#18的代码有问题啊:29 #这是php生成public和private的代码。 30 $rsa = openssl_pkey_new(array('private_key_bits' => 1024, 'encrypt_key' => false)); 31 openssl_pkey_export($rsa, $priv); 32 file_put_contents('private.key', $priv); 33 $pub = openssl_pkey_get_details($rsa); 34 file_put_contents('public.key', $pub['key']);Warning: openssl_pkey_export() [function.openssl-pkey-export]: cannot get key from parameter 1 in ……\test\test_csdn\test8.php on line 31Warning: openssl_pkey_get_details() expects parameter 1 to be resource, boolean given in ……\test\test_csdn\test8.php on line 33
我木有问题,神马情况,我是php5.4.估计这一句: $rsa = openssl_pkey_new(array('private_key_bits' => 1024, 'encrypt_key' => false)); 在你那里执行失败了。Note: You need to have a valid openssl.cnf installed for this function to operate correctly. See the notes under the installation section for more information.Additionally, if you are planning to use the key generation and certificate signing functions, you will need to install a valid openssl.cnf file on your system. As of PHP 4.3.0, we include a sample configuration file in our win32 binary distributions. PHP 4.3.x and 4.4.x has the file in the openssl directory. PHP 5.x and 6.x has the file in the extras/openssl directory. If you are either using PHP 4.2.x or missing the file, you can obtain it from » the OpenSSL binaries page or by downloading a recent PHP release. Be aware that Windows Explorer hides the .cnf extension by default and says the file Type is SpeedDial.PHP will search for the openssl.cnf using the following logic:the OPENSSL_CONF environmental variable, if set, will be used as the path (including filename) of the configuration file. the SSLEAY_CONF environmental variable, if set, will be used as the path (including filename) of the configuration file. The file openssl.cnf will be assumed to be found in the default certificate area, as configured at the time that the openssl DLL was compiled. This is usually means that the default filename is c:\usr\local\ssl\openssl.cnf. In your installation, you need to decide whether to install the configuration file at c:\usr\local\ssl\openssl.cnf or whether to install it someplace else and use environmental variables (possibly on a per-virtual-host basis) to locate the configuration file. Note that it is possible to override the default path from the script using the configargs of the functions that require a configuration file.
<?php
$data = "Testing openssl_private_encrypt()";$crtpath = "/usr/nc-home/webpost/mailbox/d00/1/y/u/yushuai.niu/.user/certkey/wxd.crt"; //证书文件
