vlucas/pikirasa

使用 OpenSSL 扩展实现的 PKI 公私 RSA 密钥加密

维护者

详细信息

github.com/vlucas/pikirasa

主页

源代码

问题

安装次数: 76,535

依赖关系: 0

建议者: 0

安全: 0

星标: 102

关注者: 7

分支: 20

开放问题: 6

v1.0.4 2015-01-17 16:13 UTC

Requires

BSD bb27ef66bceffba6c438d0fdd2a02bacbdaa3fde

cryptographyencryptioncryptrsaopensslPrivate Keypublic keypki

This package is auto-updated.

Last update: 2024-09-14 12:41:41 UTC

README

Build Status codecov

使用 OpenSSL 扩展轻松实现 PKI 公私 RSA 密钥加密。

名字的由来是什么?

Pikirasa 只是 "PKI RSA" 加上一些额外的元音字母。另外,我是在一个周五的晚上创建这个项目的,所以我实在不想给它起一个严肃的名字。

这个是用来做什么的?

Pikirasa 是一个轻量级的包装器,围绕 PHP 的 OpenSSL 扩展进行加密和解密操作,使用已知的公私密钥对。它需要您已安装 OpenSSL 扩展,并且您的证书已经生成。

Pikirasa 不是一个通用或全面的加密库。如果您需要更多的加密选项或最大的系统兼容性,请查看 phpseclib

安装

只需启动 Composer!

composer require vlucas/pikirasa

示例用法

您只需要公钥和/或私钥文件的完整路径

$rsa = new Pikirasa\RSA('path/to/public.pem', 'path/to/private.pem');

$data = 'abc123';
$encrypted = $rsa->encrypt($data);
$decrypted = $rsa->decrypt($encrypted);
var_dump($decrypted); // 'abc123'

在内部,Pikirasa 将这些路径作为文件流处理,您可以使用任何文件流直接代替

$rsa = new Pikirasa\RSA('file:///absolute/path/to/public.pem', 'file://relative/path/to/private.pem');

$data = 'abc123';
$encrypted = $rsa->encrypt($data);
$decrypted = $rsa->decrypt($encrypted);
var_dump($decrypted); // 'abc123'

您还可以使用公钥和私钥的字符串内容

$publicKey = '
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7o9A47JuO3wgZ/lbOIOs
Xc6cVSiCMsrglvORM/54StFRvcrxMi7OjXD6FX5fQpUOQYZfIOFZZMs6kmNXk8xO
hgTmdMJcBWolQ85acfAdWpTpCW29YMvXNARUDb8uJKAApsISnttyCnbvp7zYMdQm
HiTG/+bYaegSXzV3YN+Ej+ZcocubUpLp8Rpzz+xmXep3BrjBycAE9z2IrrV2rlwg
TTxU/B8xmvMsToBQpAbe+Cv130tEHsyW4UL9KZY1M9R+UHFPPmORjBKxSZvjJ1mS
UbUYN6PmMry35wCaFCfQoyTDUxBfxTGYqjaveQv4sxx0uvoiLXHt9cAm5Q8KJ+8d
FwIDAQAB
-----END PUBLIC KEY-----
';

