<?php class encrypt{ var $pub_key; function redPukey() { $pubKey = "MIIDhzCCAm+gAwIBAgIGASYISh96MA0GCSqGSIb3DQEBBQUAMF8xCzAJBgNVBAYTAkNOMSkwJwYDVQQKDCBBbGxpbnBheSBOZXR3b3JrIFNlcnZpY2VzIENvLkx0ZDElMCMGA1UECwwcQWxsaW5wYXkgUHJpbWFyeSBDZXJ0aWZpY2F0ZTAeFw0xMDAxMDcxMDE3NDBaFw0zMDAxMDIxMDE3NDBaMGQxCzAJBgNVBAYTAkNOMSkwJwYDVQQKDCBBbGxpbnBheSBOZXR3b3JrIFNlcnZpY2VzIENvLkx0ZDEqMCgGA1UECwwhQWxsaW5wYXkgRGlnaXRhbCBTaWduIENlcnRpZmljYXRlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDEv2q2/xN5PF0dLn1vhIaVlyWsvJFVFxWgH7sQBObzYbZXOOVzoQpmXuSFOrF0/ol4Okd/2OGfdXUUFSUZfzAQOT1Wmjupec7z2V6l4/PT7aOg6t/MJwU9aW9Iw+AFzM1vnLOXdTlWVLZbtB7IiJ/HhfwBDkyvhp1zNYoAPrwC5QIDAQABo4HHMIHEMB0GA1UdDgQWBBQlWQA//YbuEdfE1yP+PpnokDO8WDCBjgYDVR0jBIGGMIGDgBSBWR3Bvx8To7TrecKhCM4smeabN6FjpGEwXzELMAkGA1UEBhMCQ04xKTAnBgNVBAoMIEFsbGlucGF5IE5ldHdvcmsgU2VydmljZXMgQ28uTHRkMSUwIwYDVQQLDBxBbGxpbnBheSBQcmltYXJ5IENlcnRpZmljYXRlggYBJghKHowwEgYDVR0TAQH/BAgwBgEB/wIBADANBgkqhkiG9w0BAQUFAAOCAQEATzT9GuAmAXLSWpoGc0F7Km7DPMWvSAkq8ckJLftF0/lB3JTR6QT5rsTnQHCdRU7SJX+eLNwhJQdRg34dPJAI2z/HpgGu7tW7pdsHjCjlVae3I64h2OzYBGXdtdRyPmyXfBOgXUfqtH0Fg+1QqsRmcRugywjZH8ZQAVYm0TkVJmdBknPp60bJ2gE/nj0w6VaSL6HMAQ+A7AVne3NDreBXepMHgiFqiqMHrZFBQCgTSR1UwZoT8hwXaaUgwf2h9l/D2QOGCD8G3sRKfMsH3clkehXbprWPNk3uww7dCT0pGz845AyKzCmRK60Z/NOgMG5X+f+JmugsS/bKYwjetXHg9Q=="; $pem = chunk_split($pubKey,64,"\n");//轉換為pem格式的公鑰 $pem = "-----BEGIN CERTIFICATE-----\n".$pem."-----END CERTIFICATE-----\n"; $publicKey = openssl_pkey_get_public($pem); //$certificateCAcerContent = file_get_contents("../cer/cert_usercenter/TLCert4Sign_test.cer"); //$pub_key = openssl_get_publickey($certificateCAcerContent); //return $pub_key; return $publicKey; } /* 簽名數據: data:utf-8編碼的訂單原文, privatekeyFile:私鑰路徑 passphrase:私鑰password 返回:base64轉碼的簽名數據 */ function sign($data) { //證書路徑 $privatekeyFile="../cer/testMemberKey.pfx"; //證書私鑰 $passphrase="testMemberKey"; $signature = ''; $privateKey; $signedMsg; $pkcs12 = file_get_contents($privatekeyFile); if (openssl_pkcs12_read($pkcs12, $certs, "testMemberKey")) { $privateKey = $certs['pkey']; } if (openssl_sign($data, $signedMsg, $privateKey,OPENSSL_ALGO_SHA1)) { $signedMsg= strtoupper(bin2hex($signedMsg));//這個看情況。有些不須要轉換成16進制,有些須要base64編碼。
看各個接口 return $signedMsg; } // $privatekey = openssl_pkey_get_private(file_get_contents($privatekeyFile),$passphrase); // $res=openssl_get_privatekey($privatekey); //openssl_sign($data, $signature, $res); // openssl_free_key($res); // return base64_encode($signature); return $privateKey; } function pubkeyEncrypt($data,$panText,$pubkey){ openssl_public_encrypt($data,$panText,$pubkey,OPENSSL_PKCS1_PADDING); return strtoupper(bin2hex($panText)); } function getBytes($string) { $bytes = array(); for($i = 0; $i < strlen($string); $i++){ $bytes[] = ord($string[$i]); } return $bytes; } } ?>
<?php require_once("encrypt.php"); $dateEncrypt=new encrypt(); $pukey=$dateEncrypt->redPukey(); //公鑰加密 $userName= $dateEncrypt->pubkeyEncrypt("測試數據",$userName,$pukey); echo $userName; //私鑰加密 $signBytes=$dateEncrypt->sign($signSrc); echo $signBytes; ?>
參考php 手冊—>函數拓展—>加密拓展
php RSA 加密 加密結果每次都會不一樣,這是正確的。 跟java 有差別。java 結果不會變。可是java 能解出來。
證書都須要轉換下 pem 格式才干使用。
java 部分
package com.allinpay.common.util;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
public class CertSignUtil {
/**
* 測試方法 從keystore中獲得公私鑰對
*
* @param filePath
* keystore文件路徑
* @param keyStorePassword
