Since http requests are stateless, we don't know who the requester is. So the signature was born. The receiver and the requester negotiated a signature method for verification to gain mutual trust and conduct the next step of business logic exchange.
Among them, the most commonly used signatures are the public key and the private key, using the private key to sign, the public key to verify the signature, or the public key to encrypt and the private key to decrypt.
Regardless of whether it is a public key or a private key, we must format it first. Of course, if you obtain the formatted key, you can ignore this step.
1. Formatting of public and private keys
********************私钥格式化********************/
function formatPriKey($priKey) {
$fKey = "-----BEGIN PRIVATE KEY-----\n";
$len = strlen($priKey);
for($i = 0; $i < $len; ) {
$fKey = $fKey . substr($priKey, $i, 64) . "\n";
$i += 64;
}
$fKey .= "-----END PRIVATE KEY-----";
return $fKey;
}
/********************公钥格式化********************/
function formatPubKey($pubKey) {
$fKey = "-----BEGIN PUBLIC KEY-----\n";
$len = strlen($pubKey);
for($i = 0; $i < $len; ) {
$fKey = $fKey . substr($pubKey, $i, 64) . "\n";
$i += 64;
}
$fKey .= "-----END PUBLIC KEY-----";
return $fKey;
}Formatting means adding suffixes and suffixes, and then wrapping every 64 bits. You can also simply format as follows:
//私钥格式化
$fKey = "-----BEGIN PRIVATE KEY-----\n".chunk_split($public_key, 64,"\n").'-----END PRIVATE KEY-----';
//公钥格式化
$fKey = "-----BEGIN PUBLIC KEY-----\n".chunk_split($public_key, 64,"\n").'-----END PUBLIC KEY-----';2. Private key signature and public key signature verification (SHA1withRSA)
/********************私钥签名********************/
function get_private_sign($sign_str,$private_key,$signature_alg=OPENSSL_ALGO_SHA1){
$private_key = openssl_pkey_get_private(private_key);//加载密钥
openssl_sign($sign_str,$signature,$private_key,$signature_alg);//生成签名
$signature = base64_encode($signature);
openssl_free_key($private_key);
return $signature;
}
/********************公钥验签********************/
function public_verify($sign_str,$sign,$public_key,$signature_alg=OPENSSL_ALGO_SHA1){
$public_key = openssl_get_publickey($public_key);
$verify = openssl_verify($sign_str, base64_decode($sign), $public_key, $signature_alg);
openssl_free_key($public_key);
return $verify==1;//false or true
}$sign_str is the signature string or signature verification string, $sign is the signature, and the public and private keys must be formatted, otherwise they will not be recognized.
3. Public key encryption and private key decryption (SHA1withRSA)
/********************公钥加密********************/
function get_public_sign($sign_str,$public_key,$signature_alg=OPENSSL_ALGO_SHA1){
$public_key = openssl_pkey_get_public($public_key);//加载密钥
openssl_sign($sign_str,$signature,$public_key,$signature_alg);//生成签名
$signature = base64_encode($signature);
openssl_free_key($public);
return $signature;
}
/********************私钥解密********************/
function private_verify($sign_str,$sign,$private_key,$signature_alg=OPENSSL_ALGO_SHA1){
$private_key = openssl_get_privatekey($private_key);
$verify = openssl_verify($sign_str, base64_decode($sign), $private_key, $signature_alg);
openssl_free_key($private_key);
return $verify==1;//false or true
}4. AES (AES/ECB/PKCS5Padding) encryption and decryption
//aes加密
function encrypt($data, $key) {
$data = openssl_encrypt($data, 'aes-128-ecb', base64_decode($key), OPENSSL_RAW_DATA);
return base64_encode($data);
}
//aes解密
function decrypt($data, $key) {
$encrypted = base64_decode($data);
return openssl_decrypt($encrypted, 'aes-128-ecb', base64_decode($key), OPENSSL_RAW_DATA);
}