php的rsa加密问题

<?php
$data = "Testing openssl_private_encrypt()";$crtpath = "/usr/nc-home/webpost/mailbox/d00/1/y/u/yushuai.niu/.user/certkey/wxd.crt"; //证书文件
$fp = fopen($crtpath, "r");
$crt = fread($fp, 8192);
fclose($fp);
$pubKey = openssl_get_publickey($crt);
//从证书中解析公钥
$keyData = openssl_pkey_get_details($pubKey);
//公钥加密
if (!openssl_public_encrypt(substr($data, 0, 1024), $chrtext, $keyData['key'])) {
echo "<br/>" . openssl_error_string() . "<br/>";
}
echo "xxxxxxxxxxxx keyData-->>\n";
print_r($keyData);
echo "\n";
echo "\n data-->>{$data} \n";
echo "crtpath-->>$crtpath \n";
echo "pubKey-->>$pubKey \n";
echo "chrtext-->>" . $chrtext . " \n";$fp=fopen ("/usr/nc-home/webpost/mailbox/d00/1/y/u/yushuai.niu/.user/secretkey/wxd.key","r"); //私钥文件
$private=fread($fp,8192);
fclose($fp);
echo "\n pri_key[私钥文件] -->> $private \n";
$key = openssl_get_privatekey($private,"");
echo "\n pri_key[私钥数据] -->> $key \n";
/*
* NOTE: Here you use the $pub_key value (converted, I guess)
*/
openssl_private_decrypt($chrtext,$newsource,$key);
echo "\n 1-decrypt[首次-解密数据] -->> $newsource \n";?>
请参考PHP手册：函数参考->OpenSSL Functions
http://download.csdn.net/detail/dmtnewtons/4122897

请参考PHP手册：函数参考->OpenSSL-function
http://download.csdn.net/detail/dmtnewtons/4122897
仅供参考:<?php
$data = "Testing openssl_private_encrypt()";$crtpath = "/usr/nc-home/webpost/mailbox/d00/1/y/u/yushuai.niu/.user/certkey/wxd.crt"; //证书文件
$fp = fopen($crtpath, "r");
$crt = fread($fp, 8192);
fclose($fp);
$pubKey = openssl_get_publickey($crt);
//从证书中解析公钥
$keyData = openssl_pkey_get_details($pubKey);
//公钥加密
if (!openssl_public_encrypt(substr($data, 0, 1024), $chrtext, $keyData['key'])) {
echo "<br/>" . openssl_error_string() . "<br/>";
}
echo "xxxxxxxxxxxx keyData-->>\n";
print_r($keyData);
echo "\n";
echo "\n data-->>{$data} \n";
echo "crtpath-->>$crtpath \n";
echo "pubKey-->>$pubKey \n";
echo "chrtext-->>" . $chrtext . " \n";$fp=fopen ("/usr/nc-home/webpost/mailbox/d00/1/y/u/yushuai.niu/.user/secretkey/wxd.key","r"); //私钥文件
$private=fread($fp,8192);
fclose($fp);
echo "\n pri_key[私钥文件] -->> $private \n";
$key = openssl_get_privatekey($private,"");
echo "\n pri_key[私钥数据] -->> $key \n";
/*
* NOTE: Here you use the $pub_key value (converted, I guess)
*/
openssl_private_decrypt($chrtext,$newsource,$key);
echo "\n 1-decrypt[首次-解密数据] -->> $newsource \n";?>

