我有以下(我认为)有效代码,这可以按预期工作(在Debian稳定版上试用):
$config = array(
'private_key_bits' => 4096,
'digest_alg' => 'sha2',
'private_key_type' => OPENSSL_KEYTYPE_RSA,
);
// Create the private and public key
$res = openssl_pkey_new($config);
if ($res === false) {
throw new Exception('Key generation failed: '.openssl_error_string());
}
// Extract the private key from $res to $priv
openssl_pkey_export($res, $priv);
echo $priv;
这是上述代码的结果:
-----BEGIN PRIVATE KEY-----
MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQDcdRt222S/gEyY
q1h1yPJlPbDJSJ1YPlsTarbQoSQJhan9ezJQc1ctJ/As9wUUOFBAKlkEY0HNLule
1H9ROVG5drV/p6nfpM3wxtnfLAmFysGt1Jt2pfuCRGMjKdvcPIrvzvVXK1KcD2NF
FJOK1xoAl6+nGA9+p8APHqrYFEQ4D8u0JJKUTUNhnSDCCo7uvKXomObQRksADRtc
hqErDYIKA4ZtJl9xg+fFC1m7Ig+AJZliYhp+GqhElwRbACGUk+4yctUnyRLmRfjw
pCzgpEUIPqC3ktbwrxDikafXaMeb6HRyO51curBkI6ZAUM250RmdO7nd3tEbUWCy
5fcjsQdjjDW3QE/qxJcK0VgWRkJQNVagLC5tkZ/FQs/kxK+oB6CrtNAYr+tAIVPW
UY1yt3gDy0h+a674aAuG1IKm4n6vOv3usU1NVkoQC1URcNTP7MJ/gkEQC0Knj1bM
7jSs1s800/o7AKwh7nXIfCgcvGPShx6aBAR48rOdAkdB3o8UWHoeGeMG0FOVBGq1
hmQpttGLie9E9Cemw7BPvksGvjF7QYIMXF5ns5/VmSapvN/9sT7k+wVlBkDltQwt
qu0+FIi1+D4YcOabbiAcqlAqV+I4PlP9euY10VC9AUTiQzmouwts5tjNWpRwHwOH
TNdQt8uO8rK/Ea0PbPa6N2GY9p8qsQIDAQABAoICAD9XbnKyCrpzFI7w/FOrTuoD
1Z2fvYWzNNvZV3mOMxqBSxxHn2c6HJwe04U33D+5BmXJRRZbpnZbujXC/GnL/E07
bF6nP8nAQmOh3suejYXhgdB+O8TVX/RHzew2hLM8ufa5Egjfq7anPTCF/vZvY0s0
SgXKhfkwHaC6gP/gotEwyKiTsYHmyStsyBK4keTKUykHdZn1+GqlWW02SWxjTy+t
X5xQ4C9vZNJatodr++Qn6XA5G7+LzTkX4up6mStlbZUVJWVvAn0jMamColpRGHyL
8gWMrTEuO729d+oOcvu6yGph8o7IHRJIo+Xq0ZFIIQHqPTcgZBhjQ1Nje6THooVR
FDUKIOqk57H9XHPaWDi76Hp4AZ7BS9q9yVO37eRcT8sA3kLjraJF4uzWoQKnz4XL
X00X8RRxCoaFSa8UuA0RNC+zx42DUnMIGz00pUmElUYZ2KtE8s2im/mVcuBQy1yV
1T8v6+LLCIwWgWe6JUwPH//+luV9cKh/9jBZI5vkELe+rNBhCx7KmJ3BtM7oxrRB
2i3+HE2KqhSZrUwHPoK2nZHffIAYBnEnlMHJQYb9Ceek9SsG5Z1wsI63frC0/7ZT
mdgHaclb9++XqP3x1BVmwzoO7r7qiB5w3DJZixs5EcuZ0p2cqv9s0atVJmh5nm9j
Ih8y0a/6fBmL3KNEPV1ZAoIBAQD2DWWo54LkVPEYCXxT0wqGu4WeNuSSrKIqL7N4
