in public_pkcs8.pem -RSAPublicKey_out
##pkcs1公钥转换为pkcs8公钥,这个是打印出来的,需要复制一下放到文件里面,空了再找命令
openssl rsa -RSAPublicKey_in -in p_pkcs1.pem -pubout
上面几个就可以看出:通过私钥能生成对应的公钥
也有一些网站提供生成rsa公钥私钥的服务(本人未尝试):http://www.bm8.com.cn/webtool/rsa/
2、PHP的加密解密类库:
<?php
class Rsa {
/**
* 获取私钥
* @return bool|resource
*/
private static function getPrivateKey()
{
$abs_path = dirname(__FILE__) . '/rsa_private_key.pem';
$content = file_get_contents($abs_path);
return openssl_pkey_get_private($content);
}
/**
* 获取公钥
* @return bool|resource
*/
private static function getPublicKey()
{
$abs_path = dirname(__FILE__) . '/rsa_public_key.pem';
$content = file_get_contents($abs_path);
return openssl_pkey_get_public($content);
}
/**
* 私钥加密
* @param string $data
* @return null|string
*/
public static function privEncrypt($data = '')
{
if (!is_string($data)) {
return null;
}
return openssl_private_encrypt($data,$encrypted,self::getPrivateKey()) ? base64_encode($encrypted) : null;
}
/**
* 公钥加密
* @param string $data
* @return null|string
*/
public static function publicEncrypt($data = '')
{
if (!is_string($data)) {
return null;
}
return openssl_public_encrypt($data,$encrypted,self::getPublicKey()) ? base64_encode($encrypted) : null;
}
/**
* 私钥解密
* @param string $encrypted
* @return null
*/
public static function privDecrypt($encrypted = '')
{
if (!is_string($encrypted)) {
return null;
}
return (openssl_private_decrypt(base64_decode($encrypted), $decrypted, self::getPrivateKey())) ? $decrypted : null;
}
/**
* 公钥解密
* @param string $encrypted
* @return null
*/
public static function publicDecrypt($encrypted = '')
{
if (!is_string($encrypted)) {
return null;
}
return (openssl_public_decrypt(base64_decode($encrypted), $decrypted, self::getPublicKey())) ? $decrypted : null;
}
}
调用demo:
<?php
require_once "Rsa.php";
$rsa = new Rsa();
$data['name'] = 'Tom';
$data['age'] = '20';
$privEncrypt = $rsa->privEncrypt(json_encode($data));
echo '私钥加密后:'.$privEncrypt.'<br>';
$publicDecrypt = $rsa->publicDecrypt($privEncrypt);
echo '公钥解密后:'.$publicDecrypt.'<br>';
$publicEncrypt = $rsa->publicEncrypt(json_encode($data));
echo '公钥加密后:'.$publicEncrypt.'<br>';
$privDecrypt = $rsa->privDecrypt($publicEncrypt);
echo '私钥解密后:'.$privDecrypt.'<br>';
代码截图实例:
附,私钥转码为pkcs8 可能会报错:
unable to load Private Key
139656125785928:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:703:Expecting: ANY PRIVATE KEY
是由于私钥没有换行导致,可以强行进行换行
<?php
$str = "错误私钥";
$dataArr = str_split($str, 64);
echo "-----BEGIN RSA PRIVATE KEY-----".PHP_EOL;
foreach ($dataArr as $trunk) {
echo $trunk.PHP_EOL;
}
echo "-----END RSA PRIVATE KEY-----".PHP_EOL;
//执行下命令
/usr/local/bin/php ./trans.php > test.pem
处理完毕之后在执行命令转换格式:
openssl pkcs8 -topk8 -inform PEM -in test.pem -outform PEM -nocrypt -out rsa_private_key.pem