使用openssl进行RSA2加解密以及签名算法(PHP)

在对接玖富债权项目中,用到了RSA加解密算法,特此记录下;

  1. 公私钥成对出现,相互解密;
    公钥加密,私钥解密。
    私钥数字签名,公钥验证。

  2. 生成RSA秘钥对,主要利用linux OPENSSL
    2.1 生成RSA私钥

    genrsa -out rsa_private_key.pem 1024
    

    2.2 把RSA私钥转换成PKCS8格式

    pkcs8 -topk8 -inform PEM -in rsa_private_key.pem -outform PEM –nocrypt
    

    2.3 生成RSA公钥

    rsa -in rsa_private_key.pem -pubout -out rsa_public_key.pem
    

打开rsa_public_key.pem可以看到—–BEGIN PUBLIC KEY—–开头,
—–END PUBLIC KEY—–结尾的没有换行的字符串,这个就是公钥

  1. PHP中实现加解密类
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
class RSA {

private $pubKey = null;
private $priKey = null;

/**
* 构造函数
* @param string 公钥文件(验签和加密时传入)
* @param string 私钥文件(签名和解密时传入)
*/
public function __construct($pubKeyFile = '', $priKeyFile = '')
{
if ($pubKeyFile) {
$this->pubKey = $this->getFileContent($pubKeyFile);
}
if ($priKeyFile) {
$this->priKey = $this->getFileContent($priKeyFile);
}
}

/**
* RSA签名
* @param $data 待签名数据
* @param $priKey 商户私钥文件路径 或 密钥内容本身
* return $sign 签名结果
*/
public function sign($data, $code = 'base64')
{
$result = openssl_get_privatekey($this->priKey);
if (openssl_sign($data, $sign, $result)) {
openssl_free_key($result);
$sign = $this->encode($sign, $code);
}
return $sign;
}

/**
* 验证签名
* @param $data 待签名数据
* @param $sign 要校对的的签名结果
* @param string 签名编码(base64/hex/bin)
* @return bool
*/
public function verify($data, $sign, $code = 'base64')
{
$ret = false;
$result = openssl_get_publickey($this->pubKey);
$sign = $this->decode($sign, $code);
if ($sign !== false) {
$ret = (bool) openssl_verify($data, $sign, $result);
openssl_free_key($result);
}
return $ret;
}

/**
* RSA加密
* @param $content 需要加密的内容
* @param $this->pubKey 商户公钥文件路径 或 密钥内容本身
* return 加密后内容,明文
*/
public function encrypt($content, $code = 'base64')
{
$result = openssl_get_publickey($this->pubKey);
$rslt = '';
for ($i = 0; $i < ((strlen($content)-strlen($content)%117) / 117 + 1); $i++) {
$data = mb_strcut($content, $i * 117, 117, 'utf-8');
openssl_public_encrypt($data, $encrypted, $result);
$rslt .= $encrypted;
}
openssl_free_key($result);
$rslt = $this->encode($rslt, $code);
return $rslt;
}

/**
* RSA解密
* @param $content 需要解密的内容,密文
* @param $this->priKey 商户私钥文件路径 或 密钥内容本身
* return 解密后内容,明文
*/
public function decrypt($content, $code = 'base64')
{
$result = openssl_get_privatekey($this->priKey);
$content = $this->decode($content, $code);
$rslt = '';
for ($i = 0; $i < strlen($content)/128; $i++) {
$data = substr($content, $i * 128, 128);
openssl_private_decrypt($data, $decrypt, $result);
$rslt .= $decrypt;
}
openssl_free_key($result);
return $rslt;
}

private function encode($data, $code)
{
switch (strtolower($code)) {
case 'base64':
$data = base64_encode(''.$data);
break;
}
return $data;
}

private function decode($data, $code)
{
switch (strtolower($code)) {
case 'base64':
$data = base64_decode($data);
break;
}
return $data;
}

private function getFileContent($file)
{
if (file_exists($file)) {
return file_get_contents($file);
}
return $file;
}
}

4.代码中具体调用:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
/**
* 同步债权信息
* @param $orderNo 订单ID
* @param $memberId 玖富理财用户ID
* @return boolen
*/
function syncRepayPlan($sDate, $eDate)
{
if (!$sDate || !$eDate) {
return false;
}
$data = array('inputCharset' => jiufuStatus::JIUFU_INPUTCHARSET,
'version' => jiufuStatus::JIUFU_VERSION,
'channelId' => jiufuStatus::JIUFU_CHANNELID,
'startTime' => $sDate,
'endTime' => $eDate,
);
$requestNo = sprintf("%d:'%s':'%s'",
jiufuStatus::REQTYPE_JIUFU_RSYNC_REPAY_PLAN, 'jiufuSyncRepayPlan', uniqid());
$dataString = json_encode($data);
$info = array(
'requestno' => $requestNo,
'type' => jiufuStatus::REQTYPE_JIUFU_RSYNC_REPAY_PLAN,
'reqtime' => CMI_DATE_NOW,
'data' => $dataString
);
$r = $this->xdReqst->createRequest($requestNo,
jiufuStatus::REQTYPE_JIUFU_RSYNC_REPAY_PLAN, $info);
if ($r) {
$rslt = $this->excuteReq(__FUNCTION__, $data);
return $this->handleRepayPlan($requestNo, $rslt);
}
}

/**
* 处理还款计划
* @param $requestNo 请求ID
* @param $rslt
* @return boolen
*/
function handleRepayPlan($requestNo, $rslt)
{
if ($rslt['returnCode'] != '0000' || empty($rslt['responseData'])) {
printf('获取还款计划失败%s', $rslt['returnMessage']);
return false;
}
$dataList = $rslt['responseData'];
foreach ($dataList as $key => &$value) {
$value['channelId'] = $rslt['channelId'];
}
$classFun = __FUNCTION__;
$handleObj = new handleData();
$handleObj->valList = $dataList;
$r = $handleObj->$classFun();
if ($r['Status'] == 'Fail') {
$error = $r['Message'];
$this->xdReqst->updateRequest($requestNo,
REQSTATUS_FAILED, array('data' => $data, 'errorMsg' => $error));
$this->errorMsg(__LINE__. $error);
return false;
}
$this->xdReqst->updateRequest($requestNo, REQSTATUS_SUCCESS, $r);
return true;
}

/**
* 发送请求
* @param $reqName 请求名称
* @param $data 请求数据
* @return array
*/
public function excuteReq($reqName, $data = null)
{
$rsaObj = new rsa(PUBLIC_KEY_PATH, PRIVATE_KEY_PATH);

//加密加签
$secretData = $rsaObj->encrypt(json_encode($data));
$secretSign = $rsaObj->sign(base64_decode($secretData));

//请求接口
$rslt = $this->proxy->$reqName(array('data' => $secretData, 'sign' => $secretSign));
if (!$rsaObj->verify(base64_decode($rslt['data']), $rslt['sign'])) {
$error = sprintf("验签失败");
$this->errorMsg(__LINE__. $error);
}

//解密接口返回数据
$rsltData = $rsaObj->decrypt($rslt['data']);
return json_decode($rsltData, true);
}
-------------本文结束感谢您的阅读-------------
坚持原创技术分享,您的支持将鼓励我继续创作!