0PyNdVj1Er/tAutdZPU5ZpwXPuKYAcqrsUuVYzaHKO157ghMj07Gz+oegeDjXlQN
USjDkWvVP8rLrw85tB5VkUT6d1hrAIN3SrYWzxmod0P4IgW+FqesG2A6kCC4H3/e
bjjAP20slRPTCZHS88mDbhtrt4rjN3YzIzTTGuSiGyK9czsVKEztXtNsqeGW5yor
QL0PPbSUThJQOkWYpcc0jZEwmtltMwZRWuO6OauoK6rfeiQL3OpJJQLeRfviw+uQ
cOZj3etQ4Qv9EwPydmQlV7/f7sMM5FSvVQUvaDJNYHPR8herAoIBAQDlXs6i/dy+
bazIovUbPy84hw8gvam/iGnL+XBjh+1+TNTY5qcSPiU+HJOwSRTFxWJrI1kUVX7l
bt2kRraFUT8SveZ550cQTTknm06WoEFcYYV0FZ8CiFSHbUbmIBrxXbAui4bLjEqM
bGzgEcc8GXkyCmDrdkvqKtrgpW3F4vU2cYKTPc+P2oF/Zqg4i9c86c6BDZGuCMXr
JpJ1UcYx0KHTppvveBgJNBhO2GZj3pp2irXJby++M5gc3L32EbCXrkyGCbBo/X/+
DwQPmBBGz3fd1ttC0cmRd8aSN/C4T7Io4qsccyd51HYnziXqpi5+h2CAHrR+Or6s
382om8NTmTsTAoIBAG5xewVCzb0B56o7b8QMgbgSahqnVxgDR1MaUDvVytcQKlrv
DJkta0pjq7MVPNEuV/WVMEy660tl2i73Dwlg7/a1iM2yu8rvz2sfhyjnGh4Wo0l4
NeYRcQscr1UHPOgUM+rrsxcTwQIh+cllp2u0kdFOR/r32szOrvEWqoXEAdNBZRbS
37AlpoADD5vgC4zhOQVeer7febGca63b8k8JbybDDSyrGMm4w1rB7mq1x2cU8n5z
QMMkNOMc3nrXZKlliFz8v0Q7QObxRfzZhPyEzbNJeRxV8aCl1zdla9JM6w0+qoaG
TaROKcJmo/MjHSw99u1NfDmrNwWdhp62waYmPbsCggEBAJ+VR9V1JMlFC0sIvdn4
KwV8SlUwQFMnONyWrtBA+Ua/c/N4/tKddFHzlfm3zwEOpLv/+vE/zqsYaJLsM/8r
mOOURi+YbwPzhol877+yveblXvF2PYyIh681o3dm7PfzhCnOH7ms4Q00Psfi9qhk
3MKpH+eTBZxltqVH08kzcAIyFXQWNDxU/XZDWVUGTnlt/qQhabMZHYLO8mU3wNpV
2tGkAKgq+SYmHad1vj9L2FITjgkZF7GQuguStYPnqOLPfSRgx2E0xoFftyaWWPS7
Uh2BaEnkJgbUu85tp0jFAiKaGg0QPW3xGUf2kMDiYETeMZDSTCfq/VDP4Ymm3c5j
NQsCggEAXRS9FXx//5Md68AOM+oQMN4D9iwKQiW8YJBJFI4r3dlxqWyuSMdhRqxB
jDaMNet1cqGyAYlyxEAafq0m4XUm9IHKKx7kEX4y7MssjYcfmT6dCKSxahjXaNRM
VmSWDS1av6PmtDegngA254v9KUAneYwwJHaSMYIHi6I/WwQwOtYIuhaAs9+UpDja
Z9lzVrpjL0F05kBeWQ3+GHOsCY6P1w98fXryivKOu4sxY5fDBivGr2YnYmPDb/8g
wiNJsxNY0yx1FR7m+Hojvzr7865QzysktQXIhBGWQQE4fZYDOiVzprgWCgyiXnyP
eWgwHIK0jIaFS0J3h4S08BxX+fi14g==
-----END PRIVATE KEY-----
但是我注意到,如果我将$config中的所有参数更改为无效,我仍会获得证书而不是某种错误,我可以加密使用此证书解密,签名并验证没有问题:
$config = array(
'private_key_bits' => (-1 * pi()), // negative pi. Also tried with a string
'digest_alg' => 'blah1024',
'private_key_type' => 'hello',
);
这是使用上述(无效)参数生成内容的示例:
