PHP实践：用openssl打造安全可靠的API签名验证系统

🏆作者简介，黑夜开发者，全栈领域新星创作者✌，CSDN博客专家，阿里云社区专家博主，2023年6月CSDN上海赛道top4。
🏆数年电商行业从业经验，历任核心研发工程师，项目技术负责人。
🏆本文已收录于PHP专栏：PHP进阶实战教程。
🏆另有专栏PHP入门基础教程，希望各位大佬多多支持❤️。
🎉欢迎 👍点赞✍评论⭐收藏

文章目录

🚀一、引言

在Web开发中，API（Application Programming
Interface）是不可或缺的一部分。为了确保API请求的安全性，常常需要对API请求进行签名验证。本文将介绍如何使用PHP设计一套API签名验证的程序，并提供具体的设计步骤和代码。

PHP实践：用openssl打造安全可靠的API签名验证系统

🚀二、验证过程概述

本篇文章主要通过openssl来实现安全的加密解密，API签名验证的过程通常包括以下几个步骤，：

客户端使用私钥对请求数据进行加密，并将加密结果作为签名参数（例如传递给API的signature参数）。
服务端接收到API请求后，根据相应规则从请求参数中提取出签名参数。
服务端使用相同的私钥和加密算法对请求数据进行加密，并得到一个临时的签名。
服务端将临时的签名与客户端传递的签名进行比较，如果两者一致，则API请求通过验证，否则验证失败。

🚀三、设计步骤

下面是一套设计API签名验证程序的具体步骤：

🔎3.1 生成密钥对

首先，我们需要生成一对公钥和私钥，用于加密和解密。可以使用openssl扩展来生成密钥对，具体代码如下：

<span class="token variable">$config</span> <span class="token operator">&#61;</span> <span class="token keyword">array</span><span class="token punctuation">(</span> <span class="token string double-quoted-string">&#34;private_key_bits&#34;</span> <span class="token operator">&#61;&gt;</span> <span class="token number">1024</span><span class="token punctuation">,</span> <span class="token string double-quoted-string">&#34;private_key_type&#34;</span> <span class="token operator">&#61;&gt;</span> <span class="token constant">OPENSSL_KEYTYPE_RSA</span><span class="token punctuation">,</span> <span class="token punctuation">)</span><span class="token punctuation">;</span> <span class="token comment">// 生成私钥和公钥</span> <span class="token variable">$res</span> <span class="token operator">&#61;</span> <span class="token function">openssl_pkey_new</span><span class="token punctuation">(</span><span class="token variable">$config</span><span class="token punctuation">)</span><span class="token punctuation">;</span> <span class="token comment">// 提取私钥</span> <span class="token function">openssl_pkey_export</span><span class="token punctuation">(</span><span class="token variable">$res</span><span class="token punctuation">,</span> <span class="token variable">$private_key</span><span class="token punctuation">)</span><span class="token punctuation">;</span> <span class="token comment">// 提取公钥</span> <span class="token variable">$public_key</span> <span class="token operator">&#61;</span> <span class="token function">openssl_pkey_get_details</span><span class="token punctuation">(</span><span class="token variable">$res</span><span class="token punctuation">)</span><span class="token punctuation">;</span> <span class="token variable">$public_key</span> <span class="token operator">&#61;</span> <span class="token variable">$public_key</span><span class="token punctuation">[</span><span class="token string double-quoted-string">&#34;key&#34;</span><span class="token punctuation">]</span><span class="token punctuation">;</span> <span class="token comment">// 保存私钥和公钥到文件</span> <span class="token function">file_put_contents</span><span class="token punctuation">(</span><span class="token string single-quoted-string">&#39;private.key&#39;</span><span class="token punctuation">,</span> <span class="token variable">$private_key</span><span class="token punctuation">)</span><span class="token punctuation">;</span> <span class="token function">file_put_contents</span><span class="token punctuation">(</span><span class="token string single-quoted-string">&#39;public.key&#39;</span><span class="token punctuation">,</span> <span class="token variable">$public_key</span><span class="token punctuation">)</span><span class="token punctuation">;</span>

$config = array( "private_key_bits" => 1024, "private_key_type" => OPENSSL_KEYTYPE_RSA, ); // 生成私钥和公钥 $res = openssl_pkey_new($config); // 提取私钥 openssl_pkey_export($res, $private_key); // 提取公钥 $public_key = openssl_pkey_get_details($res); $public_key = $public_key["key"]; // 保存私钥和公钥到文件 file_put_contents('private.key', $private_key); file_put_contents('public.key', $public_key);