我现在的证书格式为
-------------PRIVATE_KEY-------------
bitlen=1024;
m=b3d9373e5751092467563cd4df0500d0161704a2840a9612907cc217bd804c6efcc39fdd10a1e489581630796ad09f69ba7a1689d770d1b91cfcdb1b2fe4dbfbbaa80a1d3617e4170d6978afa7769de4e0afac71afd756c8df540840bf61b681ab0411d7c222c73d08e8baae1e46106151f7a75767c5bb600419208;
e=010001;
privateExponent=9a6e73dc6937e164cc03261b182200afadb83837a0b0426b507c8061c84c29d5c7dfe71ef9503aa0a0edf4d3dd9fa4b331f7f1f08cf9886caef284e6547aed55472a1b27d4445bcfd0f1c7f1d6db9267fa75cd40d30899614512f33ba4d074d0b10f067808e3f47cebfcbf4f66e72c0872c88cb8df4a4e01;
p=f9536299d5c82995f12bda69bdebce1a889c41958aeb628ecba1b983738ac809697c593d660c5912ad0207c990e66b1ab032cb;
q=b8a9b50c09bca34ec7c1c069439f15f525a41ee6a46872724d36d5b54da3fbc09e712a10ea9c526bcf22ba2baf75139ff8e94e39;
dQ=759398b311800a7b1eb53ecdc74083ba933cec6fee3e92a03489b588bae6ae64f67d174bae15da64ca7e520b7eac0cd2cea9be25;
dP=2d9d39ced733d597df159cd1f7b32a73e44662214fd71ca2ef52593459712c83bc4ec9acd7fcae57225bdabcdfcba810abe7bf09a3;
qInv=d87db76dd9427a604b3ed45e0f06da13cf1b8c4ad80bdbe6ded9c78c06f487612edc3860ec03a1cb1f6e15cdcc9937949db499d;
-------------PRIVATE_KEY-------------

