Warning: file_get_contents(/data/phpspider/zhask/data//catemap/1/php/279.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181

Warning: file_get_contents(/data/phpspider/zhask/data//catemap/9/security/4.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Php 为什么这段代码创建一个有效的证书而不是产生一个错误?_Php_Security_Encryption_Cryptography_Openssl - Fatal编程技术网
Fatal编程技术网
  • php/
  • Php 为什么这段代码创建一个有效的证书而不是产生一个错误?

Php 为什么这段代码创建一个有效的证书而不是产生一个错误?

php security encryption cryptography openssl

Php 为什么这段代码创建一个有效的证书而不是产生一个错误?,php,security,encryption,cryptography,openssl,Php,Security,Encryption,Cryptography,Openssl,我有以下我认为是有效的代码,在Debian stable上试用后,效果如预期: $config = array( 'private_key_bits' => 4096, 'digest_alg' => 'sha2', 'private_key_type' => OPENSSL_KEYTYPE_RSA, ); // Create the private and public key $res = openssl_pkey_new($config); if

我有以下我认为是有效的代码,在Debian stable上试用后,效果如预期:

$config = array(
    'private_key_bits' => 4096,
    'digest_alg' => 'sha2',
    'private_key_type' => OPENSSL_KEYTYPE_RSA,
);

// Create the private and public key
$res = openssl_pkey_new($config);
if ($res === false) {
    throw new Exception('Key generation failed: '.openssl_error_string());
}

// Extract the private key from $res to $priv
openssl_pkey_export($res, $priv);

echo $priv;
这是上述代码的结果:

-----BEGIN PRIVATE KEY-----
MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQDcdRt222S/gEyY
q1h1yPJlPbDJSJ1YPlsTarbQoSQJhan9ezJQc1ctJ/As9wUUOFBAKlkEY0HNLule
1H9ROVG5drV/p6nfpM3wxtnfLAmFysGt1Jt2pfuCRGMjKdvcPIrvzvVXK1KcD2NF
FJOK1xoAl6+nGA9+p8APHqrYFEQ4D8u0JJKUTUNhnSDCCo7uvKXomObQRksADRtc
hqErDYIKA4ZtJl9xg+fFC1m7Ig+AJZliYhp+GqhElwRbACGUk+4yctUnyRLmRfjw
pCzgpEUIPqC3ktbwrxDikafXaMeb6HRyO51curBkI6ZAUM250RmdO7nd3tEbUWCy
5fcjsQdjjDW3QE/qxJcK0VgWRkJQNVagLC5tkZ/FQs/kxK+oB6CrtNAYr+tAIVPW
UY1yt3gDy0h+a674aAuG1IKm4n6vOv3usU1NVkoQC1URcNTP7MJ/gkEQC0Knj1bM
7jSs1s800/o7AKwh7nXIfCgcvGPShx6aBAR48rOdAkdB3o8UWHoeGeMG0FOVBGq1
hmQpttGLie9E9Cemw7BPvksGvjF7QYIMXF5ns5/VmSapvN/9sT7k+wVlBkDltQwt
qu0+FIi1+D4YcOabbiAcqlAqV+I4PlP9euY10VC9AUTiQzmouwts5tjNWpRwHwOH
TNdQt8uO8rK/Ea0PbPa6N2GY9p8qsQIDAQABAoICAD9XbnKyCrpzFI7w/FOrTuoD
1Z2fvYWzNNvZV3mOMxqBSxxHn2c6HJwe04U33D+5BmXJRRZbpnZbujXC/GnL/E07
bF6nP8nAQmOh3suejYXhgdB+O8TVX/RHzew2hLM8ufa5Egjfq7anPTCF/vZvY0s0
SgXKhfkwHaC6gP/gotEwyKiTsYHmyStsyBK4keTKUykHdZn1+GqlWW02SWxjTy+t
X5xQ4C9vZNJatodr++Qn6XA5G7+LzTkX4up6mStlbZUVJWVvAn0jMamColpRGHyL
8gWMrTEuO729d+oOcvu6yGph8o7IHRJIo+Xq0ZFIIQHqPTcgZBhjQ1Nje6THooVR
FDUKIOqk57H9XHPaWDi76Hp4AZ7BS9q9yVO37eRcT8sA3kLjraJF4uzWoQKnz4XL
X00X8RRxCoaFSa8UuA0RNC+zx42DUnMIGz00pUmElUYZ2KtE8s2im/mVcuBQy1yV
1T8v6+LLCIwWgWe6JUwPH//+luV9cKh/9jBZI5vkELe+rNBhCx7KmJ3BtM7oxrRB
2i3+HE2KqhSZrUwHPoK2nZHffIAYBnEnlMHJQYb9Ceek9SsG5Z1wsI63frC0/7ZT
mdgHaclb9++XqP3x1BVmwzoO7r7qiB5w3DJZixs5EcuZ0p2cqv9s0atVJmh5nm9j
Ih8y0a/6fBmL3KNEPV1ZAoIBAQD2DWWo54LkVPEYCXxT0wqGu4WeNuSSrKIqL7N4
0PyNdVj1Er/tAutdZPU5ZpwXPuKYAcqrsUuVYzaHKO157ghMj07Gz+oegeDjXlQN
USjDkWvVP8rLrw85tB5VkUT6d1hrAIN3SrYWzxmod0P4IgW+FqesG2A6kCC4H3/e
bjjAP20slRPTCZHS88mDbhtrt4rjN3YzIzTTGuSiGyK9czsVKEztXtNsqeGW5yor
QL0PPbSUThJQOkWYpcc0jZEwmtltMwZRWuO6OauoK6rfeiQL3OpJJQLeRfviw+uQ
cOZj3etQ4Qv9EwPydmQlV7/f7sMM5FSvVQUvaDJNYHPR8herAoIBAQDlXs6i/dy+
bazIovUbPy84hw8gvam/iGnL+XBjh+1+TNTY5qcSPiU+HJOwSRTFxWJrI1kUVX7l
bt2kRraFUT8SveZ550cQTTknm06WoEFcYYV0FZ8CiFSHbUbmIBrxXbAui4bLjEqM
bGzgEcc8GXkyCmDrdkvqKtrgpW3F4vU2cYKTPc+P2oF/Zqg4i9c86c6BDZGuCMXr
JpJ1UcYx0KHTppvveBgJNBhO2GZj3pp2irXJby++M5gc3L32EbCXrkyGCbBo/X/+
DwQPmBBGz3fd1ttC0cmRd8aSN/C4T7Io4qsccyd51HYnziXqpi5+h2CAHrR+Or6s
382om8NTmTsTAoIBAG5xewVCzb0B56o7b8QMgbgSahqnVxgDR1MaUDvVytcQKlrv
DJkta0pjq7MVPNEuV/WVMEy660tl2i73Dwlg7/a1iM2yu8rvz2sfhyjnGh4Wo0l4
NeYRcQscr1UHPOgUM+rrsxcTwQIh+cllp2u0kdFOR/r32szOrvEWqoXEAdNBZRbS
37AlpoADD5vgC4zhOQVeer7febGca63b8k8JbybDDSyrGMm4w1rB7mq1x2cU8n5z
QMMkNOMc3nrXZKlliFz8v0Q7QObxRfzZhPyEzbNJeRxV8aCl1zdla9JM6w0+qoaG
TaROKcJmo/MjHSw99u1NfDmrNwWdhp62waYmPbsCggEBAJ+VR9V1JMlFC0sIvdn4
KwV8SlUwQFMnONyWrtBA+Ua/c/N4/tKddFHzlfm3zwEOpLv/+vE/zqsYaJLsM/8r
mOOURi+YbwPzhol877+yveblXvF2PYyIh681o3dm7PfzhCnOH7ms4Q00Psfi9qhk
3MKpH+eTBZxltqVH08kzcAIyFXQWNDxU/XZDWVUGTnlt/qQhabMZHYLO8mU3wNpV
2tGkAKgq+SYmHad1vj9L2FITjgkZF7GQuguStYPnqOLPfSRgx2E0xoFftyaWWPS7
Uh2BaEnkJgbUu85tp0jFAiKaGg0QPW3xGUf2kMDiYETeMZDSTCfq/VDP4Ymm3c5j
NQsCggEAXRS9FXx//5Md68AOM+oQMN4D9iwKQiW8YJBJFI4r3dlxqWyuSMdhRqxB
jDaMNet1cqGyAYlyxEAafq0m4XUm9IHKKx7kEX4y7MssjYcfmT6dCKSxahjXaNRM
VmSWDS1av6PmtDegngA254v9KUAneYwwJHaSMYIHi6I/WwQwOtYIuhaAs9+UpDja
Z9lzVrpjL0F05kBeWQ3+GHOsCY6P1w98fXryivKOu4sxY5fDBivGr2YnYmPDb/8g
wiNJsxNY0yx1FR7m+Hojvzr7865QzysktQXIhBGWQQE4fZYDOiVzprgWCgyiXnyP
eWgwHIK0jIaFS0J3h4S08BxX+fi14g==
-----END PRIVATE KEY-----
但是我注意到,如果我将$config中的所有参数都更改为无效参数,我仍然会得到一个正在生成的证书,而不是某种错误,并且我可以使用该证书进行加密和解密、签名和验证,而不会出现任何问题:

$config = array(
    'private_key_bits' => (-1 * pi()), // negative pi. Also tried with a string
    'digest_alg' => 'blah1024',
    'private_key_type' => 'hello',
);
这是使用上述无效参数生成的示例:

