1.生成私鑰
-- 生成 RSA 私鑰(傳統格式的)
openssl genrsa -out rsa_private_key.pem 1024
-- 將傳統格式的私鑰轉換成 PKCS#8 格式的(JAVA需要使用的私鑰需要經過PKCS#8編碼,PHP程序不需要,可以直接略過)
openssl pkcs8 -topk8 -inform PEM -in rsa_private_key.pem -outform PEM -nocrypt
2.生成公鑰
-- 生成 RSA 公鑰(php和java都用轉換前私鑰生成公鑰)
openssl rsa -in rsa_private_key.pem -pubout -out rsa_public_key.pem
3.OpenSSL私鑰生成簽名
//獲取私鑰資源
$re = openssl_get_privatekey($privateKeyFilePath);
//生成簽名
openssl_sign($data, $sign, $re);
//base64_encode防止亂碼
$sign = base64_encode($sign);
4.OpenSSL公鑰驗簽
$re = openssl_get_publickey($publicKeyFilePath);
$result = openssl_verify($data, $sign, $re);
5.說明
*OpenSSL是帶頭和帶尾的,有時候我獲取到的可能是不帶頭不帶尾的一行字符串,這時候如果想生成一個pem格式的文件自己需要給字符串前后添加頭尾,以下給一個標准的pem公鑰和私鑰格式,如下:
//公鑰
-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDDI6d306Q8fIfCOaTXyiUeJHkrIvYISRcc73s3vF1ZT7XN8RNPwJxo8pWaJMmvyTn9N4HQ632qJBVHf8sxHi/fEsraprwCtzvzQETrNRwVxLO5jVmRGi60j8Ue1efIlzPXV9je9mkjzOmdssymZkh2QhUrCmZYI/FCEa3/cNMW0QIDAQAB
-----END PUBLIC KEY-----
//私鑰
-----BEGIN RSA PRIVATE KEY-----
MIICXQIBAAKBgQC+L0rfjLl3neHleNMOsYTW8r0QXZ5RVb2p/vvY3fJNNugvJ7lo4+fdBz+LN4mDxTz4MTOhi5e2yeAqx+v3nKpNmPzC5LmDjhHZURhwbqFtIpZD51mOfno2c3MDwlrsVi6mTypbNu4uaQzw/TOpwufSLWF7k6p2pLoVmmqJzQiD0QIDAQABAoGAakB1risquv9D4zX7hCv9MTFwGyKSfpJOYhkIjwKAik7wrNeeqFEbisqv35FpjGq3Q1oJpGkem4pxaLVEyZOHONefZ9MGVChT/MNH5b0FJYWl392RZy8KCdq376Vt4gKVlABvaV1DkapL+nLh7LMo/bENudARsxD55IGObMU19lkCQQDwHmzWPMHfc3kdY6AqiLrOss+MVIAhQqZOHhDe0aW2gZtwiWeYK1wB/fRxJ5esk1sScOWgzvCN/oGJLhU3kipHAkEAysNoSdG2oWADxlIt4W9kUiiiqNgimHGMHPwp4JMxupHMTm7D9XtGUIiDijZxunHv3kvktNfWj3Yji0661zHVJwJBAM8TDf077F4NsVc9AXVs8N0sq3xzqwQD/HPFzfq6hdR8tVY5yRMb4X7+SX4EDPORKKsgnYcur5lk8MUi7r072iUCQQC8xQvUne+fcdpRyrR4StJlQvucogwjTKMbYRBDygXkIlTJOIorgudFlrKP/HwJDoY4uQNl8gQJb/1LdrKwIe7FAkBl0TNtfodGrDXBHwBgtN/t3pyi+sz7OpJdUklKE7zMSBuLd1E3O4JMzvWP9wEE7JDb+brjgK4/cxxUHUTkk592
-----END RSA PRIVATE KEY-----