php demo:
参考:
https://gist.github.com/winok/6153500
<?php
## openssl genrsa -out key.pem 1024
## openssl rsa -in key.pem -pubout -outform PEM -out pubkey.pem
## openssl rsa -in key.pem -pubout -outform DER -out pubkey.der
function hextobin($hexstr)
{
$n = strlen($hexstr);
$sbin="";
$i=0;
while($i<$n)
{
$a =substr($hexstr,$i,2);
$c = pack("H*",$a);
if ($i==0){$sbin=$c;}
else {$sbin.=$c;}
$i+=2;
}
return $sbin;
}
function buildSign($toSign) {
$signature = null;
$priv_key = file_get_contents('key.pem');
$pkeyid = openssl_get_privatekey($priv_key);
openssl_sign($toSign, $signature, $pkeyid);
openssl_free_key($pkeyid);
$hex = bin2hex( $signature );
return $hex;
}
function verifySign($sign, $toSign) {
$signdata = hextobin($sign);
$ret = openssl_verify($toSign, $signdata, file_get_contents('pubkey.pem'));
return $ret;
}
function verifySign_der($sign, $toSign) {
$signdata = hextobin($sign);
$der = file_get_contents('pubkey.der');
$pem = "-----BEGIN PUBLIC KEY-----n";
$str = base64_encode($der);
$pem .= wordwrap($str, 64, "n", true)."n";
$pem .= "-----END PUBLIC KEY-----n";
$ret = openssl_verify($toSign, $signdata, $pem);
return $ret;
}
$sign = buildSign('test1');
if (verifySign($sign, 'test1') == 1)
echo "successn";
if (verifySign_der($sign, 'test1') == 1)
echo "successn";
echo "n";
$sign = buildSign('test1');
if (verifySign($sign, 'test2') == 0)
echo "successn";
if (verifySign_der($sign, 'test2') == 0)
echo "successn";
?>
相关格式参考:
http://www.cnblogs.com/xiaoweiyu/archive/2011/12/26/2302297.html
注意:
1.相关参数(如:openssl pkcs8 -topk8 -inform PEM -outform DER -in key.pem -out key.der -nocrypt 里的最后一个参数 )
2.公钥和私钥所用命令不同
3.通常二进制der格式通过 base64 或十六进制表示。先还原,再转换格式。
转发请注明出处http://blog.martoo.cn
如有漏缺,请联系我 QQ 243008827