Home > Article > Backend Development > Example analysis of MD5 combined with RSA to implement signature algorithm in PHP
This article mainly introduces the MD5 combined with RSA signature algorithm implemented by PHP, and analyzes the relevant operating techniques of the signature algorithm implemented by PHP using md5 combined with RSA in the form of examples. It also comes with relevant instructions for the RSA public key and private key. Friends can refer to
. This article describes the MD5 combined with RSA signature algorithm implemented in PHP. Share it with everyone for your reference, the details are as follows:
<?php class Md5RSA{ /** * 利用约定数据和私钥生成数字签名 * @param $data 待签数据 * @return String 返回签名 */ public function sign($data='') { if (empty($data)) { return False; } $private_key = file_get_contents(dirname(__FILE__).'/rsa_private_key.pem'); if (empty($private_key)) { echo "Private Key error!"; return False; } $pkeyid = openssl_get_privatekey($private_key); if (empty($pkeyid)) { echo "private key resource identifier False!"; return False; } $verify = openssl_sign($data, $signature, $pkeyid, OPENSSL_ALGO_MD5); openssl_free_key($pkeyid); return $signature; } /** * 利用公钥和数字签名以及约定数据验证合法性 * @param $data 待验证数据 * @param $signature 数字签名 * @return -1:error验证错误 1:correct验证成功 0:incorrect验证失败 */ public function isValid($data='', $signature='') { if (empty($data) || empty($signature)) { return False; } $public_key = file_get_contents(dirname(__FILE__).'/rsa_public_key.pem'); if (empty($public_key)) { echo "Public Key error!"; return False; } $pkeyid = openssl_get_publickey($public_key); if (empty($pkeyid)) { echo "public key resource identifier False!"; return False; } $ret = openssl_verify($data, $signature, $pkeyid, OPENSSL_ALGO_MD5); switch ($ret) { case -1: echo "error"; break; default: echo $ret==1 ? "correct" : "incorrect";//0:incorrect break; } return $ret; } }
Attachment: Openssl generation certificate and instructions for obtaining public and private keys
1. RSA method
1. Create CA root certificate 1) Create the directory RSA 2) Create the following subdirectories certs, crl, newcerts 3) In the RSA directory Perform the following operations:
echo 01 > serial
touch index.txt
openssl req -new -x509 -newkey rsa:1024 -keyout CA.key -out CA.pem (Generate self-signed CA certificate)
2. Client certificate request
openssl req -new -newkey rsa:1024 -keyout ddmdd_a.key -out ddmdd_a.req (Generate the key and certificate request for ddmdd_a. Note: The user information filled in here must be completely consistent with the CA certificate information)
openssl rsa -in ddmdd_a.key -pubout -out ddmdd_a.pub (Export public key)
3. Issue certificates for clients
openssl ca -keyfile CA.key -cert CA.pem -in ddmdd_a.req -out ddmdd_a.pem -notext (use CA key The key and certificate are ddmdd_a issued certificate ddmdd_a.pem)
openssl ca -keyfile CA.key -cert CA.pem -in subca_rsareq.pem -out subca.pem -notext (issuance of secondary CA certificate)
4. Convert certificate format
openssl x509 -inform pem -outform der -in ddmdd_a.pem -out ddmdd_a.der
openssl pkcs12 -export -in ddmdd_a.pem -inkey ddmdd_a_rsakey.pem -out ddmdd_a.pfx
openssl pkcs12 -in ddmdd_a.pfx -out ddmdd_a.pem
openssl rsa -in ddmdd_a.key -out ddmdd_a_open.key (delete private key password)
5. Generate certificate revocation list
echo 01 > crlnumber
openssl ca -keyfile CA.key -cert CA.pem -revoke ddmdd_a.pem (revoke certificate ddmdd_a from CA .pem)
openssl ca -gencrl -keyfile CA.key -cert CA.pem -out CA.crl (Generate or update certificate revocation list)
6. View certificate information
openssl x509 -in CA.pem -noout –text
2. DSA method
1. Establish CA root certificate 1) Create directory DSA 2) Create the following subdirectories certs, crl, newcerts 3) Perform the following operations in the DSA directory:
echo 01 > serial
touch index.txt
openssl dsaparam -out CA.para 1024 (Generate dsa parameter file)
openssl req -new -x509 -newkey dsa:CA.para -keyout CA.key -out CA.pem (Use dsa parameters to generate a self-signed CA certificate)
2. Client certificate request
openssl dsaparam -out ddmdd_b.para 1024 (generate dsa parameter file)
openssl req -new -newkey dsa:ddmdd_b.para -keyout ddmdd_b.key -out ddmdd_b.req (Use the dsa parameter to generate the key and certificate request for ddmdd_b. Note: The user information filled in here must be completely consistent with the CA certificate information)
openssl dsa -in ddmdd_b.key - pubout -out ddmdd_b.pub (export public key)
3. Issue certificates for customers
openssl ca -keyfile CA.key -cert CA.pem -in ddmdd_b .req -out ddmdd_b.pem -notext (Use the CA key and certificate to issue the certificate ddmdd_b.pem for ddmdd_b)
3. Obtain the public key and private key
a) If you generate a certificate through the above method, you can obtain the public key and private key through the following commands.
Export public key:
DSA method: openssl dsa -in ddmdd_b.key -pubout -out ddmdd_b.pub.pem
RSA method: openssl rsa -in ddmdd_a.key -pubout -out ddmdd_a.pub.pem
Export private key:
openssl rsa -in server.key -text > private.pem
b) Directly generate public and private keys:
openssl genrsa -out private.pem 1024
openssl pkcs8 -nocrypt -topk8 -in private.pem -out pkcs8.pem
openssl rsa -pubout -in private.pem public.pem
The above is the detailed content of Example analysis of MD5 combined with RSA to implement signature algorithm in PHP. For more information, please follow other related articles on the PHP Chinese website!