-----BEGIN PRIVATE KEY-----
MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQClUjW+jZvviRED
bfNNjQuJHaE7ZXl0lOVmiY0ZSDeq1H/7q3wAI2pfjwT35kHkmbqeUASk1bl15P5W
YElo+/P34IY3wDC9N4DlQ+C5LMz+ryJUSB7Qf6mndEN/oNChjEQ6lmKnvuSicG5r
qG74l8Ry33m3dRbh8pDpmz31pgvNnLXLhMhMznXmj5wyHfjPyepnrrNZxUlT2c/C
Ewz8sqdxBdO2L6/hH6x8t/JId5mSH3VjuQkZJxtD7InRQ8OitK8r/VXfXoWjlKwW
a0JILAAUBfS0J/4j1+xTCP9uFHdlgLc5/EtfQCMAL0ir4nG6bTqddV2hpWo9mKx8
nUr7XkQ/AgMBAAECggEBAKDDSwQcTNEoZuUA3KJDUD5sE8fgq7UUvedyR0WYlpmG
v1YKsjCoP97hAyHWRal5XKJqibmJJCpjHnj8dSakK+CV867vM/YsrSlFUph/2nCn
+igfYee63U27n4/S4E7YSdj3OMSKu2bDEn2acx9G5oAWlRQzxqa97PFeR2hDqiKs
e0LaOa8rxInPWJft7lYVNsq8GZIBAdqnxDtWd8eymTr6Uov7t5rM2Nl/TGqE4cFW
w2OwLxplJiqLbO0SQuAZPQBtWCFeZNtRd7X/GJSr1+mIlW5DnxyEuiXMKOyx6nVL
6avQ6C3lp/e8YIU1aTIngNCsx5y2nfog3a3ahAiYFZECgYEA1IBO+d3HOZnA2N9u
YFP0PptiFqa43RERWQIHc2oD0MjYKtwRIFGFzmCcpQ12T8+XUjfEVlq7RSGvp5no
2/Lk4gV2qI3ZsJ6YTovJqG2CdwHMRawjRaQxQhntLMIzFA0XI7aSjnYgExDvk0Y0
kFqmrXLV1PnNtxC6SXWW5bwrteUCgYEAxymGsIB42BAWhSTBCUFjz614OhU8h8lN
2NbuWh7hgzf4hGzVUUOZPgyVpnKWGUxudUjIfhhshm5Dol5vam/ae2YhB6w6On0b
deDbFMgcO6Sd706dtm7w8ZHqAoiuOT4uJUgIPyUVNYDk2B8Pw4F/wsrBoOVbb9km
8yDksZrEb1MCgYBOtR+LaNuruAk3yroFL9NdhQv1u9bo+rNkNl4wH2o+YMXASjaF
s+xNnncmoy/ZK9iueT1dhsmqN2nqOBWJshOYq9FhaPjidDuRjDErEzSpg573h2Sh
HMmp5BR26Y8ltBuH/M2XuqTyqukxsWUyuoDV6ZzN/6B0V9vH7afwe5vtCQKBgQCM
cOX/tLiCc+XNgbt10VyW6BZtruf+QJ/alsWBW2Fe7KschrpuEaMQNEObGhZqRJFn
tylacdKlgT/EUZ9ziOiiN8R26qYs9GfW2fbjUrFGBbExPVjNerIBRwmjO8rPpt9X
ftIB5R5tmjTFijHNhZYYQG4GDXZLCvACZmGeNCrs7QKBgQDGBImt+v068ggJPNZw
M7syYguydoSWs+5JahTSY+i9BhsUvQ2ryKjDBio+FufrJTaHCZGzMLBRU35DoYav
CTxWOkj0wAfq7hfPheOSTKbMkIzU/4REFEm9onyRQT+q28PkkglmHbNUfPWLKbbQ
Egp2RwjcainGDTcFKSDqBfmRHA==
-----END PRIVATE KEY-----
所以我有几个问题,
这是PHP中的错误吗?如果有人认为他们创造了大量的比特只是为了意识到他们拼错4096为4O96(有一个大写'o',那么这不会导致错误的安全感')它默认为1024位,或者如果它使用像md5这样的东西而不是真正令人敬畏的摘要方法,因为它们拼错了它的名字?或者这是设计的?
如果此函数提供了无效的选项,PHP会使用哪些选项?
有没有办法验证 $options中使用的参数,以确保没有像这样的方式搞砸了? 编辑我看到位数和密钥类型都在openssl_pkey_get_details(),但不是摘要算法。