#wxd.crtCertificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 64208 (0xfad0)
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: C=CN, ST=BJ, L=BJ, O=NETCHINA, OU=WEBPOST, CN=netchina/[email protected]
        Validity
            Not Before: May 19 07:44:32 2010 GMT
            Not After : May 19 07:44:32 2011 GMT
        Subject: C=CN, ST=BJ, O=NETCHINA, OU=WEBPOST, CN=wxd/[email protected]
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (1024 bit)
                Modulus (1024 bit):
                    00:d7:ec:8f:8d:b4:26:bd:ae:a1:c1:6c:bc:01:a2:
                    14:73:fa:ea:82:96:2e:89:30:16:17:07:54:a2:8e:
                    77:cb:91:da:07:00:4e:af:29:18:f1:f2:84:a3:27:
                    35:36:22:6e:0b:96:69:93:ea:d6:e1:37:d7:81:e9:
                    60:05:a1:ff:56:0b:3e:f2:bb:d4:1e:b9:62:a5:a5:
                    78:f3:31:21:ec:80:f4:e1:41:59:5a:78:67:e1:4d:
                    ae:2a:ec:55:ad:87:25:f3:ca:63:77:cd:91:ae:30:
                    ad:22:89:99:f2:da:8b:cf:32:74:94:b8:86:c7:29:
                    7b:39:c8:64:7f:76:c0:62:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints:
                CA:FALSE
            Netscape Comment:
                OpenSSL Generated Certificate
            X509v3 Subject Key Identifier:
                95:17:0C:81:35:33:6A:F6:2D:A3:84:86:64:31:3C:67:15:3F:8A:8B
            X509v3 Authority Key Identifier:
                keyid:80:29:50:8E:D9:01:01:A4:B1:15:E8:38:6D:CF:1D:BD:1B:89:7F:B0    Signature Algorithm: sha1WithRSAEncryption
        81:be:aa:29:80:c9:fc:83:86:a9:35:9b:ac:28:fa:d9:a1:1f:
        c0:46:3f:de:e1:22:71:bf:60:ea:b9:c9:bf:27:0a:60:2a:47:
        67:aa:d2:81:b3:d0:82:7e:14:37:e7:1f:09:75:e0:d7:c9:49:
        bf:d4:14:ae:ef:d9:42:2b:39:ea:a7:de:ae:57:5f:df:24:a6:
        55:e0:1e:89:74:07:f6:04:00:e3:98:5e:cb:81:99:7b:da:eb:
        82:be:5b:54:42:d9:6c:fe:93:82:0f:5e:d8:86:4d:1d:c1:70:
        c6:43:6d:af:06:f4:51:35:66:b5:2b:fe:28:02:d6:d1:f4:8a:
        d6:1c:d5:a6:a9:83:23:89:b5:3c:cd:a4:56:26:b3:d3:d4:ff:
        ad:b0:c1:ff:21:5e:c4:70:c4:03:08:8d:c3:a7:bc:e5:73:7a:
        a2:0d:c0:49:4e:06:f5:b4:93:cf:b2:85:fe:b3:8d:14:8e:86:
        cc:7d:41:47:85:30:15:81:25:a2:4b:64:51:cf:f6:bf:e3:c8:
        01:e0:52:d8:cd:d5:8b:c4:fa:2c:45:b6:57:9a:25:50:41:0a:
        ee:65:85:6d:49:1c:7a:ad:b2:f8:19:37:28:ab:18:bc:8e:db:
        ce:36:e3:5a:8a:55:ad:cb:b5:cc:67:b4:34:cc:54:ea:98:c1:
        fe:5d:3b:3c
-----BEGIN CERTIFICATE-----
MIIDejCCAmKgAwIBAgIDAPrQMA0GCSqGSIb3DQEBBQUAMIGOMQswCQYDVQQGEwJD
TjELMAkGA1UECBMCQkoxCzAJBgNVBAcTAkJKMREwDwYDVQQKEwhORVRDSElOQTEQ
MA4GA1UECxMHV0VCUE9TVDERMA8GA1UEAxMIbmV0Y2hpbmExLTArBgkqhkiG9w0B
CQEWHnNlYW4ueWFuQGVtYWlsLm5ldGNoaW5hLmNvbS5jbjAeFw0xMDA1MTkwNzQ0
MzJaFw0xMTA1MTkwNzQ0MzJaMHcxCzAJBgNVBAYTAkNOMQswCQYDVQQIEwJCSjER