* keystore password
* @param masterPassword
* 私鑰主password。能夠和keystorepassword同樣也可不同
* @param alias
* 密鑰對別名
*/
public static KeyPair getKeyFromKeyStore(String filePath,
String keyStorePassword, String masterPassword, String alias) {
KeyPair keyPair = null;
try {
KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
keyStore.load(new FileInputStream(filePath),
keyStorePassword.toCharArray());
Key key = keyStore.getKey(alias, masterPassword.toCharArray());
// 也能夠從keyStore中直接讀公鑰證書,無須通過私鑰轉換
// Certificate cert = keyStore.getCertificate(alias);
// PublicKey pubKey = cert.getPublicKey();
if (key instanceof PrivateKey) {
Certificate cert = keyStore.getCertificate(alias);
keyPair = new KeyPair(cert.getPublicKey(), (PrivateKey) key);
}
PrivateKey privateKey = keyPair.getPrivate();
PublicKey publicKey = keyPair.getPublic();
} catch (KeyStoreException e) {
e.printStackTrace();
} catch (CertificateException e) {
e.printStackTrace();
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
} catch (UnrecoverableKeyException e) {
e.printStackTrace();
}
return keyPair;
}
/**
* 使用私鑰證書簽名
*
* @param priKey
* 私鑰對象
* @param plainText
* 明文文本的字節數組
* @param encAlg
* 加密算法
* @param signAlg
* 簽名算法
* @return 加密后的密文串
*
* @see verifyByPubKey
*/
public static byte[] signByPriKey(Key priKey, byte[] srcBytes,
String signAlg) {
// 簽名
byte[] signBytes = null;
try {
Signature sign = Signature.getInstance(signAlg,
new BouncyCastleProvider());
sign.initSign((PrivateKey) priKey);
sign.update(srcBytes);
signBytes = sign.sign();
} catch (NoSuchAlgorithmException e) {
// LoggerUtil.error("私鑰簽名 - 無效算法:");
} catch (InvalidKeyException e) {
// LoggerUtil.error("私鑰簽名 - 無效的密鑰:");
} catch (SignatureException e) {
// LoggerUtil.error("私鑰簽名 - 簽名異常:");
}
return signBytes;
}
/**
* Byte數組轉十六進制字符串,字節間不用空格分隔
*
* @param b
* @return
*/
public static String bytes2HexString(byte[] b) {
String ret = "";
for (int i = 0; i < b.length; i++) {
String hex = Integer.toHexString(b[i] & 0xFF);
if (hex.length() == 1) {
hex = '0' + hex;
}
ret += hex.toUpperCase();
}
return ret;
}
/**
* 將指定字符串src,以每兩個字符切割轉換為16進制形式 如:"2B44EFD9" --> byte[]{0x2B, 0x44, 0xEF,
* 0xD9}
*
* @param src
* String格式字符串
* @return byte[]
*/
public static byte[] hexString2Bytes(String src) {
if (src.length() % 2 != 0) {
src = src + "0";
}
byte[] ret = new byte[src.length() / 2];
byte[] tmp = src.getBytes();
for (int i = 0; i < (src.length() / 2); i++) {
ret[i] = uniteBytes(tmp[i * 2], tmp[i * 2 + 1]);
}
return ret;
}
/**
* 將兩個ASCII字符合成一個字節。 如:"EF"--> 0xEF
*
* @param src0
* byte
* @param src1
* byte
* @return byte
*/
public static byte uniteBytes(byte src0, byte src1) {
byte _b0 = Byte.decode("0x" + new String(new byte[] { src0 }))
.byteValue();
_b0 = (byte) (_b0 << 4);// 左移4bit。變成8位里的高4位
byte _b1 = Byte.decode("0x" + new String(new byte[] { src1 }))
.byteValue();// 不左移。保持在低4位
byte ret = (byte) (_b0 ^ _b1);// 按位異或就可以
return ret;
}
/**
* 使用公鑰驗證簽名
*
* @param pubKey
* 公鑰
* @param srcBytes
* 簽名原串字節數組
* @param signBytes
* 簽名串字節數組
* @param signAlg
* 簽名算法
* @return 驗簽結果 true = 成功 false = 不成功
*
* @see signByPriKey
*/
public static boolean verifyByPubKey(Key pubKey, byte[] srcBytes,
byte[] signBytes, String signAlg) {
boolean result = false;
try {
Signature sign = Signature.getInstance(signAlg,
new BouncyCastleProvider());
sign.initVerify((PublicKey) pubKey);
sign.update(srcBytes);
result = sign.verify(signBytes);
