php – 为什么在Linux或Windows下使用不同的私钥？

发布时间：2020-12-13 16:32:59 所属栏目：PHP教程来源：网络整理

导读：当我使用以下 PHP代码(和相同的配置参数)创建私钥字符串时,它们被包含在不同的字符串之间： $configs = array('config' = 'OpenSSL.cnf','digest_alg' = 'sha1','x509_extensions' = 'v3_ca','req_extensions' = 'v3_req','private_key_bits' = 2048,'privat

当我使用以下 PHP代码(和相同的配置参数)创建私钥字符串时,它们被包含在不同的字符串之间：

$configs = array('config' => 'OpenSSL.cnf','digest_alg' => 'sha1','x509_extensions' => 'v3_ca','req_extensions' => 'v3_req','private_key_bits' => 2048,'private_key_type' => OPENSSL_KEYTYPE_RSA,'encrypt_key' => false,'encrypt_key_cipher' => OPENSSL_CIPHER_3DES);

$privateKeyResourceId = openssl_pkey_new($this->configs);                       
openssl_pkey_export($privateKeyResourceId,$privateKeyString);

在Linux上,$privateKeyString如下所示：

—–BEGIN PRIVATE KEY—–NBgkqhkiG9w0BAQE….ASDFasjkfa—–END PRIVATE KEY—–

在Windows上,$privateKeyString如下所示：

—–BEGIN RSA PRIVATE KEY—–NBgkqhkiG9E….ASDFasjkfa—–END RSA PRIVATE KEY—–

当我将Windows私钥字符串复制到Linux时,它可以直到我从开始/结束中删除“RSA”(相反的行为).为什么是这样？

根据 user note php.net这是一个已知的问题：

Please take note that older versions of PHP/OpenSSL exports the RSA private key with ‘—–BEGIN RSA PRIVATE KEY—–‘ PEM tag,which includes just the privateKey field,thus omitting the version and privateKeyAlgorithm fields.

The effect of that would be that if you’re converting it to DER,and
then back to PEM,but using ‘—–BEGIN PRIVATE KEY—–‘ PEM tag,
that the openssl_pkey_get_privatekey() function will fail!Senthryl’s
code can be used to prefix the PEM encoded data with the version and
privateKeyAlgorithm fields again.

The newer PHP/OpenSSL versions exports the RSA private key with
‘—–BEGIN PRIVATE KEY—–‘ PEM tag,which includes the version and
privateKeyAlgorithm fields.

I noticed these differences between my two servers:

PHP Version 5.3.3 (OpenSSL 1.0.0a-fips 1 Jun 2010) on Fedora Core 12 x64

PHP Version 5.2.9 (OpenSSL 0.9.8g 19 Oct 2007) on Fedora Core 10 x64

（编辑：李大同）

【声明】本站内容均来自网络，其相关言论仅代表作者个人观点，不代表本站立场。若无意侵犯到您的权利，请及时与联系站长删除相关内容!