PHP PKI Encryption Technology Detailed code example

PKI is the initial acronym of Public Key Infrastructure, which is the key infrastructure; PKI is a standard technology and specification to use public key cryptography to provide a set of security foundation platform for e-commerce development.

In the Privilege standard, the PKI is defined as an infrastructure that supports public key management and can support authentication, encryption, integrity, and accountability services, in order to differentiate it from the Rights Management infrastructure (Management Infrastructure, or PMI). Compared with the first concept, this concept not only describes the security services that PKI can provide, but also emphasizes that PKI must support public key management. In other words, the use of public key technology alone is not called PKI, also should provide the management of public keys. Because PMI uses only public key technology but does not manage public keys, PMI can be described separately rather than confused with concepts such as public key certificates. A conceptual distinction between the PKI and PMI in the "zero" is a reference to the standard. However, because PMI uses public key technology, the use and establishment of PMI must first have PKI Key management support. In other words, PMI has to bind itself to the PKI. When we combine the two, the Pmi+pki falls completely within the scope of the PKI defined by the standard. According to the definition of the PMI+PKI, the "PKI" can still be called, and PMI can be regarded as a part of PKI.

This article is a detailed analysis of the PKI encryption Technology (OpenSSL) in PHP, which requires a friend's reference

The code is as follows:

<?PHP//PKI encryption//Use PKI encryption need to open the OpenSSL extension//php.ini extension = Php_openssl.dll extended/*pki mode is * Public key encryption, private key decryption; * Private key encryption, public key decryption; */// Private key encryption, public key decryption//client//$data data $data = ' ABCD ';//Get private key $priv _key_id$priv_key_id = Openssl_get_privatekey (file_get_contents (' 99bill-rsa.pem ', R));//Get public key $pub _key_id$pub_key_id = Openssl_get_publickey (file_get_contents (' 99bill-rsa.cer ', R)) ;//$data preferred by SHA1 Hash encryption, and then through the $PRIV_KEY_ID private key encryption, generate signature $signature//$signature is the encrypted signature//openssl_sign () encryption function, as to its decryption method I do not know???????????????????????? ？？？？？？？？？？ Openssl_sign ($data, $signature, $priv _key_id, OPENSSL_ALGO_SHA1);//There are two cryptographic functions, and the two cryptographic functions have a decryption method, know//First: Private key encryption, public key decryption//$ Data to be encrypted, $crypted is the data generated by the encryption, $decrypted is to decrypt the generated data, $data the same as the $decrypted value//$priv_key_id private key encryption, generate $CRYPTED;OPENSSL_ Private_encrypt ($data, $crypted, $priv _key_id); echo $crypted;//Decrypt by $pub_key_id public key, generate $DECRYPTEDOPENSSL_PUBLIC_ Decrypt ($crypted, $decrypted, $pub _key_id);//second: Public key encryption, private key decryption//$data the data to be encrypted, $crypted is the data generated by the encryption, $decrypted is to decrypt the generated data; Data is the same as $decrypted value//encrypted by $pub_key_id Public key, generates $crypted;openssl_public_encrypt ($data, $cryptEd, $pub _key_id);//Decrypt by $priv_key_id private key, Generate $decryptedopenssl_private_decrypt ($crypted, $decrypted, $priv _key_id);// Note, my side of the access to the public key and the private key file is not corresponding//normal situation, get the public key and the private key file is one by one corresponding, here I use fast money. Fast money to the private key generated files, corresponding public key generated files in the fast Money yonder//fast money to the public key generation file, the corresponding private key generation file in the Fast Money Yonder//is missing a public key generation file and a private key generation file//I never found a one by one corresponding private key, public key generation file, If you look for one, send me a copy, thank you. The Openssl_verify () method verifies that the signature is correct (the data generated by the private key encryption is returned and validated with the corresponding public key), only in this case. $signature the public key to encrypt the generated data, $data the original data, successfully returned 1, failed to return 0, error returned -1//$pub _key_id public key openssl_verify ($data, $signature, $pub _key_id) ;//Release the private key or public key Openssl_free_key ($priv _key_id) from memory; Openssl_free_key ($pub _key_id);

generate private key and public key
genrsa-out PRIVATE-RSA.PEM
rsa-in Private-rsa.pem-pubout-out Pubic-rsa.cer