} catch (NoSuchAlgorithmException e) {
// LoggerUtil.error("公鑰驗簽 - 無效算法:");
} catch (InvalidKeyException e) {
// LoggerUtil.error("公鑰驗簽 - 無效的密鑰:");
} catch (SignatureException e) {
// LoggerUtil.error("公鑰驗簽 - 簽名異常:");
}
return result;
}
/**
* 從證書文件讀取公鑰
*
* @param certFilePath
* 公鑰證書路徑
* @return 公鑰
*/
public static Key getPubKeyFromCertFile(String certFilePath) {
PublicKey key = null;
try {
CertificateFactory factory = CertificateFactory
.getInstance("X.509");
FileInputStream fis = new FileInputStream(certFilePath);
X509Certificate cert = (X509Certificate) factory
.generateCertificate(fis);
key = cert.getPublicKey();
} catch (FileNotFoundException e) {
// LoggerUtil.error("從證書文件讀取公鑰 - 證書文件不存在:");
// LoggerUtil.error(e);
} catch (CertificateException e) {
// LoggerUtil.error("從證書文件讀取公鑰 - 密鑰讀取異常:");
// LoggerUtil.error(e);
}
return key;
}
// /**
// * 通過商戶公鑰證書驗簽
// * @param certStr 證書信息,如certStyle = 1 則certStr即為證書base64內容,如certStyle=0
// 則certStr即為證書保存路徑
// * @param certStyle 證書獲取格式 1為從DB獲取base64編碼的證書文本。 2為從指定路徑取證書文件
// * @param srcMsg 簽名源串
// * @param signMsg 簽名串
// * @return
// */
// public static boolean verifyByCert(String certStr, int certStyle, String
// srcMsg, String signMsg){
//
//
// if(certStyle == 0){
// try{
// return verifyByPubKey(
// getPubKeyFromStr(certStr),
// srcMsg.getBytes("UTF-8"),
// hexString2Bytes(signMsg),
// SecurityUtil.MCHT_SIGN_ALG);
// }catch(Exception e){
// LoggerUtil.error(e);
// return false;
// }
//
// }else{
// LoggerUtil.error("參數中指定了非法的證書存儲格式");
// return false;
// }
//
// }
/**
* 使用公鑰加密
*
* @param pubKey
* 公鑰對象
* @param plainText
* 明文文本的字節數組
* @param encAlg
* 加密算法
* @return 加密后的密文串
*
* @see decByPriKey
*/
public static byte[] encByPubKey(Key pubKey, byte[] plainText, String encAlg) {
// 加密
byte[] encBytes = null;
try {
Cipher cipher = Cipher.getInstance(encAlg,
new BouncyCastleProvider());
cipher.init(Cipher.ENCRYPT_MODE, pubKey);
encBytes = cipher.doFinal(plainText);
} catch (NoSuchAlgorithmException e) {
// LoggerUtil.error("公鑰加密 - 無效算法:");
} catch (InvalidKeyException e) {
// LoggerUtil.error("公鑰加密 - 無效密鑰:");
} catch (IllegalBlockSizeException e) {
// LoggerUtil.error("公鑰加密 - 非法的分塊大小:");
} catch (NoSuchPaddingException e) {
// LoggerUtil.error("公鑰加密 - 錯誤的填充格式:");
} catch (BadPaddingException e) {
// LoggerUtil.error("公鑰加密 - 填充異常:");
}
return encBytes;
}
}
package com.allinpay.user;
import java.security.Key;
import java.security.KeyPair;
import com.allinpay.common.util.CertSignUtil;
import com.allinpay.common.util.Constants;
public class test {
public static void main(String[] args) {
KeyPair kp = CertSignUtil
.getKeyFromKeyStore("testMemberKey.keystore", "testMemberKey", "testMemberKey", "testMemberKey");
Key pubKey = CertSignUtil.getPubKeyFromCertFile("TLCert4Sign_test.cer");
System.out.println(pubKey);
byte[] encBytes = CertSignUtil.encByPubKey(pubKey, "測試數據".getBytes(), "RSA");
// System.out.println("aaaaaa" + new String(encBytes));
byte[] aaa = CertSignUtil.signByPriKey(kp.getPrivate(), "測試數據".getBytes(), Constants.SHA1_WITH_RSA);
System.out.println(aaa);
String signMsg = CertSignUtil.bytes2HexString(aaa);
System.out.println(signMsg);
byte[] encByte = CertSignUtil.encByPubKey(pubKey, "測試數據".getBytes(), "RSA");
String signMsg1 = CertSignUtil.bytes2HexString(encByte);
System.out.println(signMsg1);
}
}
java RSA 默認的補碼方式是 OPENSSL_PKCS1_PADDING 所以須要跟上面 php 代碼部分一致。