<?PHP//PKI encryption//Use PKI encryption need to open the OpenSSL extension//php.ini extension = Php_openssl.dll extended/*pki mode is * Public key encryption, private key decryption; * Private key encryption, public key decryption; */// Private key encryption, public key decryption//client//$data data $data = ' ABCD ';//Get private key $priv _key_id$priv_key_id = Openssl_get_privatekey (file_get_contents (' 99bill-rsa.pem ', R));//Get public key $pub _key_id$pub_key_id = Openssl_get_publickey (file_get_contents (' 99bill-rsa.cer ', R)) ;//$data preferred by SHA1 Hash encryption, and then through the $PRIV_KEY_ID private key encryption, generate signature $signature//$signature is the encrypted signature//openssl_sign () encryption function, as to its decryption method I do not know???????????????????????? ?????????? Openssl_sign ($data, $signature, $priv _key_id, OPENSSL_ALGO_SHA1);//There are two cryptographic functions, and the two cryptographic functions have a decryption method, know//First: Private key encryption, public key decryption//$ Data to be encrypted, $crypted is the data generated by the encryption, $decrypted is to decrypt the generated data, $data the same as the $decrypted value//$priv_key_id private key encryption, generate $CRYPTED;OPENSSL_ Private_encrypt ($data, $crypted, $priv _key_id); echo $crypted;//Decrypt by $pub_key_id public key, generate $DECRYPTEDOPENSSL_PUBLIC_ Decrypt ($crypted, $decrypted, $pub _key_id);//second: Public key encryption, private key decryption//$data the data to be encrypted, $crypted is the data generated by the encryption, $decrypted is to decrypt the generated data; Data is the same as $decrypted value//encrypted by $pub_key_id Public key, generates $crypted;openssl_public_encrypt ($data, $cryptEd, $pub _key_id);//Decrypt by $priv_key_id private key, Generate $decryptedopenssl_private_decrypt ($crypted, $decrypted, $priv _key_id);// Note, my side of the access to the public key and the private key file is not corresponding//normal situation, get the public key and the private key file is one by one corresponding, here I use fast money. Fast money to the private key generated files, corresponding public key generated files in the fast Money yonder//fast money to the public key generation file, the corresponding private key generation file in the Fast Money Yonder//is missing a public key generation file and a private key generation file//I never found a one by one corresponding private key, public key generation file, If you look for one, send me a copy, thank you. The Openssl_verify () method verifies that the signature is correct (the data generated by the private key encryption is returned and validated with the corresponding public key), only in this case. $signature the public key to encrypt the generated data, $data the original data, successfully returned 1, failed to return 0, error returned -1//$pub _key_id public key openssl_verify ($data, $signature, $pub _key_id) ;//Release the private key or public key Openssl_free_key ($priv _key_id) from memory; Openssl_free_key ($pub _key_id);
Generate private key and public key
Genrsa-out PRIVATE-RSA.PEM
rsa-in private-rsa.pem-pubout-out pubic-rsa.cer