pfx,cer转pem，并对通过pem文件进行签名与验签

 1 <?php
 2 
 3 define("filePath","D:\\digitalCertificate\\");
 4 define("pfxFileName","jsc.pfx");
 5 define("password","jsb");
 6 
 7 /*实现.pfx文件转为.pem文件*/
 8 $file = filePath.pfxFileName;
 9 $results = array();
10 $worked = openssl_pkcs12_read(file_get_contents($file), $results, password);
11 $certificateCApem =$file.‘.pem‘;
12 @file_put_contents($certificateCApem, $results);//这里会出现array to string 警告，但不影响数据准确，就忽略警告了
13 
14 /*实现对传来的数据进行排序*/
15 function dataSort($data) {
16     $dataArr=explode(";",$data);
17     sort($dataArr);
18     $dataStr=implode(‘,‘,$dataArr);
19     $TransData=str_replace(",","&",$dataStr);
20     return  $TransData;
21 }
22 $data="name=jacson;code=12313;pass=admin;email=admin@qq.com;id=25536";//$data是需要进行签名的数据，这里有用户传过来，本程序由于测试需要，先写死
23 
24 /*实现加签功能*/
25 function sign($data) {
26     $priKey = file_get_contents(filePath.pfxFileName.‘.pem‘);
27     $res = openssl_get_privatekey($priKey);
28     openssl_sign($data, $sign, $res);
29     openssl_free_key($res);
30     $sign = base64_encode($sign);
31     return $sign;
32 }
33 
34 $dataReturn=sign(dataSort($data));
35 //print_r($dataReturn);查看签名后的数据

 1 <?php
 2 
 3 define("filePath","D:\\digitalCertificate\\");
 4 define("cerFileName","jsc.cer");
 5 
 6 /*实现.cer文件转为.pem文件*/
 7 $certificateCAcer = filePath.cerFileName;
 8 $certificateCAcerContent = file_get_contents($certificateCAcer);
 9 $certificateCApem=filePath.cerFileName.‘.pem‘;
10 file_put_contents($certificateCApem,$certificateCAcerContent);
11 
12 /*实现传来的数据进行排序*/
13 function dataSort($data) {
14     $dataArr=explode(";",$data);
15     sort($dataArr);
16     $dataStr=implode(‘,‘,$dataArr);
17     $TransData=str_replace(",","&",$dataStr);
18     return  $TransData;
19 }
20 $data="name=jacson;code=12313;pass=admin;email=admin@qq.com;id=25536";//这里$data理由同上
21 
22 /*实现验签功能*/
23 function verify($data, $sign)  {
24     $pubKey = file_get_contents(filePath.cerFileName.‘.pem‘);
25     $res = openssl_get_publickey($pubKey);
26     $result = (bool)openssl_verify($data, base64_decode($sign), $res);
27     openssl_free_key($res);
28     if($result) {
29         return "true";
30     }else {
31         return "false";
32     }
33 }
34 
35 $sign="";//$sign是encry.php签名后的数据，在encry.php中用print_r($dataReturn)打印出的数据进行测试，实际中是由用户传过来的
36 echo (verify(dataSort($data),$sign));//看返回是true还是false来看是否验签成功