pubkeyencrypt(测试数据,$username,$pukey); echo $username; //私钥加密 $signbytes=$dateencrypt->sign($signsrc); echo $signbytes;?>
参考php 手册?>函数拓展?>加密拓展
php  rsa  加密  加密结果每次都会不一样，这是正确的。 跟java 有区别。java  结果不会变，但是java  能解出来。
证书都需要转换下  pem 格式才能使用。
java   部分
package com.allinpay.common.util;import java.io.fileinputstream;import java.io.filenotfoundexception;import java.io.ioexception;import java.security.invalidkeyexception;import java.security.key;import java.security.keypair;import java.security.keystore;import java.security.keystoreexception;import java.security.nosuchalgorithmexception;import java.security.privatekey;import java.security.publickey;import java.security.signature;import java.security.signatureexception;import java.security.unrecoverablekeyexception;import java.security.cert.certificate;import java.security.cert.certificateexception;import java.security.cert.certificatefactory;import java.security.cert.x509certificate;import javax.crypto.badpaddingexception;import javax.crypto.cipher;import javax.crypto.illegalblocksizeexception;import javax.crypto.nosuchpaddingexception;import org.bouncycastle.jce.provider.bouncycastleprovider;public class certsignutil { /** * 测试方法 从keystore中获得公私钥对 * * @param filepath * keystore文件路径 * @param keystorepassword * keystore 密码 * @param masterpassword * 私钥主密码，可以和keystore密码相同也可不同 * @param alias * 密钥对别名 */ public static keypair getkeyfromkeystore(string filepath, string keystorepassword, string masterpassword, string alias) { keypair keypair = null; try { keystore keystore = keystore.getinstance(keystore.getdefaulttype()); keystore.load(new fileinputstream(filepath), keystorepassword.tochararray()); key key = keystore.getkey(alias, masterpassword.tochararray()); // 也可以从keystore中直接读公钥证书，无须通过私钥转换 // certificate cert = keystore.getcertificate(alias); // publickey pubkey = cert.getpublickey(); if (key instanceof privatekey) { certificate cert = keystore.getcertificate(alias); keypair = new keypair(cert.getpublickey(), (privatekey) key); } privatekey privatekey = keypair.getprivate(); publickey publickey = keypair.getpublic(); } catch (keystoreexception e) { e.printstacktrace(); } catch (certificateexception e) { e.printstacktrace(); } catch (nosuchalgorithmexception e) { e.printstacktrace(); } catch (ioexception e) { e.printstacktrace(); } catch (unrecoverablekeyexception e) { e.printstacktrace(); } return keypair; } /** * 使用私钥证书签名 * * @param prikey * 私钥对象 * @param plaintext * 明文文本的字节数组 * @param encalg * 加密算法 * @param signalg * 签名算法 * @return 加密后的密文串 * * @see verifybypubkey */ public static byte[] signbyprikey(key prikey, byte[] srcbytes, string signalg) { // 签名 byte[] signbytes = null; try { signature sign = signature.getinstance(signalg, new bouncycastleprovider()); sign.initsign((privatekey) prikey); sign.update(srcbytes); signbytes = sign.sign(); } catch (nosuchalgorithmexception e) { // loggerutil.error(私钥签名 - 无效算法：); } catch (invalidkeyexception e) { // loggerutil.error(私钥签名 - 无效的密钥：); } catch (signatureexception e) { // loggerutil.error(私钥签名 - 签名异常：); } return signbytes; } /** * byte数组转十六进制字符串，字节间不用空格分隔 * * @param b * @return */ public static string bytes2hexstring(byte[] b) { string ret = ; for (int i = 0; i byte[]{0x2b, 0x44, 0xef, * 0xd9} * * @param src * string格式字符串 * @return byte[] */ public static byte[] hexstring2bytes(string src) { if (src.length() % 2 != 0) { src = src + 0; } byte[] ret = new byte[src.length() / 2]; byte[] tmp = src.getbytes(); for (int i = 0; i 0xef * * @param src0 * byte * @param src1 * byte * @return byte */ public static byte unitebytes(byte src0, byte src1) { byte _b0 = byte.decode(0x + new string(new byte[] { src0 })) .bytevalue(); _b0 = (byte) (_b0
package com.allinpay.user;import java.security.key;import java.security.keypair;import com.allinpay.common.util.certsignutil;import com.allinpay.common.util.constants;public class test { public static void main(string[] args) { keypair kp = certsignutil .getkeyfromkeystore(e://jason's work file//allinpay//boss 后台系统管理//20141013//zhd//testmemberkey.keystore, testmemberkey, testmemberkey, testmemberkey); key pubkey = certsignutil.getpubkeyfromcertfile(e://jason's work file//allinpay//boss 后台系统管理//20141013//zhd//tlcert4sign_test.cer); system.out.println(pubkey); byte[] encbytes = certsignutil.encbypubkey(pubkey, 测试数据.getbytes(), rsa); // system.out.println(aaaaaa + new string(encbytes)); byte[] aaa = certsignutil.signbyprikey(kp.getprivate(), 测试数据.getbytes(), constants.sha1_with_rsa); system.out.println(aaa); string signmsg = certsignutil.bytes2hexstring(aaa); system.out.println(signmsg); byte[] encbyte = certsignutil.encbypubkey(pubkey, 测试数据.getbytes(), rsa); string signmsg1 = certsignutil.bytes2hexstring(encbyte); system.out.println(signmsg1); }}
java   rsa  默认的补码方式是  openssl_pkcs1_padding  所以需要跟上面 php 代码部分一致。