openssl_open

(PHP 4 >= 4.0.4, PHP 5, PHP 7, PHP 8)

openssl_open — 打开密封的数据

说明

openssl_open(
    string $data,
    #[\SensitiveParameter] string &$output,
    string $encrypted_key,
    #[\SensitiveParameter] OpenSSLAsymmetricKey|OpenSSLCertificate|array|string $private_key,
    string $cipher_algo,
    ?string $iv = null
): bool

openssl_open() 使用与密钥标识符 private_key 和信封密钥 encrypted_key 相关联的私钥打开（解密）data 数据, 使用解密后的数据填充 output。当数据被密封时，就生成了信封密钥且只能由一个特定的私钥使用。更多信息参见openssl_seal()。

参数

data
output: 如果调用成功，则在这个参数中返回打开的数据。
encrypted_key
private_key
cipher_algo: 加解密算法。
警告
默认值（'RC4'）认为不安全。强烈建议明确指定安全密码方法。
iv: 初始化向量。

返回值

成功时返回 true，或者在失败时返回 false。

更新日志

版本	说明
8.0.0	`private_key` 现在接受 OpenSSLAsymmetricKey 或 OpenSSLCertificate 实例；之前接受类型 `OpenSSL key` 或 `OpenSSL X.509 CSR` 的 resource。
8.0.0	`cipher_algo` 不再是可选参数。

示例

示例 #1 openssl_open() 示例

<?php
// $sealed and $env_key are assumed to contain the sealed data
// and our envelope key, both given to us by the sealer.

// fetch private key from file and ready it
$fp = fopen("/src/openssl-0.9.6/demos/sign/key.pem", "r");
$priv_key = fread($fp, 8192);
fclose($fp);
$pkeyid = openssl_get_privatekey($priv_key);

// decrypt the data and store it in $open
if (openssl_open($sealed, $open, $env_key, $pkeyid)) {
    echo "here is the opened data: ", $open;
} else {
    echo "failed to open data";
}

// free the private key from memory
openssl_free_key($pkeyid);
?>

参见

openssl_seal() - 密封 (加密) 数据

发现了问题？

了解如何改进此页面 • 提交拉取请求 • 报告一个错误

＋添加备注

用户贡献的备注 2 notes

down

sdc ¶

13 years ago

PHP compiled without OpenSSL support? Here's how you can call the openssl command-line utility to achieve the same goal:

<?php
// $sealed and $env_key are assumed to contain the sealed data
// and our envelope key, both given to us by the sealer.

// specify private key file and passphrase
$pkey_file='key.pem';
$pkey_pp='netsvc';

// call openssl to decrypt envelope key
$ph=proc_open('openssl rsautl -decrypt -inkey '.
escapeshellarg($pkey_file).' -passin fd:3',array(
0 => array('pipe','r'), // stdin < envelope key
1 => array('pipe','w'), // stdout > decoded envelope key
2 => STDERR,
3 => array('pipe','r'), // < passphrase
),$pipes);
// write envelope key
fwrite($pipes[0],$env_key);
fclose($pipes[0]);
// write private key passphrase
fwrite($pipes[3],$pkey_pp);
fclose($pipes[3]);
// read decoded key, convert to hexadecimal
$env_key='';
while(!feof($pipes[1])){
$env_key.=sprintf("%02x",ord(fgetc($pipes[1])));
}
fclose($pipes[1]);
if($xc=proc_close($ph)){
  echo "Exit code: $xc\n";
}

// call openssl to decryp
$ph=proc_open('openssl rc4 -d -iv 0 -K '.$env_key,array(
0 => array('pipe','r'), // stdin < sealed data
1 => array('pipe','w'), // stdout > opened data
2 => STDERR,
 ),$pipes);
// write sealed data
fwrite($pipes[0],$sealed);
fclose($pipes[0]);
// read opened data
//$open=stream_get_contents($pipes[1]);
$open='';
while(!feof($pipes[1])){
$open.=fgets($pipes[1]);
}
fclose($pipes[1]);
if($xc=proc_close($ph)){
  echo "Exit code: $xc\n";
}

// display the decrypted data
echo $open;

?>

down

Gareth Owen ¶

16 years ago

Example code, assume mycert.pem is a certificate containing both private and public key.

$cert = file_get_contents("mycert.pem");

$public = openssl_get_publickey($cert);
$private = openssl_get_privatekey($cert);

$data = "I'm a lumberjack and I'm okay.";

echo "Data before: {$data}\n";
openssl_seal($data, $cipher, $e, array($public));

echo "Ciphertext: {$cipher}\n";

openssl_open($cipher, $open, $e[0], $private);
echo "Decrypted: {$open}\n";