$fp = fopen($crtpath, "r");
$crt = fread($fp, 8192);
fclose($fp);
$pubKey = openssl_get_publickey($crt);
//从证书中解析公钥
$keyData = openssl_pkey_get_details($pubKey);
//公钥加密
if (!openssl_public_encrypt(substr($data, 0, 1024), $chrtext, $keyData['key'])) {
echo "<br/>" . openssl_error_string() . "<br/>";
}
echo "xxxxxxxxxxxx keyData-->>\n";
print_r($keyData);
echo "\n";
echo "\n data-->>{$data} \n";
echo "crtpath-->>$crtpath \n";
echo "pubKey-->>$pubKey \n";
echo "chrtext-->>" . $chrtext . " \n";$fp=fopen ("/usr/nc-home/webpost/mailbox/d00/1/y/u/yushuai.niu/.user/secretkey/wxd.key","r"); //私钥文件
$private=fread($fp,8192);
fclose($fp);
echo "\n pri_key[私钥文件] -->> $private \n";
$key = openssl_get_privatekey($private,"");
echo "\n pri_key[私钥数据] -->> $key \n";
/*
* NOTE: Here you use the $pub_key value (converted, I guess)
*/
openssl_private_decrypt($chrtext,$newsource,$key);
echo "\n 1-decrypt[首次-解密数据] -->> $newsource \n";?>
请参考PHP手册:函数参考->OpenSSL Functions
http://download.csdn.net/detail/dmtnewtons/4122897
http://download.csdn.net/detail/dmtnewtons/4122897
仅供参考:<?php
$data = "Testing openssl_private_encrypt()";$crtpath = "/usr/nc-home/webpost/mailbox/d00/1/y/u/yushuai.niu/.user/certkey/wxd.crt"; //证书文件
$fp = fopen($crtpath, "r");
$crt = fread($fp, 8192);
fclose($fp);
$pubKey = openssl_get_publickey($crt);
//从证书中解析公钥
$keyData = openssl_pkey_get_details($pubKey);
//公钥加密
if (!openssl_public_encrypt(substr($data, 0, 1024), $chrtext, $keyData['key'])) {
echo "<br/>" . openssl_error_string() . "<br/>";
}
echo "xxxxxxxxxxxx keyData-->>\n";
print_r($keyData);
echo "\n";
echo "\n data-->>{$data} \n";
echo "crtpath-->>$crtpath \n";
echo "pubKey-->>$pubKey \n";
echo "chrtext-->>" . $chrtext . " \n";$fp=fopen ("/usr/nc-home/webpost/mailbox/d00/1/y/u/yushuai.niu/.user/secretkey/wxd.key","r"); //私钥文件
$private=fread($fp,8192);
fclose($fp);
echo "\n pri_key[私钥文件] -->> $private \n";
$key = openssl_get_privatekey($private,"");
echo "\n pri_key[私钥数据] -->> $key \n";
/*
* NOTE: Here you use the $pub_key value (converted, I guess)
*/
openssl_private_decrypt($chrtext,$newsource,$key);
echo "\n 1-decrypt[首次-解密数据] -->> $newsource \n";?>
-------------PRIVATE_KEY-------------
bitlen=1024;
m=b3d9373e5751092467563cd4df0500d0161704a2840a9612907cc217bd804c6efcc39fdd10a1e489581630796ad09f69ba7a1689d770d1b91cfcdb1b2fe4dbfbbaa80a1d3617e4170d6978afa7769de4e0afac71afd756c8df540840bf61b681ab0411d7c222c73d08e8baae1e46106151f7a75767c5bb600419208;
e=010001;
