首先需要知道的关于rsa的知识
RSA与AES,DES一样也是一个块加密函数
RSA常用的密钥长度为 1024bit、2048bit、4096bit、128字节、256字节、512字节
RSA加密的最长长度不能超过密钥的长度,考虑到还有填充方式,所以实际能加密的数据长度会比密钥长度略小,除非使用OPENSSL_NO_PADDING
加密后的密文长度等于密钥的长度
公钥加密和私钥解密能使用的填充方法有OPENSSL_PKCS1_PADDING
, OPENSSL_SSLV23_PADDING
, OPENSSL_PKCS1_OAEP_PADDING
, OPENSSL_NO_PADDING
.
公钥解密和私钥加密能使用的填充方式有 OPENSSL_PKCS1_PADDING
, OPENSSL_NO_PADDING
OPENSSL_NO_PADDING
不进行填充,假如明文长度不够长会在明文最开始填0补齐长度,所以能够加密的明文长度最大为密钥的长度
OPENSSL_PKCS1_PADDING
填充需要占用11字节的内容,所以能够加密的明文长度最大为117字节 245字节 501字节,超出的话加密函数会报false
OPENSSL_PKCS1_OAEP_PADDING
填充需要占用41字节的内容,所以能加密的明文的长度最大为87字节 215字节 471字节,超出的话加密函数会报false
PHP实现RSA加密需要打开openssl
扩展
完整示例:
<?php
header('Content-Type: text/html; charset=utf-8');
class ZrtRsa
{
const RSA_ALGORITHM_KEY_TYPE = OPENSSL_KEYTYPE_RSA;
const RSA_ALGORITHM_SIGN = OPENSSL_ALGO_SHA256;
private $_config = [
'public_key' => '',
'private_key' => '',
'key_len' => '',
];
public function __construct($private_key_file_path, $public_key_file_path)
{
$this->_config['private_key'] = $this->_getContents($private_key_file_path);
$this->_config['public_key'] = $this->_getContents($public_key_file_path);
$this->_config['key_len'] = $this->_getKenLen();
}
/**
* @uses 获取文件内容
* @param $file_path string
* @return bool|string
*/
private function _getContents($file_path)
{
file_exists($file_path) or die ('密钥或公钥的文件路径错误');
return file_get_contents($file_path);
}
private function _getKenLen()
{
$pub_id = openssl_get_publickey($this->_config['public_key']);
return openssl_pkey_get_details($pub_id)['bits'];
}
/**
* @uses 获取私钥
* @return bool|resource
*/
private function _getPrivateKey()
{
$private_key = $this->_config['private_key'];
return openssl_pkey_get_private($private_key);
}
/**
* @uses 获取公钥
* @return bool|resource
*/
private function _getPublicKey()
{
$public_key = $this->_config['public_key'];
return openssl_pkey_get_public($public_key);
}
/**
* @uses 私钥加密
* @param string $data
* @return null|string
*/
public function privateEncrypt($data = '')
{
if (!is_string($data)) {
return null;
}
$encrypted = '';
$part_len = $this->_config['key_len'] / 8 - 11;
$parts = str_split($data, $part_len);
foreach ($parts as $part) {
$encrypted_temp = '';
openssl_private_encrypt($part, $encrypted_temp, $this->_getPrivateKey());
$encrypted .= $encrypted_temp;
}
return base64_encode($encrypted);
//return openssl_private_encrypt($data, $encrypted, $this->_getPrivateKey()) ? base64_encode($encrypted) : null;
}
/**
* @uses 公钥加密
* @param string $data
* @return null|string
*/
public function publicEncrypt($data = '')
{
if (!is_string($data)) {
return null;
}
$encrypted = '';
$part_len = $this->_config['key_len'] / 8 - 11;
$parts = str_split($data, $part_len);
foreach ($parts as $part) {
$encrypted_temp = '';
openssl_public_encrypt($part, $encrypted_temp, $this->_getPublicKey());
$encrypted .= $encrypted_temp;
}
return base64_encode($encrypted);
//return openssl_public_encrypt($data, $encrypted, $this->_getPublicKey()) ? base64_encode($encrypted) : null;
}
/**
* @uses 私钥解密
* @param string $encrypted
* @return null
*/
public function privateDecrypt($encrypted = '')
{
if (!is_string($encrypted)) {
return null;
}
$decrypted = "";
$part_len = $this->_config['key_len'] / 8;
$base64_decoded = url_safe_base64_decode($encrypted);
$parts = str_split($base64_decoded, $part_len);
foreach ($parts as $part) {
$decrypted_temp = '';
openssl_private_decrypt($part, $decrypted_temp,$this->_getPrivateKey());
$decrypted .= $decrypted_temp;
}
return $decrypted;
//return (openssl_private_decrypt(base64_decode($encrypted), $decrypted, $this->_getPrivateKey())) ? $decrypted : null;
}
/**
* @uses 公钥解密
* @param string $encrypted
* @return null
*/
public function publicDecrypt($encrypted = '')
{
if (!is_string($encrypted)) {
return null;
}
$decrypted = "";
$part_len = $this->_config['key_len'] / 8;
$base64_decoded = base64_decode($encrypted);
$parts = str_split($base64_decoded, $part_len);
foreach ($parts as $part) {
$decrypted_temp = '';
openssl_public_decrypt($part, $decrypted_temp,$this->_getPublicKey());
$decrypted .= $decrypted_temp;
}
return $decrypted;
//return (openssl_public_decrypt(base64_decode($encrypted), $decrypted, $this->_getPublicKey())) ? $decrypted : null;
}
/*
* 数据加签
*/
public function sign($data)
{
openssl_sign($data, $sign, $this->_getPrivateKey(), self::RSA_ALGORITHM_SIGN);
return base64_encode($sign);
}
/*
* 数据签名验证
*/
public function verify($data, $sign)
{
$pub_id = openssl_get_publickey($this->_getPublicKey());
$res = openssl_verify($data, base64_decode($sign), $pub_id, self::RSA_ALGORITHM_SIGN);
return $res;
}
}