According to online information, RSA encryption algorithm is an asymmetric encryption algorithm. In public-key encryption and RSA are widely used in electronic commerce. RSA 1977 by the Ronald Rivest (RON RIVEST), Adi Shamir (ADI SHAMIR) and Leonard Adleman (LEONARD ADLEMAN) presented together. At that time the three of them are working at MIT. RSA is the three of them last names beginning with the letter composed pieces together.
Work often arise that require encryption and decryption of sensitive data, such as your current financial companies involved in the transaction data to the user, the user identity verification. This uses RSA encryption algorithm about the user's identity. php used here openss agreement.
Asymmetric encryption that is required public key to decrypt the encrypted private key; public key encryption required to decrypt the private key; public and private keys are paired public key can be distributed to the employer, the private key can only be reserved server.
The following is example code decryption portion openssl plus php implemented:
Server ## is centos7## obtained according to the private key corresponding public
## first determines whether openssl installed server protocol (the command does not execute the install -Y openssl-devel yum): [@ iz2vcf47jzvf8dxrapolf7z the root Test] Version # openssl the OpenSSL 1.0 .2k FIPS- 26 is Jan 2017 [the root iz2vcf47jzvf8dxrapolf7z the Test @] # # generate a private key file rsa_private_key.pem file [root @ iz2vcf47jzvf8dxrapolf7z the Test] # OpenSSL genrsa -out rsa_private_key.pem 1024 generating RSA Private Key, 1024 bit Long the Veritas ™ ............ ...................................... ++++++ ...... .................................................. ................ ++++++ E IS 65537 (0x10001 )
## PKCS8 converted into private mode (each mode for attachment end of the text)
[the root @ iz2vcf47jzvf8dxrapolf7z Test] # OpenSSL PKCS8 -topk8 -inform the PEM -IN rsa_private_key.pem -outform the PEM -nocrypt -out private_key.pem
## private print key file [@ iz2vcf47jzvf8dxrapolf7z the root Test] # CAT rsa_private_key.pem ----- ----- the BEGIN the RSA PRIVATE kEY MIICXQIBAAKBgQCh13gUKZWQlx7cuYQvY1A6JuJjArMax8yHcTrtcL + kpa5Cg6mD 609QNiTacuJxmh7Q / W + 1Lw / cuWN0Q7s3s4WzJET6YCi3fH4zqVmpqWIcKWC / hE3p VV3lJsBvMpoz2bFn1eRwVtmSp4dVAqe542YvbZ13VGheEvkKi5uqWyhY1wIDAQAB AoGAIYSjjOFz5Wc28BXH55yU8AY / mqvjdidtF5v + zVAtkKbzqTjlcbnZSk58YXWr qkV2HmjE0wx1J4yJqXmhm46loLkIpWdQfzRyFFnK3xmo9Lc6jXbIrKmFYyN7FTqT 5cADvrTJ2jO9BlDG0ddTp7pl6dRi00jkrTRU3mgxZZ1kOWkCQQDRZZl9LKs+lz0v kOEKGuhjfHpFYpjce/mg0XfOZuFIqYXdm/nO1nx/KAr+xtUhiqkRzdxADOA0Nrxg alCtT1NbAkEAxdxotvcFYKOFES1aOAg35mv7Inlnjelbj1Jx0wtGRVUV/0nvMVKf TLInECD2mUaE00OWjuXanAI2FQQWbML1NQJBAL/AGDRGaXJhsIgUVd+ZEGG6JYXQ akbNyKR57Qo3r+mIQ6vSH4pHY65VjuwMTDPw9C33o8+LeuyVix+He+WZFK0CQQDA Gb+9LFYXPou6Yqr+TdRgLiSUkwScfp27qBMFESQ3umVyB8lovMwXPby5ZxelNxdM uolZ0gaOg4MYonBXRm2lAkAEOjH32XMSTB+HI+lQrLCFiumyRjHpgbRgTcyUQolY fjR63M0E/rzVIneKPqLP+ySOYLFcO3bjuMa75CQic8PF -----END RSA PRIVATE KEY-----
[@ iz2vcf47jzvf8dxrapolf7z the root Test] # OpenSSL RSA -IN rsa_private_key.pem -pubout -out rsa_public_key.pem
Writing the RSA Key
[@ iz2vcf47jzvf8dxrapolf7z the root Test] rsa_public_key.pem CAT #
----- the PUBLIC KEY ----- the BEGIN
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCh13gUKZWQlx7cuYQvY1A6JuJj
ArMax8yHcTrtcL kpa5Cg6mD609QNiTacuJxmh7Q + / + 1Lw W / cuWN0Q7s3s4WzJET6
YCi3fH4zqVmpqWIcKWC / hE3pVV3lJsBvMpoz2bFn1eRwVtmSp4dVAqe542YvbZ13
VGheEvkKi5uqWyhY1wIDAQAB
----- ----- the END the PUBLIC KEY
[root @ iz2vcf47jzvf8dxrapolf7z the Test] # CAT openssl.php
<?