privateExponent=9a6e73dc6937e164cc03261b182200afadb83837a0b0426b507c8061c84c29d5c7dfe71ef9503aa0a0edf4d3dd9fa4b331f7f1f08cf9886caef284e6547aed55472a1b27d4445bcfd0f1c7f1d6db9267fa75cd40d30899614512f33ba4d074d0b10f067808e3f47cebfcbf4f66e72c0872c88cb8df4a4e01;
p=f9536299d5c82995f12bda69bdebce1a889c41958aeb628ecba1b983738ac809697c593d660c5912ad0207c990e66b1ab032cb;
q=b8a9b50c09bca34ec7c1c069439f15f525a41ee6a46872724d36d5b54da3fbc09e712a10ea9c526bcf22ba2baf75139ff8e94e39;
dQ=759398b311800a7b1eb53ecdc74083ba933cec6fee3e92a03489b588bae6ae64f67d174bae15da64ca7e520b7eac0cd2cea9be25;
dP=2d9d39ced733d597df159cd1f7b32a73e44662214fd71ca2ef52593459712c83bc4ec9acd7fcae57225bdabcdfcba810abe7bf09a3;
qInv=d87db76dd9427a604b3ed45e0f06da13cf1b8c4ad80bdbe6ded9c78c06f487612edc3860ec03a1cb1f6e15cdcc9937949db499d;
-------------PRIVATE_KEY-------------
Data:
Version: 3 (0x2)
Serial Number: 64208 (0xfad0)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=CN, ST=BJ, L=BJ, O=NETCHINA, OU=WEBPOST, CN=netchina/[email protected]
Validity
Not Before: May 19 07:44:32 2010 GMT
Not After : May 19 07:44:32 2011 GMT
Subject: C=CN, ST=BJ, O=NETCHINA, OU=WEBPOST, CN=wxd/[email protected]
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
00:d7:ec:8f:8d:b4:26:bd:ae:a1:c1:6c:bc:01:a2:
14:73:fa:ea:82:96:2e:89:30:16:17:07:54:a2:8e:
77:cb:91:da:07:00:4e:af:29:18:f1:f2:84:a3:27:
35:36:22:6e:0b:96:69:93:ea:d6:e1:37:d7:81:e9:
60:05:a1:ff:56:0b:3e:f2:bb:d4:1e:b9:62:a5:a5:
78:f3:31:21:ec:80:f4:e1:41:59:5a:78:67:e1:4d:
ae:2a:ec:55:ad:87:25:f3:ca:63:77:cd:91:ae:30:
ad:22:89:99:f2:da:8b:cf:32:74:94:b8:86:c7:29:
7b:39:c8:64:7f:76:c0:62:f7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
95:17:0C:81:35:33:6A:F6:2D:A3:84:86:64:31:3C:67:15:3F:8A:8B
X509v3 Authority Key Identifier:
keyid:80:29:50:8E:D9:01:01:A4:B1:15:E8:38:6D:CF:1D:BD:1B:89:7F:B0 Signature Algorithm: sha1WithRSAEncryption
81:be:aa:29:80:c9:fc:83:86:a9:35:9b:ac:28:fa:d9:a1:1f:
c0:46:3f:de:e1:22:71:bf:60:ea:b9:c9:bf:27:0a:60:2a:47:
67:aa:d2:81:b3:d0:82:7e:14:37:e7:1f:09:75:e0:d7:c9:49:
bf:d4:14:ae:ef:d9:42:2b:39:ea:a7:de:ae:57:5f:df:24:a6:
55:e0:1e:89:74:07:f6:04:00:e3:98:5e:cb:81:99:7b:da:eb:
82:be:5b:54:42:d9:6c:fe:93:82:0f:5e:d8:86:4d:1d:c1:70:
c6:43:6d:af:06:f4:51:35:66:b5:2b:fe:28:02:d6:d1:f4:8a:
d6:1c:d5:a6:a9:83:23:89:b5:3c:cd:a4:56:26:b3:d3:d4:ff:
ad:b0:c1:ff:21:5e:c4:70:c4:03:08:8d:c3:a7:bc:e5:73:7a:
a2:0d:c0:49:4e:06:f5:b4:93:cf:b2:85:fe:b3:8d:14:8e:86:
cc:7d:41:47:85:30:15:81:25:a2:4b:64:51:cf:f6:bf:e3:c8:
01:e0:52:d8:cd:d5:8b:c4:fa:2c:45:b6:57:9a:25:50:41:0a:
ee:65:85:6d:49:1c:7a:ad:b2:f8:19:37:28:ab:18:bc:8e:db:
