An example analysis of MD5 combined with RSA to implement signature algorithm in PHP

Source: Internet
Author: User
Tags openssl rsa openssl x509 pkcs12
This article mainly introduces the PHP implementation of the MD5 combined with the RSA signature algorithm, combined with the example form of PHP using MD5 combined with RSA implementation of the signature algorithm related operation skills, and with the RSA public key and private key instructions, the need for friends can refer to the next

This paper describes the PHP implementation of MD5 combined with RSA signature algorithm. Share to everyone for your reference, as follows:


<?phpclass md5rsa{/** * Generate digital signatures with contract data and private key * @param $data pending data * @return String return signature */Public function sign ($d    Ata= ') {if (empty ($data)) {return False; } $private _key = file_get_contents (dirname (__file__).    /rsa_private_key.pem ');      if (Empty ($private _key)) {echo "private key error!";    return False;    } $pkeyid = Openssl_get_privatekey ($private _key);      if (empty ($pkeyid)) {echo "private key resource identifier false!";    return False;    } $verify = Openssl_sign ($data, $signature, $pkeyid, OPENSSL_ALGO_MD5);    Openssl_free_key ($pkeyid);  return $signature; }/** * Validate legitimacy with public and digital signatures and contract data * @param $data data to be verified * @param $signature Digital signature * @return -1:error validation error 1:correct validation successful 0      : Incorrect validation failed */Public function isValid ($data = ', $signature = ') {if (empty ($data) | | empty ($signature)) {    return False; } $public _key = file_get_contents (dirname (__file__).    /rsa_public_key.pem '); if (Empty ($public _key){echo "public Key error!";    return False;    } $pkeyid = Openssl_get_publickey ($public _key);      if (empty ($pkeyid)) {echo "public key resource identifier false!";    return False;    } $ret = Openssl_verify ($data, $signature, $pkeyid, OPENSSL_ALGO_MD5);        Switch ($ret) {case-1: echo "error";      Break Default:echo $ret ==1?    "Correct": "Incorrect";//0:incorrect break;  } return $ret; }}

Attached: OpenSSL generates certificates and obtains public and private key descriptions

First, the RSA way

1. Establish the CA root certificate 1) establish the directory RSA 2) Create the following subdirectory certs, CRL, Newcerts 3) in the RSA directory, do the following:

echo > Serial
Touch Index.txt
OpenSSL req-new-x509-newkey rsa:1024-keyout ca.key-out ca.pem (Generate self-signed CA certificate)

2. Client certificate Request

OpenSSL req-new-newkey rsa:1024-keyout ddmdd_a.key-out ddmdd_a.req (Generate ddmdd_a key and certificate request, note: The user information entered here must be exactly the same as the CA certificate information)
OpenSSL rsa-in ddmdd_a.key-pubout-out ddmdd_a.pub (Export public key)

3. Issuing certificates to customers

OpenSSL ca-keyfile ca.key-cert ca.pem-in ddmdd_a.req-out ddmdd_a.pem-notext (using CA keys and certificates to issue certificates for ddmdd_a Ddmdd_a.pem)
OpenSSL ca-keyfile ca.key-cert ca.pem-in subca_rsareq.pem-out subca.pem-notext (Issue level two CA certificate)

4. Convert the certificate format

OpenSSL x509-inform pem-outform der-in ddmdd_a.pem-out ddmdd_a.der
OpenSSL pkcs12-export-in Ddmdd_a.pem-inkey ddmdd_a_rsakey.pem-out ddmdd_a.pfx
OpenSSL pkcs12-in ddmdd_a.pfx-out Ddmdd_a.pem
OpenSSL rsa-in ddmdd_a.key-out ddmdd_a_open.key (remove private key password)

5. Generate a certificate revocation List

echo > Crlnumber
OpenSSL ca-keyfile Ca.key-cert ca.pem-revoke DDMDD_A.PEM (Revoke certificate from CA DDMDD_A.PEM)
OpenSSL ca-gencrl-keyfile ca.key-cert ca.pem-out ca.crl (Generate or update certificate revocation list)

6. View certificate Information

OpenSSL x509-in Ca.pem-noout–text

Second, the mode of DSA

1. Establish the CA root certificate 1) set up directory DSA 2) Create the following subdirectory certs, CRL, Newcerts 3) in the DSA directory, do the following:

echo > Serial
Touch Index.txt
OpenSSL dsaparam-out Ca.para 1024 (Generate DSA parameter file)
OpenSSL req-new-x509-newkey dsa:ca.para-keyout ca.key-out Ca.pem (generates a self-signed CA certificate using the DSA parameter)

2. Client certificate Request

OpenSSL dsaparam-out Ddmdd_b.para 1024 (Generate DSA parameter file)
OpenSSL req-new-newkey dsa:ddmdd_b.para-keyout ddmdd_b.key-out ddmdd_b.req (using the DSA parameter to generate DDMDD_B keys and certificate requests, note: The user information that is filled in here must be exactly the same as the CA certificate information)
OpenSSL dsa-in ddmdd_b.key-pubout-out ddmdd_b.pub (Export public key)

3. Issuing certificates to customers

OpenSSL ca-keyfile ca.key-cert ca.pem-in ddmdd_b.req-out ddmdd_b.pem-notext (using CA keys and certificates to issue certificates for Ddmdd_b Ddmdd_b.pem)

Third, get the public and private keys

A) with the above method of generating the certificate, you can obtain the public key and the private key by command.

To export the public key:

DSA mode:OpenSSL dsa-in ddmdd_b.key-pubout-out Ddmdd_b.pub.pem

RSA mode:OpenSSL rsa-in ddmdd_a.key-pubout-out Ddmdd_a.pub.pem

To export the private key:

OpenSSL rsa-in server.key-text > Private.pem

b) generate the public and private keys directly:

OpenSSL genrsa-out Private.pem 1024
OpenSSL pkcs8-nocrypt-topk8-in private.pem-out Pkcs8.pem
OpenSSL rsa-pubout-in Private.pem Public.pem

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.