$privateKey = '
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEA7o9A47JuO3wgZ/lbOIOsXc6cVSiCMsrglvORM/54StFRvcrx
Mi7OjXD6FX5fQpUOQYZfIOFZZMs6kmNXk8xOhgTmdMJcBWolQ85acfAdWpTpCW29
YMvXNARUDb8uJKAApsISnttyCnbvp7zYMdQmHiTG/+bYaegSXzV3YN+Ej+Zcocub
UpLp8Rpzz+xmXep3BrjBycAE9z2IrrV2rlwgTTxU/B8xmvMsToBQpAbe+Cv130tE
HsyW4UL9KZY1M9R+UHFPPmORjBKxSZvjJ1mSUbUYN6PmMry35wCaFCfQoyTDUxBf
xTGYqjaveQv4sxx0uvoiLXHt9cAm5Q8KJ+8dFwIDAQABAoIBAHkWS3iHy/3zjjtY
TV4NL8NZqO5splGDuqXEMbKzenl3b8cnKHAxY/RVIQsh3tZb9CV8P/Lfj1Fi+nLt
a7mAXWcXO6aONMkmzI1zQ2NL3opoxTRc+GAWd0BW5hcoMBK1CD+ciHkLqAH5xsFc
UFxSc5qfTkb79GMlQZYD/Hk2WwHyj7hAkyxip4ye1EOnH5h8H7vIUjwp+H6Rmt5w
FTiVJbokhzwiczChUJVWgnowegL/qFV+yNfHGGKqVdIQfKdCsHR6jAuKCww5QniN
qDEi/M2Az0R4qfVmf38uMvOJTWaxp08JV4qRyNdh6hhbj+nY1EZ8haOiC7tjz2mJ
XqqKQfkCgYEA95yb5ezTBF4Pbr589OnU6VFdM88BCrKKvSWE8D1fzZZTsXur5k/x
cOwfio4RkmJwMnjuzZN6nvL5QddfcmPWQAoepHR8eA9yhIz57YWgrqE9ZXI8DgMy
SFuy5EkV5vudjDIr7kBXaGuUh3ErZfglyrV/rUfydGdTWyY8phMq/6MCgYEA9qQj
7kb5uyU8nrXoDqKPpy6ijEpVilgy4VR7RuB2vMh74wKI1QQYED+PxfcHe5RP8WGF
Bl+7VnmrGka4xJWeN7GKW4GRx5gRAzg139DXkqwPlXyM3ZR3pLd8wtbxTmJrcPby
A6uNRhGPpuyhDs5hx9z6HvLoCs+O0A9gDaChM/0CgYEAycRguNPpA2cOFkS8l+mu
p8y4MM5eX/Qq34QiNo0ccu8rFbXb1lmQOV7/OK0Znnn+SPKITRX+1mTRPZidWx4F
aLuWSpXtEvwrad1ijuzTiVk0KWUTkKuEHrgyJplzcnvX3nTHnWXqk9kN9+v83CN/
0BVji7TT2YyUvPKEeyOlZxcCgYABFm42Icf+JEblKEYyslLR2OnMlpNT/dmTlszI
XjsH0BaDxMIXtmHoyG7434L/74J+vQBaK9fmpLi1b/RmoYZGFplWl/atm6UPj5Ll
PsWElw+miBsS6xGv/0MklNARmWuB3wToMTx5P6CTit2W9CAIQpgzxLxzN8EYd8jj
pn6vfQKBgQCHkDnpoNZc2m1JksDiuiRjZORKMYz8he8seoUMPQ+iQze66XSRp5JL
oGZrU7JzCxuyoeA/4z36UN5WXmeS3bqh6SinrPQKt7rMkK1NQYcDUijPBMt0afO+
LH0HIC1HAtS6Wztd2Taoqwe5Xm75YW0elo4OEqiAfubAC85Ec4zfxw==
-----END RSA PRIVATE KEY-----
';

$rsa = new Pikirasa\RSA($publicKey, $privateKey);

$data = 'abc123';
$encrypted = $rsa->encrypt($data);
$decrypted = $rsa->decrypt($encrypted);
var_dump($decrypted); // 'abc123'

创建密钥

还没有密钥文件?没问题 - 您可以简单地创建新的

$rsa = new Pikirasa\RSA('path/to/nonexistent_public.pem', 'path/to/nonexistent_private.pem');
$rsa->create();  // creates new keys in the new key files

$data = 'abc123';
$encrypted = $rsa->encrypt($data);
$decrypted = $rsa->decrypt($encrypted);
var_dump($decrypted); // 'abc123'

如果您需要除默认的 2048 位以外的密钥大小,只需将所需的大小作为 $rsa->create() 的第一个参数传递。

Pikirasa 不会覆盖现有的密钥文件,除非您将 true 传递给 $rsa->create() 的第二个参数。

如果您喜欢使用密钥字符串而不是密钥文件进行工作,您也可以通过这种方式创建密钥

$rsa = new Pikirasa\RSA(null, null);
$rsa->create();  // creates new keys as strings