ce:36:e3:5a:8a:55:ad:cb:b5:cc:67:b4:34:cc:54:ea:98:c1:
fe:5d:3b:3c
-----BEGIN CERTIFICATE-----
MIIDejCCAmKgAwIBAgIDAPrQMA0GCSqGSIb3DQEBBQUAMIGOMQswCQYDVQQGEwJD
TjELMAkGA1UECBMCQkoxCzAJBgNVBAcTAkJKMREwDwYDVQQKEwhORVRDSElOQTEQ
MA4GA1UECxMHV0VCUE9TVDERMA8GA1UEAxMIbmV0Y2hpbmExLTArBgkqhkiG9w0B
CQEWHnNlYW4ueWFuQGVtYWlsLm5ldGNoaW5hLmNvbS5jbjAeFw0xMDA1MTkwNzQ0
MzJaFw0xMTA1MTkwNzQ0MzJaMHcxCzAJBgNVBAYTAkNOMQswCQYDVQQIEwJCSjER
MA8GA1UEChMITkVUQ0hJTkExEDAOBgNVBAsTB1dFQlBPU1QxDDAKBgNVBAMTA3d4
ZDEoMCYGCSqGSIb3DQEJARYZd3hkQGVtYWlsLm5ldGNoaW5hLmNvbS5jbjCBnzAN
BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA1+yPjbQmva6hwWy8AaIUc/rqgpYuiTAW
FwdUoo53y5HaBwBOrykY8fKEoyc1NiJuC5Zpk+rW4TfXgelgBaH/Vgs+8rvUHrli
paV48zEh7ID04UFZWnhn4U2uKuxVrYcl88pjd82RrjCtIomZ8tqLzzJ0lLiGxyl7
Ochkf3bAYvcCAwEAAaN7MHkwCQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYdT3Bl
blNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFJUXDIE1M2r2LaOE
hmQxPGcVP4qLMB8GA1UdIwQYMBaAFIApUI7ZAQGksRXoOG3PHb0biX+wMA0GCSqG
SIb3DQEBBQUAA4IBAQCBvqopgMn8g4apNZusKPrZoR/ARj/e4SJxv2Dqucm/Jwpg
KkdnqtKBs9CCfhQ35x8JdeDXyUm/1BSu79lCKznqp96uV1/fJKZV4B6JdAf2BADj
mF7LgZl72uuCvltUQtls/pOCD17Yhk0dwXDGQ22vBvRRNWa1K/4oAtbR9IrWHNWm
qYMjibU8zaRWJrPT1P+tsMH/IV7EcMQDCI3Dp7zlc3qiDcBJTgb1tJPPsoX+s40U
jobMfUFHhTAVgSWiS2RRz/a/48gB4FLYzdWLxPosRbZXmiVQQQruZYVtSRx6rbL4
GTcoqxi8jtvONuNailWty7XMZ7Q0zFTqmMH+XTs8
-----END CERTIFICATE-----
#wxd.key-----BEGIN RSA PRIVATE KEY-----
MIICXQIBAAKBgQDX7I+NtCa9rqHBbLwBohRz+uqCli6JMBYXB1SijnfLkdoHAE6v
KRjx8oSjJzU2Im4LlmmT6tbhN9eB6WAFof9WCz7yu9QeuWKlpXjzMSHsgPThQVla
eGfhTa4q7FWthyXzymN3zZGuMK0iiZny2ovPMnSUuIbHKXs5yGR/dsBi9wIDAQAB
AoGBAKM9GoIcsjUwsuVSWQg7Co9sIKK8+02H5wtd5WRHpNVn3JbyaooN3ef8Wr4l
xBq7CMsF2aeUIQN/fhOe5ZMcl7WHOiIluSowftwDYNV4CD53oST8mVtILPyEXKXe
DjXUo26ZTovQCxA02ZlnUzfCMsIDbH4apzIbIRTWB2A3bUBRAkEA9wO6EhNMyG5L
ZCRLOGQcOnVBvxfuDNwxg048XYWHemISSbdyTZoRPW4igwg4VXifnHn57dC1rNPq
f+o2bqoLWwJBAN/HT1tf6OzolwxDGDaXRrEAQWO87Hq23kE6exrLdSlKU/TRfHW7
cr9MhpkutEf9Lx6xYa5hJBYNmr7PLSrdBZUCQBXSsHe0WM5EYEjCpBqhTZUkkuBt
HszoDz/Ig7DHgUagr3jvyhttByTkPAxTh5aVh5RtelU2YTaZqlgOuyxfvY0CQGwc
cHxms7NxEzh7WcFWCHMO+ohjB6SpoGrHBB6H2Qyfujv20ThX3TIKmKR86eA1s4QS
kmyaxcJZxD8W/G1O5pkCQQDF0Bg0kfejSmgU7w27TZEhisnPXRe2dOsvlHw1XAjG
fFVev34tq0BOvAduU9fNOActegE3+g06To2tDauV29a4
-----END RSA PRIVATE KEY-----公、私钥可以通过OpenSSL来获取:
首先为你的 Apache 创建一个 RSA 私用密钥:
[S-7]
openssl genrsa -des3 -out server.key 1024
这里也要设定pass phrase。
生成 server.key 文件,将文件属性改为400,并放在安全的地方。
[S-8]
chmod 400 server.key
你可以用下列命令查看它的内容,
[S-9]
openssl rsa -noout -text -in server.key用 server.key 生成证书签署请求 CSR.