/**
* 私钥加密/公钥解密
*
* @param $str string 待加解密字符串
* @param $isEncrypt boolean
* return string|null
*/
function opensslPrivateEncrypt($str, $isEncrypt = true)
{
if($isEncrypt){
$privateKey = file_get_contents('./rsa_private_key.pem');
$privateKey = openssl_pkey_get_private($privateKey);
return openssl_private_encrypt($str, $encryptedStr, $privateKey)
? base64_encode($encryptedStr) : null;
}else{
$publicKey = file_get_contents('./rsa_public_key.pem');
$publicKey = openssl_pkey_get_public($publicKey);
return (openssl_public_decrypt(base64_decode($str), $decryptedStr, $publicKey))
? $decryptedStr : null;
}
}
/**
* 公钥加密/私钥解密
*
* @param $str string 待加解密字符串
* @param $isEncrypt boolean
* return string|null
*/
function opensslPublicEncrypt($str , $isEncrypt = true)
{
if($isEncrypt){
$publicKey = file_get_contents('./rsa_public_key.pem');
$publicKey = openssl_pkey_get_public($publicKey);
return openssl_public_encrypt($str, $encryptedStr, $publicKey)
? base64_encode($encryptedStr) : null;
}else{
$privateKey = file_get_contents('./rsa_private_key.pem');
$privateKey = openssl_pkey_get_private($privateKey);
return (openssl_private_decrypt(base64_decode($str), $decryptedStr, $privateKey))
? $decryptedStr : null;
}
}
$config = array();
$config['title'] = 'PHP is the best program language.';
$config['comment'] = 'PHPERS are great people.';
$privateEncrypt = opensslPrivateEncrypt(json_encode($config));
echo("##privateEncrypt is:" . PHP_EOL);
echo($privateEncrypt . PHP_EOL);
$privateDecrypt = opensslPrivateEncrypt($privateEncrypt, false);
echo("##privateDecrypt is:" . PHP_EOL);
echo($privateDecrypt . PHP_EOL);
$publicEncrypt = opensslPublicEncrypt(json_encode($config));
echo("##publicEncrypt is:" . PHP_EOL);
echo($publicEncrypt . PHP_EOL);
$publicDecrypt = opensslPublicEncrypt($publicEncrypt, false);
echo("##publicDecrypt is:" . PHP_EOL);
echo($publicDecrypt . PHP_EOL);
##执行脚本
[root@iz2vcf47jzvf8dxrapolf7z test]# php openssl.php
##privateEncrypt is:
mLrLIAwbwlE69Yj5/lnNw1t8qSjhnFa+96s/kSMYweAn/HEsV7jfVAJ6mn/FY2DRRWkKeOnguUYsRcFTBcS1ieG7UtqbUAASXA5dwVgtTrFoDcDhHMl7p90+dIO8n+vMoBx1kkUegpvtH03y3MgUVSj/BLkLE8jrFXyjGufIcv0=
