• 首页
  • vue
  • TypeScript
  • JavaScript
  • scss
  • css3
  • html5
  • php
  • MySQL
  • redis
  • jQuery
  • openssl_open()

    (PHP 4 >= 4.0.4, PHP 5, PHP 7)

    打开密封的数据

    说明

    openssl_open(string $sealed_data,string &$open_data,string $env_key, mixed $priv_key_id[,string $method= "RC4"[,string &$iv]]): bool

    openssl_open()使用与密钥标识符$priv_key_id和信封密钥$env_key相关联的私钥打开(解密)$sealed_data数据,使用解密后的数据填充$open_data。当数据被密封时,就生成了信封密钥且只能由一个特定的私钥使用。更多信息参见openssl_seal()。

    参数

    $sealed_data
    $open_data

    如果调用成功,则在这个参数中返回打开的数据。

    $env_key
    $priv_key_id
    $method

    加解密算法。

    $iv

    初始化向量。

    返回值

    成功时返回TRUE,或者在失败时返回FALSE

    更新日志

    版本说明
    7.0.0添加了$iv参数
    5.3.0添加了$method参数

    范例

    openssl_open()范例

    <?php
    // $sealed and $env_key are assumed to contain the sealed data
    // and our envelope key, both given to us by the sealer.
    // fetch private key from file and ready it
    $fp = fopen("/src/openssl-0.9.6/demos/sign/key.pem", "r");
    $priv_key = fread($fp, 8192);
    fclose($fp);
    $pkeyid = openssl_get_privatekey($priv_key);
    // decrypt the data and store it in $open
    if (openssl_open($sealed, $open, $env_key, $pkeyid)) {
        echo "here is the opened data: ", $open;
    } else {
        echo "failed to open data";
    }
    // free the private key from memory
    openssl_free_key($pkeyid);
    ?>
    

    参见

    PHP compiled without OpenSSL support? Here's how you can call the openssl command-line utility to achieve the same goal:
    <?php
    // $sealed and $env_key are assumed to contain the sealed data
    // and our envelope key, both given to us by the sealer.
    // specify private key file and passphrase
    $pkey_file='key.pem';
    $pkey_pp='netsvc';
    // call openssl to decrypt envelope key
    $ph=proc_open('openssl rsautl -decrypt -inkey '.
     escapeshellarg($pkey_file).' -passin fd:3',array(
     0 => array('pipe','r'), // stdin < envelope key
     1 => array('pipe','w'), // stdout > decoded envelope key
     2 => STDERR,
     3 => array('pipe','r'), // < passphrase
     ),$pipes);
    // write envelope key
    fwrite($pipes[0],$env_key);
    fclose($pipes[0]);
    // write private key passphrase
    fwrite($pipes[3],$pkey_pp);
    fclose($pipes[3]);
    // read decoded key, convert to hexadecimal
    $env_key='';
    while(!feof($pipes[1])){
     $env_key.=sprintf("%02x",ord(fgetc($pipes[1])));
    }
    fclose($pipes[1]);
    if($xc=proc_close($ph)){
     echo "Exit code: $xc\n";
    }
    // call openssl to decryp
    $ph=proc_open('openssl rc4 -d -iv 0 -K '.$env_key,array(
     0 => array('pipe','r'), // stdin < sealed data
     1 => array('pipe','w'), // stdout > opened data
     2 => STDERR,
     ),$pipes);
    // write sealed data
    fwrite($pipes[0],$sealed);
    fclose($pipes[0]);
    // read opened data
    //$open=stream_get_contents($pipes[1]);
    $open='';
    while(!feof($pipes[1])){
     $open.=fgets($pipes[1]);
    }
    fclose($pipes[1]);
    if($xc=proc_close($ph)){
     echo "Exit code: $xc\n";
    }
    // display the decrypted data
    echo $open;
    ?>
    
    Example code, assume mycert.pem is a certificate containing both private and public key.
    $cert = file_get_contents("mycert.pem");
    $public = openssl_get_publickey($cert);
    $private = openssl_get_privatekey($cert);
    $data = "I'm a lumberjack and I'm okay.";
    echo "Data before: {$data}\n";
    openssl_seal($data, $cipher, $e, array($public));
    echo "Ciphertext: {$cipher}\n";
    openssl_open($cipher, $open, $e[0], $private);
    echo "Decrypted: {$open}\n";