生成RSA密钥对
使用php的openssl扩展生成RSA证书,公钥和私钥密钥对
<?php
class OpensslServer
{
/**
* 过期时间
* @var int|mixed
*/
protected $expire;
/**
* 密钥密码
* @var string
*/
protected $pass_phrase;
/**
* 密钥保存路径
* @var string
*/
protected $path;
/**
* 私钥
* @var string
*/
protected $private_key;
/**
* 时间戳
* @var integer
*/
protected $time;
/**
* 基础配置
* @var string[]
*/
public $dn = [
"countryName" => "CN", "stateOrProvinceName" => "ChongQing", "localityName" => "China",
"organizationName" => "The Brain Room Limited", "organizationalUnitName" => "PHP Documentation Team",
"commonName" => "Rancy Bruce", "emailAddress" => "rancy@rancy.top"
];
/**
* 密钥配置
* @var array
*/
public $config = [
//指定应该使用多少位来生成私钥 512 1024 2048 4096等
"private_key_bits" => 1024,
//选择在创建CSR时应该使用哪些扩展。可选值有 OPENSSL_KEYTYPE_DSA, OPENSSL_KEYTYPE_DH, OPENSSL_KEYTYPE_RSA 或 OPENSSL_KEYTYPE_EC. 默认值是 OPENSSL_KEYTYPE_RSA.
"private_key_type" => OPENSSL_KEYTYPE_RSA,
];
/**
* OpensslServer constructor.
* @param string $path 保存路径
* @param int $expire 有效期天数
* @param string $pass_phrase 密钥密码
*/
public function __construct($path = null, $expire = 365, $pass_phrase = 'rancy')
{
$this->path = $path;
$this->expire = $expire;
$this->pass_phrase = $pass_phrase;
$this->time = time();
}
/**
* 生成密钥对
*/
public function generate()
{
// 生成公钥私钥资源
$res = openssl_pkey_new($this->config);
// 导出私钥 $this->private_key
openssl_pkey_export($res, $this->private_key, $this->pass_phrase, $this->config);
// 导出公钥 $pubKey
$pubKey = openssl_pkey_get_details($res);
//var_dump($this->private_key);
//var_dump($pubKey);
file_put_contents("{$this->path}/{$this->time}_private.key", $this->private_key);
file_put_contents("{$this->path}/{$this->time}_public.key", $pubKey["key"]);
}
/**
* 签名证书
*/
public function cert()
{
//基于$dn生成新的 CSR (证书签名请求)
$csr = openssl_csr_new($this->dn, $this->private_key, $this->config);
//根据配置自己对证书进行签名
$csr_sign = openssl_csr_sign($csr, null, $this->private_key, $this->expire, $this->config);
//将公钥证书存储到一个变量 $csr_key,由 PEM 编码格式命名。
openssl_x509_export($csr_sign, $csr_key);
//将私钥存储到名为的出 PKCS12 文件格式的字符串。
openssl_pkcs12_export($csr_sign, $private_pkcs12, $this->private_key, $this->pass_phrase);
//var_dump($csr_key);
//var_dump($private_pkcs12);
file_put_contents("{$this->path}/{$this->time}_cert.cer", $csr_key);
file_put_contents("{$this->path}/{$this->time}_private.pfx", $private_pkcs12);
}
}
使用方法
<?php
$openssl = new OpensslServer('certs');
$openssl->generate();
$openssl->cert();
本作品采用《CC 协议》,转载必须注明作者和本文链接
推荐文章: