Наш чат в Telegram для обмена идеями, проектами, мыслями, людьми в сфере ИТ г.Ростова-на-Дону: @it_rostov

OpenSSL


if (isset($_SERVER['HTTPS']) )
{
    echo "SECURE: This page is being accessed through a secure connection.<br /><br />";
}
else
{
    echo "UNSECURE: This page is being access through an unsecure connection.<br /><br />";
}
// Create the keypair
$res=openssl_pkey_new();
// Get private key
openssl_pkey_export($res, $privatekey);
// Get public key
$publickey=openssl_pkey_get_details($res);
$publickey=$publickey["key"];
echo "Private Key:<br />$privatekey<br /><br />Public Key:<br />$publickey<br /><br />";
$cleartext = '1234 5678 9012 3456';
echo "Clear text:<br />$cleartext<br /><br />";
openssl_public_encrypt($cleartext, $crypttext, $publickey);
echo "Crypt text:<br />$crypttext<br /><br />";
openssl_private_decrypt($crypttext, $decrypted, $privatekey);
echo "Decrypted text:<br />$decrypted<br /><br />";


1
koen dot thomeer at pubmed dot be6 years ago
// User variables:
$dir = '/path/to/temp/'; // Directory where apache has access to (chmod 777).
$RootCA = '/path/to/Root.cer'; // Points to the Root CA in PEM format.
$OCSPUrl = 'http://ocsp.url'; //Points to the OCSP URL
// Script:
$a = rand(1000,99999); // Needed if you expect more page clicks in one second!
file_put_contents($dir.$a.'cert_i.pem', $_SERVER['SSL_CLIENT_CERT_CHAIN_0']); // Issuer certificate.
file_put_contents($dir.$a.'cert_c.pem', $_SERVER['SSL_CLIENT_CERT']); // Client (authentication) certificate.
$output = shell_exec('openssl ocsp -CAfile '.$RootCA.' -issuer '.$dir.$a.'cert_i.pem -cert '.$dir.$a.'cert_c.pem -url '.$OCSPUrl);
$output2 = preg_split('/[\r\n]/', $output);
$output3 = preg_split('/: /', $output2[0]);
$ocsp = $output3[1];
echo "OCSP status: ".$ocsp; // will be "good", "revoked", or "unknown"
unlink($dir.$a.'cert_i.pem');
unlink($dir.$a.'cert_c.pem');


-8
Anonymous5 years ago
OpenSSL creates asynchronous key pairs, however I wanted to have the private key something that was human-memorizable. With the standard keys generated, this is not possible. How I achieved it was to use two types of encryption.
After generating a key pair with OpenSSL, the public key can be stored in plain text format. I then encrypted the private key itself using regular mcrypt with the human-memorizable key of my choice and converted it to ACSII using base64_encode. Then to get the private key back, I just decrypted it with mcrypt. This way I could store the encrypted private key on the server without worrying about having things stored unencrypted.
Of course, this will only be as good as your human-memorizable key is and can potentially reduce the security of your script if you choose something simple or don't use salts.


Описание класса book, примеры использования класса book.



Смотрите также:
Описание на ru2.php.net
Описание на php.ru