我只是想知道如何使用只有预先计算的公钥值的php创建公钥证书。一旦我输入了公钥和剩余值,我将使用我自己的ca证书签署此证书。谢谢!
答案 0 :(得分:2)
X.509证书有一个主题和一个发行人。如果您拥有的只是主题的公钥,您仍然可以使用CA的私钥创建CA签名证书。使用phpseclib, a pure PHP X.509 implementation ...
<?php
include('File/X509.php');
include('Crypt/RSA.php');
// load private key for issuer / CA
$CAPrivKey = new Crypt_RSA();
$CAPrivKey->loadKey('...');
// load public key for subject
$pubKey = new Crypt_RSA();
$pubKey->loadKey('...');
$pubKey->setPublicKey();
// create the DN for the subject
$subject = new File_X509();
$subject->setDN('...');
$subject->setPublicKey($pubKey);
// create the DN for the issuer
// (the DN can be loaded from another X.509 cert too)
$issuer = new File_X509();
$issuer->setPrivateKey($CAPrivKey);
$issuer->setDN('...');
$x509 = new File_X509();
$x509->setStartDate('-1 month');
$x509->setEndDate('+1 year');
$result = $x509->sign($issuer, $subject);
echo $x509->saveX509($result);
?>