PHP PKI encryption Technology (OpenSSL) detailed

This article is a PHP in the PKI encryption Technology (OpenSSL) for a detailed analysis of the introduction, the need for a friend reference copy code code as follows:


<?php


//PKI Encryption
//Use PKI encryption to open OpenSSL extensions


//php.ini extension = php_openssl.dll extension


/*pki mode is


* Public key encryption, private key decryption;


* Private key encryption, public key decryption;


*/


//private key encryption, public key decryption


//Client


//$data data


$data = ' ABCD ';


//Get private key $priv _key_id


$priv _key_id = Openssl_get_privatekey (file_get_contents (' 99bill-rsa.pem ', r));


//Get public key $pub _key_id


$pub _key_id = Openssl_get_publickey (file_get_contents (' 99bill-rsa.cer ', r));


//$data preferred through SHA1 hash encryption and then encrypted by $priv_key_id private key to generate signature $signature


//$signature is the encrypted signature


//openssl_sign () encryption function, as for its decryption method I do not know????????????????????????????????????


openssl_sign ($data, $signature, $priv _key_id, OPENSSL_ALGO_SHA1);


There are also two cryptographic functions, and these two cryptographic functions have the decryption method, know


//First: Private key encryption, public key decryption
//$data The data to be encrypted, $crypted encrypt the generated data, $decrypted decrypt the generated data, $data the same as the $decrypted value


///through $PRIV_KEY_ID private key encryption, generate $crypted;


Openssl_private_encrypt ($data, $crypted, $priv _key_id);


Echo $crypted;


//decrypted by $pub_key_id public key to generate $decrypted


Openssl_public_decrypt ($crypted, $decrypted, $pub _key_id);


//second: Public key encryption, private key decryption
//$data The data to be encrypted, $crypted encrypt the generated data, $decrypted decrypt the generated data, $data the same as the $decrypted value


///By $PUB_KEY_ID public key encryption, generate $crypted;


Openssl_public_encrypt ($data, $crypted, $pub _key_id);


//decrypted by $priv_key_id private key to generate $decrypted


Openssl_private_decrypt ($crypted, $decrypted, $priv _key_id);


//Note that my side of the file to get the public key and private key is not corresponding


//Normal, get the public key and private key file is one by one corresponding, here I use the fast money.


//Quick money gives the private key generate file, corresponding public key generate file on the quick Money side


//Quick Money gives the public key to generate the file, the corresponding private key generates the file on the quick Money side


That is, a public key generation file and a private key generation file are missing


//I never found a one by one corresponding private key, public key generated file, if you find a send me, thank you.

The
//Openssl_verify () method verifies that the signature is correct (the data generated by the private key encryption is returned and validated with the corresponding public key).


//$signature Public key encryption generated data, $data raw data, successfully returned 1, failed to return 0, error return-1


//$pub _key_id public key


openssl_verify ($data, $signature, $pub _key_id);


//Releases the private key or public key from memory


Openssl_free_key ($priv _key_id);


Openssl_free_key ($pub _key_id);

generate private and public key
genrsa-out Private-rsa.pem
Rsa-in Private-rsa.pem-pubout-out Pubic-rsa.cer