上述代码将生成私钥保存到private.key文件中，公钥保存到public.key文件中。

🔎3.2 签名生成和验证函数的实现

🍁3.2.1 准备工作

在签名生成和验证之前，我们需要加载私钥和公钥。可以创建一个Signature类，并在构造函数中加载私钥和公钥，如下所示：

<span class="token keyword">class</span> <span class="token class-name-definition class-name">Signature</span> <span class="token punctuation">{<!-- --></span> <span class="token keyword">private</span> <span class="token variable">$private_key</span><span class="token punctuation">;</span> <span class="token keyword">private</span> <span class="token variable">$public_key</span><span class="token punctuation">;</span> <span class="token keyword">public</span> <span class="token keyword">function</span> <span class="token function-definition function">__construct</span><span class="token punctuation">(</span><span class="token punctuation">)</span> <span class="token punctuation">{<!-- --></span> <span class="token variable">$this</span><span class="token operator">-&gt;</span><span class="token property">private_key</span> <span class="token operator">&#61;</span> <span class="token function">openssl_pkey_get_private</span><span class="token punctuation">(</span><span class="token function">file_get_contents</span><span class="token punctuation">(</span><span class="token string single-quoted-string">&#39;private.key&#39;</span><span class="token punctuation">)</span><span class="token punctuation">)</span><span class="token punctuation">;</span> <span class="token variable">$this</span><span class="token operator">-&gt;</span><span class="token property">public_key</span> <span class="token operator">&#61;</span> <span class="token function">openssl_pkey_get_public</span><span class="token punctuation">(</span><span class="token function">file_get_contents</span><span class="token punctuation">(</span><span class="token string single-quoted-string">&#39;public.key&#39;</span><span class="token punctuation">)</span><span class="token punctuation">)</span><span class="token punctuation">;</span> <span class="token punctuation">}</span> <span class="token comment">// 其他方法和代码将在后面介绍</span> <span class="token punctuation">}</span>

class Signature { private $private_key; private $public_key; public function __construct() { $this->private_key = openssl_pkey_get_private(file_get_contents('private.key')); $this->public_key = openssl_pkey_get_public(file_get_contents('public.key')); } // 其他方法和代码将在后面介绍 }

🍁3.2.2 生成签名

为了生成签名，我们需要定义一个方法，该方法接收请求参数数组并返回签名结果。可以使用openssl扩展中的openssl_sign函数生成签名，代码如下：

<span class="token keyword">class</span> <span class="token class-name-definition class-name">Signature</span> <span class="token punctuation">{<!-- --></span> <span class="token comment">// 省略部分代码</span> <span class="token keyword">public</span> <span class="token keyword">function</span> <span class="token function-definition function">generateSignature</span><span class="token punctuation">(</span><span class="token variable">$params</span><span class="token punctuation">)</span> <span class="token punctuation">{<!-- --></span> <span class="token comment">// 将请求参数数组转换为字符串</span> <span class="token variable">$data</span> <span class="token operator">&#61;</span> <span class="token function">http_build_query</span><span class="token punctuation">(</span><span class="token variable">$params</span><span class="token punctuation">)</span><span class="token punctuation">;</span> <span class="token comment">// 使用私钥进行签名</span> <span class="token function">openssl_sign</span><span class="token punctuation">(</span><span class="token variable">$data</span><span class="token punctuation">,</span> <span class="token variable">$signature</span><span class="token punctuation">,</span> <span class="token variable">$this</span><span class="token operator">-&gt;</span><span class="token property">private_key</span><span class="token punctuation">)</span><span class="token punctuation">;</span> <span class="token comment">// 将签名结果进行Base64编码</span> <span class="token variable">$signature</span> <span class="token operator">&#61;</span> <span class="token function">base64_encode</span><span class="token punctuation">(</span><span class="token variable">$signature</span><span class="token punctuation">)</span><span class="token punctuation">;</span> <span class="token keyword">return</span> <span class="token variable">$signature</span><span class="token punctuation">;</span> <span class="token punctuation">}</span> <span class="token punctuation">}</span>

class Signature { // 省略部分代码 public function generateSignature($params) { // 将请求参数数组转换为字符串 $data = http_build_query($params); // 使用私钥进行签名 openssl_sign($data, $signature, $this->private_key); // 将签名结果进行Base64编码 $signature = base64_encode($signature); return $signature; } }

🍁3.2.3 验证签名

为了验证签名，我们需要定义一个方法，该方法接收请求参数数组和客户端传递的签名，并返回验证结果。可以使用openssl扩展中的openssl_verify函数验证签名，代码如下：

<span class="token keyword">class</span> <span class="token class-name-definition class-name">Signature</span> <span class="token punctuation">{<!-- --></span> <span class="token comment">// 省略部分代码</span> <span class="token keyword">public</span> <span class="token keyword">function</span> <span class="token function-definition function">verifySignature</span><span class="token punctuation">(</span><span class="token variable">$params</span><span class="token punctuation">,</span> <span class="token variable">$clientSignature</span><span class="token punctuation">)</span> <span class="token punctuation">{<!-- --></span> <span class="token comment">// 将请求参数数组转换为字符串</span> <span class="token variable">$data</span> <span class="token operator">&#61;</span> <span class="token function">http_build_query</span><span class="token punctuation">(</span><span class="token variable">$params</span><span class="token punctuation">)</span><span class="token punctuation">;</span> <span class="token comment">// 对客户端传递的签名进行Base64解码</span> <span class="token variable">$clientSignature</span> <span class="token operator">&#61;</span> <span class="token function">base64_decode</span><span class="token punctuation">(</span><span class="token variable">$clientSignature</span><span class="token punctuation">)</span><span class="token punctuation">;</span> <span class="token comment">// 使用公钥进行签名验证</span> <span class="token variable">$result</span> <span class="token operator">&#61;</span> <span class="token function">openssl_verify</span><span class="token punctuation">(</span><span class="token variable">$data</span><span class="token punctuation">,</span> <span class="token variable">$clientSignature</span><span class="token punctuation">,</span> <span class="token variable">$this</span><span class="token operator">-&gt;</span><span class="token property">public_key</span><span class="token punctuation">)</span><span class="token punctuation">;</span> <span class="token keyword">return</span> <span class="token variable">$result</span> <span class="token operator">&#61;&#61;&#61;</span> <span class="token number">1</span><span class="token punctuation">;</span> <span class="token punctuation">}</span> <span class="token punctuation">}</span>