-----BEGIN PRIVATE KEY-----
MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQClUjW+jZvviRED
bfNNjQuJHaE7ZXl0lOVmiY0ZSDeq1H/7q3wAI2pfjwT35kHkmbqeUASk1bl15P5W
YElo+/P34IY3wDC9N4DlQ+C5LMz+ryJUSB7Qf6mndEN/oNChjEQ6lmKnvuSicG5r
qG74l8Ry33m3dRbh8pDpmz31pgvNnLXLhMhMznXmj5wyHfjPyepnrrNZxUlT2c/C
Ewz8sqdxBdO2L6/hH6x8t/JId5mSH3VjuQkZJxtD7InRQ8OitK8r/VXfXoWjlKwW
a0JILAAUBfS0J/4j1+xTCP9uFHdlgLc5/EtfQCMAL0ir4nG6bTqddV2hpWo9mKx8
nUr7XkQ/AgMBAAECggEBAKDDSwQcTNEoZuUA3KJDUD5sE8fgq7UUvedyR0WYlpmG
v1YKsjCoP97hAyHWRal5XKJqibmJJCpjHnj8dSakK+CV867vM/YsrSlFUph/2nCn
+igfYee63U27n4/S4E7YSdj3OMSKu2bDEn2acx9G5oAWlRQzxqa97PFeR2hDqiKs
e0LaOa8rxInPWJft7lYVNsq8GZIBAdqnxDtWd8eymTr6Uov7t5rM2Nl/TGqE4cFW
w2OwLxplJiqLbO0SQuAZPQBtWCFeZNtRd7X/GJSr1+mIlW5DnxyEuiXMKOyx6nVL
6avQ6C3lp/e8YIU1aTIngNCsx5y2nfog3a3ahAiYFZECgYEA1IBO+d3HOZnA2N9u
YFP0PptiFqa43RERWQIHc2oD0MjYKtwRIFGFzmCcpQ12T8+XUjfEVlq7RSGvp5no
2/Lk4gV2qI3ZsJ6YTovJqG2CdwHMRawjRaQxQhntLMIzFA0XI7aSjnYgExDvk0Y0
kFqmrXLV1PnNtxC6SXWW5bwrteUCgYEAxymGsIB42BAWhSTBCUFjz614OhU8h8lN
2NbuWh7hgzf4hGzVUUOZPgyVpnKWGUxudUjIfhhshm5Dol5vam/ae2YhB6w6On0b
deDbFMgcO6Sd706dtm7w8ZHqAoiuOT4uJUgIPyUVNYDk2B8Pw4F/wsrBoOVbb9km
8yDksZrEb1MCgYBOtR+LaNuruAk3yroFL9NdhQv1u9bo+rNkNl4wH2o+YMXASjaF
s+xNnncmoy/ZK9iueT1dhsmqN2nqOBWJshOYq9FhaPjidDuRjDErEzSpg573h2Sh
HMmp5BR26Y8ltBuH/M2XuqTyqukxsWUyuoDV6ZzN/6B0V9vH7afwe5vtCQKBgQCM
cOX/tLiCc+XNgbt10VyW6BZtruf+QJ/alsWBW2Fe7KschrpuEaMQNEObGhZqRJFn
tylacdKlgT/EUZ9ziOiiN8R26qYs9GfW2fbjUrFGBbExPVjNerIBRwmjO8rPpt9X
ftIB5R5tmjTFijHNhZYYQG4GDXZLCvACZmGeNCrs7QKBgQDGBImt+v068ggJPNZw
M7syYguydoSWs+5JahTSY+i9BhsUvQ2ryKjDBio+FufrJTaHCZGzMLBRU35DoYav
CTxWOkj0wAfq7hfPheOSTKbMkIzU/4REFEm9onyRQT+q28PkkglmHbNUfPWLKbbQ
Egp2RwjcainGDTcFKSDqBfmRHA==
-----END PRIVATE KEY-----
所以我有几个问题

这是PHP中的一个bug吗?例如,如果有人认为他们创建了大量的位,却发现他们将4096拼错为4O96,加上大写字母“o”,并且默认为1024位,或者因为拼错了它的名称,它使用了类似md5的东西而不是真正令人敬畏的摘要方法,这难道不会导致错误的安全感吗?或者这是出于某种设计

如果此函数提供了无效选项,PHP将使用哪些选项

是否有任何方法可以验证$options中使用的参数,以确保在此过程中不会出现任何混乱?编辑我看到,对于比特数和密钥类型,在openssl_pkey_get_详细信息中,但不是摘要算法

听起来像是可靠的PHP代码实践:PHP函数喜欢隐藏问题,尤其是在加密领域。例如:哦,你的对称密钥太短了,让我在不告诉你的情况下为你展开它。@ArtjomB。我认为他们在最新版本的mcrypt包装器中修复了这个问题,但是是的,这显示了PHP的总体思想。你可以为打字能力差等问题争论不休,但你不能既有蛋糕又有蛋糕。@ArtjomB.-OpenSSL CLI也可以做到这一点。举个例子:openssl enc-aes-128-cbc-e-in-in.txt-out.txt-nosalt-K AA-iv AA-p输出key=aa000000000000000000和iv=AA000000000000000000000000000000。ie。它是null填充键。@neubert哦,天哪,openssl填充键,IV填充零是我真的不想知道的信息。