也许有人可以澄清我。我已经在这上面冲浪有一段时间了。
步骤#1:创建根证书
Key generation on unix
1) openssl req -x509 -nodes -days 3650 -newkey rsa:1024 -keyout privatekey.pem -out mycert.pem
2) openssl rsa -in privatekey.pem -pubout -out publickey.pem
3) openssl pkcs12 -export -out mycertprivatekey.pfx -in mycert.pem -inkey privatekey.pem -name "my certificate"
步骤#2:根证书在 php 上工作吗:是
PHP side
我使用 publickey.pem 将其读入 php:
$publicKey = "file://C:/publickey.pem";
$privateKey = "file://C:/privatekey.pem";
$plaintext = "123";
openssl_public_encrypt($plaintext, $encrypted, $publicKey);
$transfer = base64_encode($encrypted);
openssl_private_decrypt($encrypted, $decrypted, $privateKey);
echo $decrypted; // "123"
OR
$server_public_key = openssl_pkey_get_public(file_get_contents("C:\publickey.pem"));
// rsa encrypt
openssl_public_encrypt("123", $encrypted, $server_public_key);
//and the privatekey.pem to check if it works:
openssl_private_decrypt($encrypted, $decrypted, openssl_get_privatekey(file_get_contents("C:\privatekey.pem")));
echo $decrypted; // "123"
得出结论,使用这些 openssl 根证书文件在 php 端加密/解密工作正常。
步骤#3:根证书在 .NET 上工作吗:是
C# side
以同样的方式,我将密钥读入 .net C# 控制台程序:
X509Certificate2 myCert2 = null;
RSACryptoServiceProvider rsa = null;
try
{
myCert2 = new X509Certificate2(@"C:\mycertprivatekey.pfx", "password");
rsa = (RSACryptoServiceProvider)myCert2.PrivateKey;
}
catch (Exception e)
{
Console.writeln(e.message); // because I left a blank catch block, I did not realize there was an exception! I missed the password for the certificate.
}
byte[] test = {Convert.ToByte("123")};
string t = Convert.ToString(rsa.Decrypt(rsa.Encrypt(test, false), false));
说到这里,加密/解密在 c# 端使用这些 openssl 根证书文件工作得很好。
步骤#4:在 php 中加密并在 .NET 中解密:是
PHP side
$onett = "123"
....
openssl_public_encrypt($onett, $encrypted, $server_public_key);
$onettbase64 = base64_encode($encrypted);
复制 - 粘贴 $onettbase64 ("LkU2GOCy4lqwY4vtPI1JcsxgDgS2t05E6kYghuXjrQe7hSsYXETGdlhzEBlp+qhxzTXV3pw+AS5bEg9CPxqHus8fXHOnXYqsd2HL20QSaz+FjZee6Kvva0cGhWkFdWL +ANDSOWRWo/OMhm7JVqU3P/44c3dLA1eu2UsoDI26OMw=") 到 c# 程序中:
C# side
byte[] transfered_onett = rsa.Decrypt(Convert.FromBase64String("LkU2GOCy4lqwY4vtPI1JcsxgDgS2t05E6kYghuXjrQe7hSsYXETGdlhzEBlp+qhxzTXV3pw+AS5bEg9CPxqHus8fXHOnXYqsd2HL20QSaz+FjZee6Kvva0cGhWkFdWL+ANDSOWRWo/OMhm7JVqU3P/44c3dLA1eu2UsoDI26OMw="), false);
string result = System.Text.Encoding.UTF8.GetString(transfered_onett); // "123"
没问题。