$configs = array('config' => 'OpenSSL.cnf','digest_alg' => 'sha1','x509_extensions' => 'v3_ca','req_extensions' => 'v3_req','private_key_bits' => 2048,'private_key_type' => OPENSSL_KEYTYPE_RSA,'encrypt_key' => false,'encrypt_key_cipher' => OPENSSL_CIPHER_3DES);
$privateKeyResourceId = openssl_pkey_new($this->configs);
openssl_pkey_export($privateKeyResourceId,$privateKeyString);
在Linux上,$privateKeyString如下所示:
—–BEGIN PRIVATE KEY—–NBgkqhkiG9w0BAQE….ASDFasjkfa—–END PRIVATE KEY—–
在Windows上,$privateKeyString如下所示:
—–BEGIN RSA PRIVATE KEY—–NBgkqhkiG9E….ASDFasjkfa—–END RSA PRIVATE KEY—–
当我将Windows私钥字符串复制到Linux时,它可以直到我从开始/结束中删除“RSA”(相反的行为).为什么是这样?
Please take note that older versions of PHP/OpenSSL exports the RSA private key with ‘—–BEGIN RSA PRIVATE KEY—–‘ PEM tag,which includes just the privateKey field,thus omitting the version and privateKeyAlgorithm fields.
The effect of that would be that if you’re converting it to DER,and
then back to PEM,but using ‘—–BEGIN PRIVATE KEY—–‘ PEM tag,
that the openssl_pkey_get_privatekey() function will fail!Senthryl’s
code can be used to prefix the PEM encoded data with the version and
privateKeyAlgorithm fields again.The newer PHP/OpenSSL versions exports the RSA private key with
‘—–BEGIN PRIVATE KEY—–‘ PEM tag,which includes the version and
privateKeyAlgorithm fields.I noticed these differences between my two servers:
PHP Version 5.3.3 (OpenSSL 1.0.0a-fips 1 Jun 2010) on Fedora Core 12 x64
PHP Version 5.2.9 (OpenSSL 0.9.8g 19 Oct 2007) on Fedora Core 10 x64
