PHP 下的SSL加密设置

这个是报的错
[Composer\Downloader\TransportException] The
"http://packages.zendframework.com/packages.json" file could not be downloaded: SSL operation failed with code 1. OpenSSL Error messages: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed Failed to enable crypto

经过google 一翻以后

将证书安装到
~$ mkdir ~/tools/https-ca
 ~$ cd ~/tools/https-ca
 ~$ curl http://curl.haxx.se/ca/cacert.pem -o cacert.pem

地址在
/Users/jackluo/tools/https-ca/cacert.pem

然后修改php.ini文件
openssl.cafile=/Users/jackluo/tools/https-ca/cacert.pem

这样至少不报错了

gitconfig 证书:
export GIT_CURL_VERBOSE=1 
~$ git config --global http.sslCAInfo /Users/jackluo/tools/https-ca/cacert.pem

可打开~/.gitconfig确认cainfo配置成功写入git配置文件

随便就介绍一下,加密 解密:

function sign($data) {
    //读取私钥文件
    $priKey = file_get_contents('key/rsa_private_key.pem');
 
    //转换为openssl密钥,必须是没有经过pkcs8转换的私钥
    $res = openssl_get_privatekey($priKey);
 
    //调用openssl内置签名方法,生成签名$sign
    openssl_sign($data, $sign, $res);
 
    //释放资源
    openssl_free_key($res);
 
    return $sign;
}

验证 verify  

function verify($data, $sign)  {
    //读取支付宝公钥文件
    $pubKey = file_get_contents('key/alipay_public_key.pem');
 
    //转换为openssl格式密钥
    $res = openssl_get_publickey($pubKey);
 
    //调用openssl内置方法验签,返回bool值
    $result = (bool)openssl_verify($data, $sign, $res);
     
    //释放资源
    openssl_free_key($res);
 
    return $result;
}

解密

function decrypt($content) {
 
    //读取商户私钥
    $priKey = file_get_contents('key/rsa_private_key.pem');
     
    //转换为openssl密钥,必须是没有经过pkcs8转换的私钥
    $res = openssl_get_privatekey($priKey);
 
    //声明明文字符串变量
    $result  = '';
 
    //循环按照128位解密
    for($i = 0; $i < strlen($content)/128; $i++  ) {
        $data = substr($content, $i * 128, 128);
         
    //拆分开长度为128的字符串片段通过私钥进行解密,返回$decrypt解析后的明文
        openssl_private_decrypt($data, $decrypt, $res);
 
    //明文片段拼接
        $result .= $decrypt;
    }
 
    //释放资源
    openssl_free_key($res);
 
    //返回明文
    return $result;
}

 

展开阅读全文

关于SSL 加密

07-21

rnrn问题1:下面是SLL加密帮助文档,当我用c#调用此帮助文档函数时,把下面函数转换为C#可用函数;rnrnrnrnrn帮助文档内容rnrnrnvoid* OPENSSL_connect( SOCKET s )rn说明 :发起一个SSL连接,通常是在调用 C 函数 connect 之后立即调用此接口,此接口只能在工作站模式下调用。rn参数定义:s 必须是已经建立了TCP连接的socketrn返回值 :返回一个可用作OPENSSL_read或OPENSSL_write第一个参数的指针rn NOT NULL, 成功 rn NULL(0) , 错误rnrnrn-----------------------------------------rnint OPENSSL_read(void* sslsock,void *buf,int num)rn说明 : 从ssl socket读取数据。调用之前应用程序必须判断是否有数据库可读,每次读取的数据库最好小于16K。rn参数定义:sslsock 必须是 OPENSSL_accep t或 OPENSSL_connect 返回的指针参数rn buf 接收数据的缓存rn num buf缓存的大小rn返回值 : > 0 ,返回读取的字节数rn -1或0,错误rnrnrnrnrnrnrnrnrnrnrnrnrnrnrn这是我写请教别人后写的可是在调用IntPtr SSlResultsock = OPENSSL_connect(sock);返回连接错误0rnrnrn[code=C#]rn [DllImport("SSLLib.dll", CallingConvention = CallingConvention.Cdecl, CharSet = CharSet.Auto, EntryPoint = "OPENSSL_connect")]rn public static extern IntPtr OPENSSL_connect(Socket s); //IntPtrrnrnrn [DllImport("SSLLib.dll", CallingConvention = CallingConvention.Cdecl, CharSet = CharSet.Auto, EntryPoint = "OPENSSL_read")]rn public static extern int OPENSSL_read(IntPtr sslsock, Byte[] buf, int num);rnrnrn int port = Convert.ToInt32(txt_port.Text.ToString());rnrn string host = txt_ip.Text.ToString();rn rn IPAddress ipad = IPAddress.Parse(host);rnrn IPEndPoint ipen = new IPEndPoint(ipad, port);rn rn Socket sock = new Socket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.Tcp);rnrn sock.Connect(ipen); //此处调用时返回连接错误rnrn IntPtr SSlResultsock = OPENSSL_connect(sock);rn[/code] rn 论坛

没有更多推荐了,返回首页