2

我想生成example.com.crtexample.com.pem使用 php。获取文件的 Linux 命令如下:

openssl req -newkey rsa:2048 -new -x509 -days 3652 -nodes 
            -out example.com.crt -keyout example.com.pem

我想在 php.ini 中获取两个字符串中的两个文件内容。这个的 php 等效代码是什么?

更新:请不要要求执行 Linux 命令。

4

5 回答 5

2

这里有另一个命令:

<?php 
// generate 2048-bit RSA key
$pkGenerate = openssl_pkey_new(array(
    'private_key_bits' => 2048,
    'private_key_type' => OPENSSL_KEYTYPE_RSA
));

// get the private key
openssl_pkey_export($pkGenerate,$pkGeneratePrivate); // NOTE: second argument is passed by reference

// get the public key
$pkGenerateDetails = openssl_pkey_get_details($pkGenerate);
$pkGeneratePublic = $pkGenerateDetails['key'];

// free resources
openssl_pkey_free($pkGenerate);

// fetch/import public key from PEM formatted string
// remember $pkGeneratePrivate now is PEM formatted...
// this is an alternative method from the public retrieval in previous
$pkImport = openssl_pkey_get_private($pkGeneratePrivate); // import
$pkImportDetails = openssl_pkey_get_details($pkImport); // same as getting the public key in previous
$pkImportPublic = $pkImportDetails['key'];
openssl_pkey_free($pkImport); // clean up

// let's see 'em
echo "\n".$pkGeneratePrivate
    ."\n".$pkGeneratePublic
    ."\n".$pkImportPublic
    ."\n".'Public keys are '.(strcmp($pkGeneratePublic,$pkImportPublic)?'different':'identical').'.';
?>
于 2016-01-23T09:09:13.210 回答
1

您可以使用phpseclib,一个纯 PHP X.509 实现

http://phpseclib.sourceforge.net/x509/examples.html#selfsigned

<?php
include('File/X509.php');
include('Crypt/RSA.php');

// create private key / x.509 cert for stunnel / website
$privKey = new Crypt_RSA();
extract($privKey->createKey());
$privKey->loadKey($privatekey);

$pubKey = new Crypt_RSA();
$pubKey->loadKey($publickey);
$pubKey->setPublicKey();

$subject = new File_X509();
$subject->setDNProp('id-at-organizationName', 'phpseclib demo cert');
//$subject->removeDNProp('id-at-organizationName');
$subject->setPublicKey($pubKey);

$issuer = new File_X509();
$issuer->setPrivateKey($privKey);
$issuer->setDN($subject->getDN());

$x509 = new File_X509();
//$x509->setStartDate('-1 month'); // default: now
//$x509->setEndDate('+1 year'); // default: +1 year

$result = $x509->sign($issuer, $subject);
echo "the stunnel.pem contents are as follows:\r\n\r\n";
echo $privKey->getPrivateKey();
echo "\r\n";
echo $x509->saveX509($result);
echo "\r\n";
?>

这将创建一个私钥和一个自签名 X.509 证书(如您的 CLI 示例所做的那样),其中私钥对应于公钥。

于 2012-11-30T16:04:09.573 回答
0

使用exec()system()函数执行命令,然后使用file_get_contents()读取输出文件。

于 2012-11-29T09:46:26.720 回答
0

PHP有OpenSSL扩展,你应该检查它是否对你来说还不够,因为它会更好地使用它而不是exec()

http://php.net/manual/en/book.openssl.php

于 2012-11-29T09:47:46.117 回答
-1

也许这不是最好的解决方案,但您可以使用 exec() 和 file_get_contents(),例如:

exec("openssl req -newkey rsa:2048 -new -x509 -days 3652 -nodes -out example.com.crt -keyout example.com.pem");
$crtFile = file_get_contents("example.com.crt");
$pemFile = file_get_contents("example.com.pem");

请注意文件权限和明显的文件路径。如果您围绕这些命令添加一些错误处理,那就更好了。

阅读更多: http: //php.net/manual/en/function.exec.php

并且: http: //php.net/manual/en/function.file-get-contents.php

于 2012-11-29T09:46:13.590 回答