php – 为什么在Linux或Windows下使用不同的私钥?

前端之家收集整理的这篇文章主要介绍了php – 为什么在Linux或Windows下使用不同的私钥?前端之家小编觉得挺不错的,现在分享给大家,也给大家做个参考。
当我使用以下 PHP代码(和相同的配置参数)创建私钥字符串时,它们被包含在不同的字符串之间:
$configs = array('config' => 'OpenSSL.cnf','digest_alg' => 'sha1','x509_extensions' => 'v3_ca','req_extensions' => 'v3_req','private_key_bits' => 2048,'private_key_type' => OPENSSL_KEYTYPE_RSA,'encrypt_key' => false,'encrypt_key_cipher' => OPENSSL_CIPHER_3DES);

$privateKeyResourceId = openssl_pkey_new($this->configs);                       
openssl_pkey_export($privateKeyResourceId,$privateKeyString);

在Linux上,$privateKeyString如下所示:

—–BEGIN PRIVATE KEY—–NBgkqhkiG9w0BAQE….ASDFasjkfa—–END PRIVATE KEY—–

在Windows上,$privateKeyString如下所示:

—–BEGIN RSA PRIVATE KEY—–NBgkqhkiG9E….ASDFasjkfa—–END RSA PRIVATE KEY—–

当我将Windows私钥字符串复制到Linux时,它可以直到我从开始/结束中删除“RSA”(相反的行为).为什么是这样?

根据 user note php.net这是一个已知的问题:

Please take note that older versions of PHP/OpenSSL exports the RSA private key with ‘—–BEGIN RSA PRIVATE KEY—–‘ PEM tag,which includes just the privateKey field,thus omitting the version and privateKeyAlgorithm fields.

The effect of that would be that if you’re converting it to DER,and
then back to PEM,but using ‘—–BEGIN PRIVATE KEY—–‘ PEM tag,
that the openssl_pkey_get_privatekey() function will fail!Senthryl’s
code can be used to prefix the PEM encoded data with the version and
privateKeyAlgorithm fields again.

The newer PHP/OpenSSL versions exports the RSA private key with
‘—–BEGIN PRIVATE KEY—–‘ PEM tag,which includes the version and
privateKeyAlgorithm fields.

I noticed these differences between my two servers:

PHP Version 5.3.3 (OpenSSL 1.0.0a-fips 1 Jun 2010) on Fedora Core 12 x64

PHP Version 5.2.9 (OpenSSL 0.9.8g 19 Oct 2007) on Fedora Core 10 x64

猜你在找的PHP相关文章