生成RSA金鑰對

使用php的openssl擴充套件生成RSA證照，公鑰和私鑰金鑰對

<?php

class OpensslServer
{
    /**
     * 過期時間
     * @var int|mixed
     */
    protected $expire;

    /**
     * 金鑰密碼
     * @var string
     */
    protected $pass_phrase;

    /**
     * 金鑰儲存路徑
     * @var string
     */
    protected $path;

    /**
     * 私鑰
     * @var string
     */
    protected $private_key;

    /**
     * 時間戳
     * @var integer
     */
    protected $time;

    /**
     * 基礎配置
     * @var string[]
     */
    public $dn = [
        "countryName" => "CN", "stateOrProvinceName" => "ChongQing", "localityName" => "China",
        "organizationName" => "The Brain Room Limited", "organizationalUnitName" => "PHP Documentation Team",
        "commonName" => "Rancy Bruce", "emailAddress" => "rancy@rancy.top"
    ];

    /**
     * 金鑰配置
     * @var array
     */
    public $config = [
        //指定應該使用多少位來生成私鑰  512 1024  2048  4096等
        "private_key_bits" => 1024,
        //選擇在建立CSR時應該使用哪些擴充套件。可選值有 OPENSSL_KEYTYPE_DSA, OPENSSL_KEYTYPE_DH, OPENSSL_KEYTYPE_RSA 或 OPENSSL_KEYTYPE_EC. 預設值是 OPENSSL_KEYTYPE_RSA.
        "private_key_type" => OPENSSL_KEYTYPE_RSA,
    ];

    /**
     * OpensslServer constructor.
     * @param string $path 儲存路徑
     * @param int $expire 有效期天數
     * @param string $pass_phrase 金鑰密碼
     */
    public function __construct($path = null, $expire = 365, $pass_phrase = 'rancy')
    {
        $this->path = $path;
        $this->expire = $expire;
        $this->pass_phrase = $pass_phrase;
        $this->time = time();
    }

    /**
     * 生成金鑰對
     */
    public function generate()
    {
        // 生成公鑰私鑰資源
        $res = openssl_pkey_new($this->config);
        // 匯出私鑰 $this->private_key
        openssl_pkey_export($res, $this->private_key, $this->pass_phrase, $this->config);
        //  匯出公鑰 $pubKey
        $pubKey = openssl_pkey_get_details($res);

        //var_dump($this->private_key);
        //var_dump($pubKey);

        file_put_contents("{$this->path}/{$this->time}_private.key", $this->private_key);
        file_put_contents("{$this->path}/{$this->time}_public.key", $pubKey["key"]);
    }

    /**
     * 簽名證照
     */
    public function cert()
    {
        //基於$dn生成新的 CSR （證照籤名請求）
        $csr = openssl_csr_new($this->dn, $this->private_key, $this->config);
        //根據配置自己對證照進行簽名
        $csr_sign = openssl_csr_sign($csr, null, $this->private_key, $this->expire, $this->config);
        //將公鑰證照儲存到一個變數 $csr_key，由 PEM 編碼格式命名。
        openssl_x509_export($csr_sign, $csr_key);
        //將私鑰儲存到名為的出 PKCS12 檔案格式的字串。
        openssl_pkcs12_export($csr_sign, $private_pkcs12, $this->private_key, $this->pass_phrase);

        //var_dump($csr_key);
        //var_dump($private_pkcs12);

        file_put_contents("{$this->path}/{$this->time}_cert.cer", $csr_key);
        file_put_contents("{$this->path}/{$this->time}_private.pfx", $private_pkcs12);
    }
}

使用方法

<?php

$openssl = new OpensslServer('certs');
$openssl->generate();
$openssl->cert();

本作品採用《CC 協議》，轉載必須註明作者和本文連結