MA8GA1UEChMITkVUQ0hJTkExEDAOBgNVBAsTB1dFQlBPU1QxDDAKBgNVBAMTA3d4
ZDEoMCYGCSqGSIb3DQEJARYZd3hkQGVtYWlsLm5ldGNoaW5hLmNvbS5jbjCBnzAN
BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA1+yPjbQmva6hwWy8AaIUc/rqgpYuiTAW
FwdUoo53y5HaBwBOrykY8fKEoyc1NiJuC5Zpk+rW4TfXgelgBaH/Vgs+8rvUHrli
paV48zEh7ID04UFZWnhn4U2uKuxVrYcl88pjd82RrjCtIomZ8tqLzzJ0lLiGxyl7
Ochkf3bAYvcCAwEAAaN7MHkwCQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYdT3Bl
blNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFJUXDIE1M2r2LaOE
hmQxPGcVP4qLMB8GA1UdIwQYMBaAFIApUI7ZAQGksRXoOG3PHb0biX+wMA0GCSqG
SIb3DQEBBQUAA4IBAQCBvqopgMn8g4apNZusKPrZoR/ARj/e4SJxv2Dqucm/Jwpg
KkdnqtKBs9CCfhQ35x8JdeDXyUm/1BSu79lCKznqp96uV1/fJKZV4B6JdAf2BADj
mF7LgZl72uuCvltUQtls/pOCD17Yhk0dwXDGQ22vBvRRNWa1K/4oAtbR9IrWHNWm
qYMjibU8zaRWJrPT1P+tsMH/IV7EcMQDCI3Dp7zlc3qiDcBJTgb1tJPPsoX+s40U
jobMfUFHhTAVgSWiS2RRz/a/48gB4FLYzdWLxPosRbZXmiVQQQruZYVtSRx6rbL4
GTcoqxi8jtvONuNailWty7XMZ7Q0zFTqmMH+XTs8
-----END CERTIFICATE-----
#wxd.key-----BEGIN RSA PRIVATE KEY-----
MIICXQIBAAKBgQDX7I+NtCa9rqHBbLwBohRz+uqCli6JMBYXB1SijnfLkdoHAE6v
KRjx8oSjJzU2Im4LlmmT6tbhN9eB6WAFof9WCz7yu9QeuWKlpXjzMSHsgPThQVla
eGfhTa4q7FWthyXzymN3zZGuMK0iiZny2ovPMnSUuIbHKXs5yGR/dsBi9wIDAQAB
AoGBAKM9GoIcsjUwsuVSWQg7Co9sIKK8+02H5wtd5WRHpNVn3JbyaooN3ef8Wr4l
xBq7CMsF2aeUIQN/fhOe5ZMcl7WHOiIluSowftwDYNV4CD53oST8mVtILPyEXKXe
DjXUo26ZTovQCxA02ZlnUzfCMsIDbH4apzIbIRTWB2A3bUBRAkEA9wO6EhNMyG5L
ZCRLOGQcOnVBvxfuDNwxg048XYWHemISSbdyTZoRPW4igwg4VXifnHn57dC1rNPq
f+o2bqoLWwJBAN/HT1tf6OzolwxDGDaXRrEAQWO87Hq23kE6exrLdSlKU/TRfHW7
cr9MhpkutEf9Lx6xYa5hJBYNmr7PLSrdBZUCQBXSsHe0WM5EYEjCpBqhTZUkkuBt
HszoDz/Ig7DHgUagr3jvyhttByTkPAxTh5aVh5RtelU2YTaZqlgOuyxfvY0CQGwc
cHxms7NxEzh7WcFWCHMO+ohjB6SpoGrHBB6H2Qyfujv20ThX3TIKmKR86eA1s4QS
kmyaxcJZxD8W/G1O5pkCQQDF0Bg0kfejSmgU7w27TZEhisnPXRe2dOsvlHw1XAjG
fFVev34tq0BOvAduU9fNOActegE3+g06To2tDauV29a4
-----END RSA PRIVATE KEY-----公、私钥可以通过OpenSSL来获取：
首先为你的 Apache 创建一个 RSA 私用密钥：
[S-7]
openssl genrsa -des3 -out server.key 1024
这里也要设定pass phrase。
生成 server.key 文件，将文件属性改为400，并放在安全的地方。
[S-8]
chmod 400 server.key
你可以用下列命令查看它的内容，
[S-9]
openssl rsa -noout -text -in server.key用 server.key 生成证书签署请求 CSR.
[S-10]
openssl req -new -key server.key -out server.csr
这里也要输入一些信息，和[S-4]中的内容类似。
至于 'extra' attributes 不用输入。你可以查看 CSR 的细节
[S-11]
openssl req -noout -text -in server.csr下面可以签署证书了，需要用到脚本 sign.sh
[S-12]
sign.sh server.csr
就可以得到server.crt。
将文件属性改为400，并放在安全的地方。
[S-13]
chmod 400 server.crt删除CSR
[S-14]
rm server.csr
最后apache设置
如果你的apache编译参数prefix为/usr/local/apache，
那么拷贝server.crt 和 server.key 到 /usr/local/apache/conf
修改httpd.conf
将下面的参数改为：
SSLCertificateFILE /usr/local/apache/conf/server.crt
SSLCertificateKeyFile /usr/local/apache/conf/server.key当OpenSSL提示你“CommonName”时，确保你输入了服务器的FQDN("Fully　Qualified　Domain　Name")　，即，当你为一个以后用https://www.foo.dom/访问的网站生成一个CSR时，这里输入"www.foo.dom"。

是这样的，别人做了个java的网站，我这边是个php的网站，我要向java那边传参数了，为了安全起见，java那边要做验证，就把上面的那个文件发给我了，让我照着那个私钥加密，他们那边用公钥验证是否合法，也就是说，我这边只要加密就行了，我在这方面懂的不是太多，不知道该怎么办，还望能够给个例子，谢谢了

用php加密的文件，Java能解密？
这还真不知道了。
我的首次回复不就是铁真真的例子吗？(⊙_⊙)？
那么针对你上面讲述，这样：$fp=fopen ("/path/private.key","r"); //你的私钥文件路径
$private=fread($fp,8192);
fclose($fp);$key = openssl_get_privatekey($private,"");
//$inputext:要加密的数据
//$outext:加密后的数据
//$key:你的私钥
openssl_private_encrypt($inputext,$outext,$key);

可以的，以前我们就做了个，java的给php的传参数，java用私钥加密，然后我这边php用公钥验证传的参数是否合法，是可行的，
但是这次反过来了，要php这边私钥加密，java那边验证，网上查了好久都没什么收获，郁闷啊，还有就是如果证书文件像我上边给的那样的话，该怎么加密呢，谢谢

我试过了，你给的既不是公钥也不是私钥：<?php
$input = "这里是007特工组";
$pkey=<<<KEY
-------------PRIVATE_KEY-------------
bitlen=1024;
m=b3d9373e5751092467563cd4df0500d0161704a2840a9612907cc217bd804c6efcc39fdd10a1e489581630796ad09f69ba7a1689d770d1b91cfcdb1b2fe4dbfbbaa80a1d3617e4170d6978afa7769de4e0afac71afd756c8df540840bf61b681ab0411d7c222c73d08e8baae1e46106151f7a75767c5bb600419208;
e=010001;
privateExponent=9a6e73dc6937e164cc03261b182200afadb83837a0b0426b507c8061c84c29d5c7dfe71ef9503aa0a0edf4d3dd9fa4b331f7f1f08cf9886caef284e6547aed55472a1b27d4445bcfd0f1c7f1d6db9267fa75cd40d30899614512f33ba4d074d0b10f067808e3f47cebfcbf4f66e72c0872c88cb8df4a4e01;
p=f9536299d5c82995f12bda69bdebce1a889c41958aeb628ecba1b983738ac809697c593d660c5912ad0207c990e66b1ab032cb;
q=b8a9b50c09bca34ec7c1c069439f15f525a41ee6a46872724d36d5b54da3fbc09e712a10ea9c526bcf22ba2baf75139ff8e94e39;
dQ=759398b311800a7b1eb53ecdc74083ba933cec6fee3e92a03489b588bae6ae64f67d174bae15da64ca7e520b7eac0cd2cea9be25;
dP=2d9d39ced733d597df159cd1f7b32a73e44662214fd71ca2ef52593459712c83bc4ec9acd7fcae57225bdabcdfcba810abe7bf09a3;
qInv=d87db76dd9427a604b3ed45e0f06da13cf1b8c4ad80bdbe6ded9c78c06f487612edc3860ec03a1cb1f6e15cdcc9937949db499d;
-------------PRIVATE_KEY-------------
KEY;
$key = openssl_get_privatekey($private,"");
openssl_private_encrypt($input,$out,$key);
//openssl_public_encrypt($input,$out,$key);
echo "[加密数据] -->> $out \n";
//Error:key param is not a valid private key
?>

对了，上传我们做的时候，他们java给我的公钥他们给我转换了一下，开始给我的公钥只有小写字母和数字（就像上面的那种），我怎么都没验证成功，后来他们好像给转成了base64_encode类型的，就是里面有小写还有大写，还有+号和/的那种公钥，就验证成功了，谢谢

我擦，你把我搞晕了，你将原私钥（未经处理）赋予变量$pkey，然后，按照#10楼代码赋值，运行就出来了

再请教个问题，我想用php生成一对私钥和公钥，网上说可以用以下代码
$res = openssl_pkey_new();
openssl_pkey_export($res,$pri);
$d= openssl_pkey_get_details($res);
$pub = $d['key'];
var_dump($pri,$pub);
但是我运行后返回的是两个 null
（另：我的php支持openssl，在phpinfo中可以看到）
你知道是怎么回事吗？谢谢

