使用OpenSSL

时间:2015-08-10 09:30:14

标签: php encryption openssl private-key

因为我正在尝试将一段PHP代码转换为Python,所以我试图找出PHP函数openssl_private_encrypt()的确切功能。

我希望能够直接使用openssl_private_encrypt()重现OpenSSL生成的内容,但出于某种原因,我得不到相同的结果。 openssl_private_encrypt()究竟在使用OpenSSL做什么?

PHP的RSA_private_encrypt() according to the PHP source code正在使用OpenSSL的openssl_private_encrypt()openssl rsautl -sign according to a different source正在使用相同的OpenSSL方法。同样(默认)填充-pkcs也在使用中。但我似乎无法重现相同的加密结果。

以下PHP代码:     

$key = "-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEA1tV0KlPGaeOnhlcYy3D5dr4Yd++Jz0puBBs8GIa4ammLqaoY
7Xo4J/jp9El3eK2GjwR82uXMNrICZKT0gU4k7LfXD5GUz5TqOfMIWSIM1mKPb67L
Xg5qfJ/8/cLY1RguzImd+ONQJ+MOtjtxE5BXq2luNL9k2Qw1aEhQR22xyzPPBwD9
0nCLhiq56lVXrG10+W9wMdNwtxTLc4hf3OF8IwEActV+Yw9xU8FuJnuAgovaFRQ2
/UC5OhPZckxhGoYJ7J5GSFBTNTuOuwyR/mGWXxgMNS/aQVOwK/+m7JWlwgOT5BdU
qL4ctk7rzRCWLdPhu0UmOxfHJMzjnqoXIWtL7wIDAQABAoIBAQDR2ryYxDDjKuBw
GBA+WmM1HMgmEDVb6ebB2CDCDIeEWwl0eJXVFDhaw4k1ebZciZURi16zLRpoq0Yv
LfsxfDYRjhtkN99XTq3mYYLcHqjPmoNmoyZBAHAAwP+OmpDYx8CfSCaqAtI/xEqQ
tEvmwm8BIAHpQLSwWH6rGUhiHcM5K953f5x10xuWSOH6xlAzdkLbjgN70aOQEbxw
703mKznw25UPspt89RFQPQDtgUnu76TzUp7jytxiyomj3h0CixTIAZd0OtF4g5kn
clNLCYSTVt2PBvlH/tDgVQ31JwLlzfrkHblTHFB4YNz49rempMGou/X+mHB4y5S1
CiN1LR4hAoGBAOxMywVgVmtPyLCFEetf9N1mWjiPpHsgmm+DxZPleQ8+G3G7Uc94
MO2ZUyEXayjK5L4ZwP/RoZGwo0j9VU1tzpRnjtpZYuRQNpqc3+VSzj3yasgaUh9H
syPyMCHn3H/9Qc4wD4hvRNtTTtESAaA0NM6zBGPOOCbYPelsbrwhcsoZAoGBAOi+
hXPKDhdw+whZZssOlSaZW42qfyGZwHkugRmSGplMHA3yrNGnRyn/CtQNA/r5fe/1
T/3XQy35+OyY7IxduPUUXMk4RAi1w61hr4PFs3MuewVEXUTus6q5gs/gZs1wK1DZ
BIFCHNfUYx6Bnq2O2Ytwvr7AiUlDOZRPddM1dRdHAoGAWiLk4pUgAek6LZNlBXrh
5b5QNfkdDdae8mC6cjL7XcQcJeMFTvWS/F8bJalQOAxE+vrJ8wtc7T0K3CG+cz2q
qlNiW4nzPhIW8h1bDpfqkhixgMkBgGsSO2j70UMnii7p9iPBGRMQmfUKQJf0xM6F
Qj9pMkUMiEy+ORcimmLL7akCgYB2EkkjT4rMi41eU/RY6OHzffM7MBZkllpVX6kw
rrT9teW5kbXoegMZJAB7SMsPJEimVf2pme3Dwj9sz7uZDebJtfXIQtoIzSUirR7c
K4x4z0iriF4EnU/aOVhKWt3sNI5U6nNlm4OEXoOWM02rYH+uRJkPrh83Ynowagst
Bb6L+wKBgQCAQpA7RytBXig/wF95qYtLnDjRAV+CoNldfAMVjB1+xvXgGWsq8jDW
bD9q+bFcGg7KQf7Lp/0VUkgB1p+bWVp+kq2XNfXgmrgzfzFsra95xPb7YJEFFoy1
o/fsQwasOd+ijJsMOWzrAG3eTIz3H3AsBJTed/tiUe5dNvVzmuj5ZA==
-----END RSA PRIVATE KEY-----";

openssl_private_encrypt("narf", $signature, $key);
echo bin2hex($signature);

给我:

b8a0b9ed54c4e6e7fb4da1b4180dcf8d56baf7cf4309b99c26f44079f5da
0b1566f8a6bb83d83b7a87078eb34e05b68e91e7a8279241bee16a1d003e
c3a99ebcbc1096b01f9bbe11ab1cce1ffc26ac38d8739efbf077c55ee80b
9afefb737ab816ef5b56e9120861a0fd53f36fb23bda6c545581ea220857
f055408ff7b8a2b4450a77928a9600bb6d053a22fb32d20834240953db3f
e0a31d453a9a2d956d0e7e56ca7849fde44e88c07363779e37ab53ecc7da
e5a91cef2a79232a782b56365937f6d48a351cf33036d8a15a859a47d781
09ac57e6261f8c73f44eb45e776d88182713b92aed359ec2953c01fdcf51
e59fbc4b1835cf4809d59ff95d869be9

命令行:

openssl rsautl -sign -inkey test_rsa -out data_out <<< "narf"
xxd -p data_out

其中test_rsa与PHP代码中的密钥相同。我明白了:

bc9d5dc772385965a7889a3e387b6398f3e58811aa0aee4b45a1576c08c2
7cde7e8d3e4b27d7fc350018b6c36f055c047ef9cd9aa8831a315fe5a350
ec271aaafa59f9dd9dda5b1ddf826e0f134785d9753eaabc866b0c716ce2
b7ac71a4ee79a3827cfc73c2169bff8ee7173172d8af8c9630e91d63c430
d308e15a1fb85a7b6fe257836e018102b8e55825c6a1a2413232b9a025a3
ca38e451d49cb04ad8a9be8452f213220d62711417c1e33adcededf9c172
2e87007e3fe25fba093774adfef3d3e72f4b3fa578a5a99721a002e69158
7e48e56ff5477162630739f74a385bb9e65da44821a278f6792e52c0edc8
356393e85b4692f33cd845d3a02760d4

为什么结果不一样?

1 个答案:

答案 0 :(得分:0)

PKCS1填充使用一些随机字节,因此每次的加密输出都是不同的。

在运行xxd -r -p|openssl rsautl -verify -inkey test_rsa时,PHP和openssl输出均返回输入字符串'narf'。