$data = 'abc123';
$encrypted = $rsa->encrypt($data);
$decrypted = $rsa->decrypt($encrypted);
var_dump($decrypted);
          // 'abc123'
var_dump($rsa->getPublicKeyFile());
          // -----BEGIN PUBLIC KEY-----
          // MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7o9A47JuO3wgZ/lbOIOs
          // Xc6cVSiCMsrglvORM/54StFRvcrxMi7OjXD6FX5fQpUOQYZfIOFZZMs6kmNXk8xO
          // hgTmdMJcBWolQ85acfAdWpTpCW29YMvXNARUDb8uJKAApsISnttyCnbvp7zYMdQm
          // HiTG/+bYaegSXzV3YN+Ej+ZcocubUpLp8Rpzz+xmXep3BrjBycAE9z2IrrV2rlwg
          // TTxU/B8xmvMsToBQpAbe+Cv130tEHsyW4UL9KZY1M9R+UHFPPmORjBKxSZvjJ1mS
          // UbUYN6PmMry35wCaFCfQoyTDUxBfxTGYqjaveQv4sxx0uvoiLXHt9cAm5Q8KJ+8d
          // FwIDAQAB
          // -----END PUBLIC KEY-----
var_dump($rsa->getPrivateKeyFile());
          // -----BEGIN RSA PRIVATE KEY-----
          // MIIEpAIBAAKCAQEA7o9A47JuO3wgZ/lbOIOsXc6cVSiCMsrglvORM/54StFRvcrx
          // Mi7OjXD6FX5fQpUOQYZfIOFZZMs6kmNXk8xOhgTmdMJcBWolQ85acfAdWpTpCW29
          // YMvXNARUDb8uJKAApsISnttyCnbvp7zYMdQmHiTG/+bYaegSXzV3YN+Ej+Zcocub
          // UpLp8Rpzz+xmXep3BrjBycAE9z2IrrV2rlwgTTxU/B8xmvMsToBQpAbe+Cv130tE
          // HsyW4UL9KZY1M9R+UHFPPmORjBKxSZvjJ1mSUbUYN6PmMry35wCaFCfQoyTDUxBf
          // xTGYqjaveQv4sxx0uvoiLXHt9cAm5Q8KJ+8dFwIDAQABAoIBAHkWS3iHy/3zjjtY
          // TV4NL8NZqO5splGDuqXEMbKzenl3b8cnKHAxY/RVIQsh3tZb9CV8P/Lfj1Fi+nLt
          // a7mAXWcXO6aONMkmzI1zQ2NL3opoxTRc+GAWd0BW5hcoMBK1CD+ciHkLqAH5xsFc
          // UFxSc5qfTkb79GMlQZYD/Hk2WwHyj7hAkyxip4ye1EOnH5h8H7vIUjwp+H6Rmt5w
          // FTiVJbokhzwiczChUJVWgnowegL/qFV+yNfHGGKqVdIQfKdCsHR6jAuKCww5QniN
          // qDEi/M2Az0R4qfVmf38uMvOJTWaxp08JV4qRyNdh6hhbj+nY1EZ8haOiC7tjz2mJ
          // XqqKQfkCgYEA95yb5ezTBF4Pbr589OnU6VFdM88BCrKKvSWE8D1fzZZTsXur5k/x
          // cOwfio4RkmJwMnjuzZN6nvL5QddfcmPWQAoepHR8eA9yhIz57YWgrqE9ZXI8DgMy
          // SFuy5EkV5vudjDIr7kBXaGuUh3ErZfglyrV/rUfydGdTWyY8phMq/6MCgYEA9qQj
          // 7kb5uyU8nrXoDqKPpy6ijEpVilgy4VR7RuB2vMh74wKI1QQYED+PxfcHe5RP8WGF
          // Bl+7VnmrGka4xJWeN7GKW4GRx5gRAzg139DXkqwPlXyM3ZR3pLd8wtbxTmJrcPby
          // A6uNRhGPpuyhDs5hx9z6HvLoCs+O0A9gDaChM/0CgYEAycRguNPpA2cOFkS8l+mu
          // p8y4MM5eX/Qq34QiNo0ccu8rFbXb1lmQOV7/OK0Znnn+SPKITRX+1mTRPZidWx4F
          // aLuWSpXtEvwrad1ijuzTiVk0KWUTkKuEHrgyJplzcnvX3nTHnWXqk9kN9+v83CN/
          // 0BVji7TT2YyUvPKEeyOlZxcCgYABFm42Icf+JEblKEYyslLR2OnMlpNT/dmTlszI
          // XjsH0BaDxMIXtmHoyG7434L/74J+vQBaK9fmpLi1b/RmoYZGFplWl/atm6UPj5Ll
          // PsWElw+miBsS6xGv/0MklNARmWuB3wToMTx5P6CTit2W9CAIQpgzxLxzN8EYd8jj
          // pn6vfQKBgQCHkDnpoNZc2m1JksDiuiRjZORKMYz8he8seoUMPQ+iQze66XSRp5JL
          // oGZrU7JzCxuyoeA/4z36UN5WXmeS3bqh6SinrPQKt7rMkK1NQYcDUijPBMt0afO+
          // LH0HIC1HAtS6Wztd2Taoqwe5Xm75YW0elo4OEqiAfubAC85Ec4zfxw==
          // -----END RSA PRIVATE KEY-----

使用带有密码的密钥

Pikirasa\RSA 类的构造函数接受一个可选的第三个参数,如果您的私钥受密码保护。

$rsa = new Pikirasa\RSA($publicKey, $privateKey, 'certificate_password');

$data = 'abc123';
$encrypted = $rsa->encrypt($data);
$decrypted = $rsa->decrypt($encrypted);
var_dump($decrypted); // 'abc123'

此方法也适用于创建应受密码保护的新的密钥。

$rsa = new Pikirasa\RSA($publicKey, $privateKey, 'certificate_password');
$rsa->create(); // creates new keys, with the private key password-protected

$data = 'abc123';
$encrypted = $rsa->encrypt($data);
$decrypted = $rsa->decrypt($encrypted);
var_dump($decrypted); // 'abc123'

$rsa2 = new Pikirasa\RSA($publicKey, $privateKey);
$decrypted = $rsa2->decrypt($encrypted); // Throws `Pikirasa\Exception` for bad/missing password

处理 base64 编码的字符串

如果您想处理纯文本字符串而不是二进制数据,一个常见的模式是使用 base64 对加密数据进行编码。如果您需要这样做,encryptdecrypt 都有相应的 base64 对应方法可供您使用。

$rsa = new Pikirasa\RSA($publicKey, $privateKey);

$data = 'abc123';
$encrypted = $rsa->base64Encrypt($data);
$decrypted = $rsa->base64Decrypt($encrypted);
var_dump($decrypted); // 'abc123'