简单介绍
和第三方对接接口或者提供接口给第三方的时候,都需要对请求的参数进行校验,一是对请求方是否合法的校验(签名),另外是对数据的加密(对称加密或者非对称加密)
加密方式
请求合法性的校验签名
1、签名需要双方都有app secret,校验签名使用secret进行校验。一般使用sha1进行加密
private function generateSign(): array
{
$timeStamp = time();
$randStr = $this->generateRandStr();
return [
'timeStamp' => $timeStamp,
'randstr' => $randStr,
'encrypt' => $this->encrypt,
'sign' => sha1($timeStamp . $randStr . $this->encrypt . $this->appSecret)
];
}
对数据进行加密-对称加密
对数据进行AES加密的时候 需要双方约定AES秘钥 AesScret 加密方法method也可自行定义
加密方法
/**
* @param array $data
* @param string $privateKey
* @param int $options
* @param string $method
* @return string
*/
private function AesEncrypt(array $data, string $privateKey, int $options = 0, string $method = 'AES-128-CBC'): string
{
// 不定义iv的话 Warning: openssl_encrypt(): Using an empty Initialization Vector (iv) is potentially insecure and not recommended
// $ivLength = openssl_cipher_iv_length($method);
// $iv = md5(openssl_random_pseudo_bytes($ivLength));
return @base64_encode(openssl_encrypt(json_encode($data), $method, $privateKey, $options));
}
解密方法
/**
* @param string $encryptData
* @param string $privateKey
* @param int $options
* @param string $method
* @return string
*/
private function AesDecrypt(string $encryptData, string $privateKey, int $options = 0, string $method = 'AES-128-CBC'): string
{
return openssl_decrypt(base64_decode($encryptData), $method, $privateKey, $options);
}
对数据进行加密-非对称加密
可以私钥加密 公钥解密 也可以公钥加密 私钥解密 但是公私钥一定要是一对儿才行
private $rsaPrivate;
private $rsaPublic;
/**
* @return array
*/
public function rsaEncrypt(): array
{
$rsa = $this->generateRsaKey();
$data = ["phone_number"=> "10086123"];
$pub_key = openssl_pkey_get_public($rsa->rsaPublic);
$encrypt = $this->rsaEncryptStr(json_encode($data), $pub_key);
$pri_key = openssl_pkey_get_private($rsa->rsaPrivate);
$decrypt = $this->rsaDecryptStr($encrypt, $pri_key);
return [
'encrypt' => $encrypt,
'decrypt' => json_decode($decrypt, true),
];
}
/**
* @return $this
* @throws \Exception
*/
private function generateRsaKey()
{
$sslPath = 'D:\phpstudy_pro\Extensions\php\php7.3.4nts\extras\ssl\openssl.cnf';
$config = [
"private_key_bits" => 4096, //字节数 512 1024 2048 4096 等 此处长度与加密的字符串长度有关系
"private_key_type" => OPENSSL_KEYTYPE_RSA, //加密类型
"config" => $sslPath // openssl.cnf 的路径
];
// 生成公钥私钥资源
$res = openssl_pkey_new($config);
if ($res === false) {
throw new \Exception("生成失败!");
}
openssl_pkey_export($res, $priKey, null, $config);
$pubKey = openssl_pkey_get_details($res)['key'];
$rsa = new static();
$rsa->rsaPrivate = $priKey;
$rsa->rsaPublic = $pubKey;
return $rsa;
}
/**
* 公钥加密
* @param $originStr
* @return string
*/
private function rsaEncryptStr($originalStr, $rsaPublic): string
{
$encryptData = '';
openssl_public_encrypt($originalStr, $encryptData, $rsaPublic);
return base64_encode($encryptData);
}
/**
* 私钥解密
* @param $encryptStr
* @param $rsaPrivate
* @return string
*/
private function rsaDecryptStr($encryptStr, $rsaPrivate): string
{
$decryptData = '';
$encryptStr = base64_decode($encryptStr);
openssl_private_decrypt($encryptStr, $decryptData, $rsaPrivate);
return $decryptData;
}