具体没有用代码生成过密钥，我只在Linux上用#5的方法生成过，去看看手册上的实例吧！
请参考PHP手册：函数参考->OpenSSL Functions
http://download.csdn.net/detail/dmtnewtons/4122897

和你相反, 我只能通过php生成密钥对，并且可以正常使用。
直接加载openssl命令行生成的私钥果断的失败，不解中。

不说CSR签CRT了, 和直接用public key是一样的。我用如下过程操作成功：1, openssl genrsa -out private.key 1024
2, openssl rsa -in private.key -pubout -out public.key 得到公钥和私钥两个文件。然后使用如下代码加密后解密：<?php
$context = "请加密我";
$pub = openssl_pkey_get_public(file_get_contents('public.key'));
$prv = openssl_pkey_get_private(file_get_contents('private.key'));
openssl_public_encrypt($context, $after, $pub);
echo "加密后：" . $after . PHP_EOL;
openssl_private_decrypt($after, $before, $prv);
echo "解密后:" . $before . PHP_EOL;
?>

<?php
$rsa = openssl_pkey_new(array('private_key_bits' => 1024, 'encrypt_key' => false));
openssl_pkey_export($rsa, $priv);
file_put_contents('private.key', $priv);
$pub = openssl_pkey_get_details($rsa);
file_put_contents('public.key', $pub['key']);
?>这是php生成public和private的代码。

#18的代码有问题啊：29 #这是php生成public和private的代码。
30 $rsa = openssl_pkey_new(array('private_key_bits' => 1024, 'encrypt_key' => false));
31 openssl_pkey_export($rsa, $priv);
32 file_put_contents('private.key', $priv);
33 $pub = openssl_pkey_get_details($rsa);
34 file_put_contents('public.key', $pub['key']);Warning: openssl_pkey_export() [function.openssl-pkey-export]: cannot get key from parameter 1 in ……\test\test_csdn\test8.php on line 31Warning: openssl_pkey_get_details() expects parameter 1 to be resource, boolean given in ……\test\test_csdn\test8.php on line 33

我木有问题,神马情况,我是php5.4.估计这一句： $rsa = openssl_pkey_new(array('private_key_bits' => 1024, 'encrypt_key' => false));
在你那里执行失败了。Note: You need to have a valid openssl.cnf installed for this function to operate correctly. See the notes under the installation section for more information.Additionally, if you are planning to use the key generation and certificate signing functions, you will need to install a valid openssl.cnf file on your system. As of PHP 4.3.0, we include a sample configuration file in our win32 binary distributions. PHP 4.3.x and 4.4.x has the file in the openssl directory. PHP 5.x and 6.x has the file in the extras/openssl directory. If you are either using PHP 4.2.x or missing the file, you can obtain it from » the OpenSSL binaries page or by downloading a recent PHP release. Be aware that Windows Explorer hides the .cnf extension by default and says the file Type is SpeedDial.PHP will search for the openssl.cnf using the following logic:the OPENSSL_CONF environmental variable, if set, will be used as the path (including filename) of the configuration file.
the SSLEAY_CONF environmental variable, if set, will be used as the path (including filename) of the configuration file.
The file openssl.cnf will be assumed to be found in the default certificate area, as configured at the time that the openssl DLL was compiled. This is usually means that the default filename is c:\usr\local\ssl\openssl.cnf.
In your installation, you need to decide whether to install the configuration file at c:\usr\local\ssl\openssl.cnf or whether to install it someplace else and use environmental variables (possibly on a per-virtual-host basis) to locate the configuration file. Note that it is possible to override the default path from the script using the configargs of the functions that require a configuration file.

神马情况，你们都是windows吗。

调试易

php的rsa加密问题

解决方案 »