[S-10]
openssl req -new -key server.key -out server.csr
这里也要输入一些信息,和[S-4]中的内容类似。
至于 'extra' attributes 不用输入。你可以查看 CSR 的细节
[S-11]
openssl req -noout -text -in server.csr下面可以签署证书了,需要用到脚本 sign.sh
[S-12]
sign.sh server.csr
就可以得到server.crt。
将文件属性改为400,并放在安全的地方。
[S-13]
chmod 400 server.crt删除CSR
[S-14]
rm server.csr
最后apache设置
如果你的apache编译参数prefix为/usr/local/apache,
那么拷贝server.crt 和 server.key 到 /usr/local/apache/conf
修改httpd.conf
将下面的参数改为:
SSLCertificateFILE /usr/local/apache/conf/server.crt
SSLCertificateKeyFile /usr/local/apache/conf/server.key当OpenSSL提示你“CommonName”时,确保你输入了服务器的FQDN("Fully Qualified Domain Name") ,即,当你为一个以后用https://www.foo.dom/访问的网站生成一个CSR时,这里输入"www.foo.dom"。
这还真不知道了。
我的首次回复不就是铁真真的例子吗?(⊙_⊙)?
那么针对你上面讲述,这样:$fp=fopen ("/path/private.key","r"); //你的私钥文件路径
$private=fread($fp,8192);
fclose($fp);$key = openssl_get_privatekey($private,"");
//$inputext:要加密的数据
//$outext:加密后的数据
//$key:你的私钥
openssl_private_encrypt($inputext,$outext,$key);
但是这次反过来了,要php这边私钥加密,java那边验证,网上查了好久都没什么收获,郁闷啊,还有就是如果证书文件像我上边给的那样的话,该怎么加密呢,谢谢
$input = "这里是007特工组";
$pkey=<<<KEY
-------------PRIVATE_KEY-------------
bitlen=1024;
m=b3d9373e5751092467563cd4df0500d0161704a2840a9612907cc217bd804c6efcc39fdd10a1e489581630796ad09f69ba7a1689d770d1b91cfcdb1b2fe4dbfbbaa80a1d3617e4170d6978afa7769de4e0afac71afd756c8df540840bf61b681ab0411d7c222c73d08e8baae1e46106151f7a75767c5bb600419208;
e=010001;
privateExponent=9a6e73dc6937e164cc03261b182200afadb83837a0b0426b507c8061c84c29d5c7dfe71ef9503aa0a0edf4d3dd9fa4b331f7f1f08cf9886caef284e6547aed55472a1b27d4445bcfd0f1c7f1d6db9267fa75cd40d30899614512f33ba4d074d0b10f067808e3f47cebfcbf4f66e72c0872c88cb8df4a4e01;
p=f9536299d5c82995f12bda69bdebce1a889c41958aeb628ecba1b983738ac809697c593d660c5912ad0207c990e66b1ab032cb;
q=b8a9b50c09bca34ec7c1c069439f15f525a41ee6a46872724d36d5b54da3fbc09e712a10ea9c526bcf22ba2baf75139ff8e94e39;
dQ=759398b311800a7b1eb53ecdc74083ba933cec6fee3e92a03489b588bae6ae64f67d174bae15da64ca7e520b7eac0cd2cea9be25;
dP=2d9d39ced733d597df159cd1f7b32a73e44662214fd71ca2ef52593459712c83bc4ec9acd7fcae57225bdabcdfcba810abe7bf09a3;
qInv=d87db76dd9427a604b3ed45e0f06da13cf1b8c4ad80bdbe6ded9c78c06f487612edc3860ec03a1cb1f6e15cdcc9937949db499d;
-------------PRIVATE_KEY-------------
KEY;
$key = openssl_get_privatekey($private,"");
openssl_private_encrypt($input,$out,$key);
//openssl_public_encrypt($input,$out,$key);
echo "[加密数据] -->> $out \n";
//Error:key param is not a valid private key
?>
$res = openssl_pkey_new();
openssl_pkey_export($res,$pri);
$d= openssl_pkey_get_details($res);
$pub = $d['key'];
var_dump($pri,$pub);
但是我运行后返回的是两个 null
(另:我的php支持openssl,在phpinfo中可以看到)
你知道是怎么回事吗?谢谢
请参考PHP手册:函数参考->OpenSSL Functions
http://download.csdn.net/detail/dmtnewtons/4122897
和你相反, 我只能通过php生成密钥对,并且可以正常使用。
直接加载openssl命令行生成的私钥果断的失败,不解中。
2, openssl rsa -in private.key -pubout -out public.key 得到公钥和私钥两个文件。然后使用如下代码加密后解密:<?php
$context = "请加密我";