##privateDecrypt is:
{"title":"PHP is the best program language.","comment":"PHPERS are great people."}
##publicEncrypt is:
NW2k5m2pKrZmEMSHXiK7mfyC+yDjH1+b6TrEMPv+ywBfsUlo2P8eWwcXOQxvsV4UG87a1S4Xa2QySntdEwhpYoim97457ODVVCb6jx+cqqdWJ1wlLS+gx7FJxw7Z0kMPmCm5iMcQwWPK+UzF+dpc/gJFa9uGAAmYczUumOauAx0=
##publicDecrypt is:
{"title":"PHP is the best program language.","comment":"PHPERS are great people."}
pkcs标准:
| PKCS标准汇总 | |||
|---|---|---|---|
| 版本 | 名称 | 简介 | |
| PKCS #1 | 2.1 | RSA密码编译标准(RSA Cryptography Standard) | 定义了RSA的数理基础、公/私钥格式,以及加/解密、签/验章的流程。1.5版本曾经遭到攻击。 |
| PKCS #2 | - | 撤销 | 原本是用以规范RSA加密摘要的转换方式,现已被纳入PKCS#1之中。 |
| PKCS #3 | 1.4 | DH密钥协议标准(Diffie-Hellman key agreement Standard) | 规范以DH密钥协议为基础的密钥协议标准。其功能,可以让两方通过金议协议,拟定一把会议密钥(Session key)。 |
| PKCS #4 | - | 撤销 | 原本用以规范转换RSA密钥的流程。已被纳入PKCS#1之中。 |
| PKCS #5 | 2.0 | 密码基植加密标准(Password-based Encryption Standard) | 参见RFC 2898与PBKDF2。 |
| PKCS #6 | 1.5 | 证书扩展语法标准(Extended-Certificate Syntax Standard) | 将原本X.509的证书格式标准加以扩充。 |
| PKCS #7 | 1.5 | 密码消息语法标准(Cryptographic Message Syntax Standard) | 参见RFC 2315。规范了以公开密钥基础设施(PKI)所产生之签名/密文之格式。其目的一样是为了拓展数字证书的应用。其中,包含了S/MIME与CMS。 |
| PKCS #8 | 1.2 | 私钥消息表示标准(Private-Key Information Syntax Standard). | Apache读取证书私钥的标准。 |
| PKCS #9 | 2.0 | 选择属性格式(Selected Attribute Types) | 定义PKCS#6、7、8、10的选择属性格式。 |
| PKCS #10 | 1.7 | 证书申请标准(Certification Request Standard) | 参见RFC 2986。规范了向证书中心申请证书之CSR(certificate signing request)的格式。 |
| PKCS #11 | 2.20 | 密码设备标准接口(Cryptographic Token Interface (Cryptoki)) | 定义了密码设备的应用程序接口(API)之规格。 |
| PKCS #12 | 1.0 | 个人消息交换标准(Personal Information Exchange Syntax Standard) | 定义了包含私钥与公钥证书(public key certificate)的文件格式。私钥采密码(password)保护。常见的PFX就履行了PKCS#12。 |
| PKCS #13 | – | 椭圆曲线密码学标准(Elliptic curve cryptography Standard) | 制定中。规范以椭圆曲线密码学为基础所发展之密码技术应用。椭圆曲线密码学是新的密码学技术,其强度与效率皆比现行以指数运算为基础之密码学算法来的优秀。然而,该算法的应用尚不普及。 |
| PKCS #14 | – | 拟随机数产生器标准(Pseudo-random Number Generation) | 制定中。规范拟随机数产生器的使用与设计。 |
| PKCS #15 | 1.1 | 密码设备消息格式标准(Cryptographic Token Information Format Standard) | 定义了密码设备内部数据的组织结构。 |