$pub = openssl_pkey_get_public(file_get_contents('public.key'));
$prv = openssl_pkey_get_private(file_get_contents('private.key'));
openssl_public_encrypt($context, $after, $pub);
echo "加密后:" . $after . PHP_EOL;
openssl_private_decrypt($after, $before, $prv);
echo "解密后:" . $before . PHP_EOL;
?>
$rsa = openssl_pkey_new(array('private_key_bits' => 1024, 'encrypt_key' => false));
openssl_pkey_export($rsa, $priv);
file_put_contents('private.key', $priv);
$pub = openssl_pkey_get_details($rsa);
file_put_contents('public.key', $pub['key']);
?>这是php生成public和private的代码。
30 $rsa = openssl_pkey_new(array('private_key_bits' => 1024, 'encrypt_key' => false));
31 openssl_pkey_export($rsa, $priv);
32 file_put_contents('private.key', $priv);
33 $pub = openssl_pkey_get_details($rsa);
34 file_put_contents('public.key', $pub['key']);Warning: openssl_pkey_export() [function.openssl-pkey-export]: cannot get key from parameter 1 in ……\test\test_csdn\test8.php on line 31Warning: openssl_pkey_get_details() expects parameter 1 to be resource, boolean given in ……\test\test_csdn\test8.php on line 33
我木有问题,神马情况,我是php5.4.估计这一句: $rsa = openssl_pkey_new(array('private_key_bits' => 1024, 'encrypt_key' => false));
在你那里执行失败了。Note: You need to have a valid openssl.cnf installed for this function to operate correctly. See the notes under the installation section for more information.Additionally, if you are planning to use the key generation and certificate signing functions, you will need to install a valid openssl.cnf file on your system. As of PHP 4.3.0, we include a sample configuration file in our win32 binary distributions. PHP 4.3.x and 4.4.x has the file in the openssl directory. PHP 5.x and 6.x has the file in the extras/openssl directory. If you are either using PHP 4.2.x or missing the file, you can obtain it from » the OpenSSL binaries page or by downloading a recent PHP release. Be aware that Windows Explorer hides the .cnf extension by default and says the file Type is SpeedDial.PHP will search for the openssl.cnf using the following logic:the OPENSSL_CONF environmental variable, if set, will be used as the path (including filename) of the configuration file.
the SSLEAY_CONF environmental variable, if set, will be used as the path (including filename) of the configuration file.
The file openssl.cnf will be assumed to be found in the default certificate area, as configured at the time that the openssl DLL was compiled. This is usually means that the default filename is c:\usr\local\ssl\openssl.cnf.
In your installation, you need to decide whether to install the configuration file at c:\usr\local\ssl\openssl.cnf or whether to install it someplace else and use environmental variables (possibly on a per-virtual-host basis) to locate the configuration file. Note that it is possible to override the default path from the script using the configargs of the functions that require a configuration file.