class Signature { // 省略部分代码 public function verifySignature($params, $clientSignature) { // 将请求参数数组转换为字符串 $data = http_build_query($params); // 对客户端传递的签名进行Base64解码 $clientSignature = base64_decode($clientSignature); // 使用公钥进行签名验证 $result = openssl_verify($data, $clientSignature, $this->public_key); return $result === 1; } }

🔎3.3 使用SDK调用API

为了方便客户端调用API并进行签名验证，我们可以创建一个简单的SDK。SDK将提供一些封装好的方法，让开发者能够轻松地调用API并进行签名验证。

以下是一个示例SDK的代码：

<span class="token keyword">class</span> <span class="token class-name-definition class-name">APIClient</span> <span class="token punctuation">{<!-- --></span> <span class="token keyword">private</span> <span class="token variable">$apiURL</span><span class="token punctuation">;</span> <span class="token keyword">private</span> <span class="token variable">$signature</span><span class="token punctuation">;</span> <span class="token keyword">public</span> <span class="token keyword">function</span> <span class="token function-definition function">__construct</span><span class="token punctuation">(</span><span class="token variable">$apiURL</span><span class="token punctuation">,</span> <span class="token variable">$privateKeyPath</span><span class="token punctuation">,</span> <span class="token variable">$publicKeyPath</span><span class="token punctuation">)</span> <span class="token punctuation">{<!-- --></span> <span class="token variable">$this</span><span class="token operator">-&gt;</span><span class="token property">apiURL</span> <span class="token operator">&#61;</span> <span class="token variable">$apiURL</span><span class="token punctuation">;</span> <span class="token comment">// 初始化签名验证类</span> <span class="token variable">$this</span><span class="token operator">-&gt;</span><span class="token property">signature</span> <span class="token operator">&#61;</span> <span class="token keyword">new</span> <span class="token class-name">Signature</span><span class="token punctuation">(</span><span class="token variable">$privateKeyPath</span><span class="token punctuation">,</span> <span class="token variable">$publicKeyPath</span><span class="token punctuation">)</span><span class="token punctuation">;</span> <span class="token punctuation">}</span> <span class="token keyword">public</span> <span class="token keyword">function</span> <span class="token function-definition function">callAPI</span><span class="token punctuation">(</span><span class="token variable">$params</span><span class="token punctuation">)</span> <span class="token punctuation">{<!-- --></span> <span class="token comment">// 生成签名</span> <span class="token variable">$signature</span> <span class="token operator">&#61;</span> <span class="token variable">$this</span><span class="token operator">-&gt;</span><span class="token property">signature</span><span class="token operator">-&gt;</span><span class="token function">generateSignature</span><span class="token punctuation">(</span><span class="token variable">$params</span><span class="token punctuation">)</span><span class="token punctuation">;</span> <span class="token comment">// 将签名添加到请求参数中</span> <span class="token variable">$params</span><span class="token punctuation">[</span><span class="token string single-quoted-string">&#39;signature&#39;</span><span class="token punctuation">]</span> <span class="token operator">&#61;</span> <span class="token variable">$signature</span><span class="token punctuation">;</span> <span class="token comment">// 发送API请求</span> <span class="token variable">$response</span> <span class="token operator">&#61;</span> <span class="token variable">$this</span><span class="token operator">-&gt;</span><span class="token function">sendRequest</span><span class="token punctuation">(</span><span class="token variable">$params</span><span class="token punctuation">)</span><span class="token punctuation">;</span> <span class="token comment">// 验证签名</span> <span class="token variable">$isValid</span> <span class="token operator">&#61;</span> <span class="token variable">$this</span><span class="token operator">-&gt;</span><span class="token property">signature</span><span class="token operator">-&gt;</span><span class="token function">verifySignature</span><span class="token punctuation">(</span><span class="token variable">$params</span><span class="token punctuation">,</span> <span class="token variable">$response</span><span class="token punctuation">[</span><span class="token string single-quoted-string">&#39;signature&#39;</span><span class="token punctuation">]</span><span class="token punctuation">)</span><span class="token punctuation">;</span> <span class="token comment">// 如果验证通过&#xff0c;则返回API响应数据</span> <span class="token keyword">if</span> <span class="token punctuation">(</span><span class="token variable">$isValid</span><span class="token punctuation">)</span> <span class="token punctuation">{<!-- --></span> <span class="token keyword">return</span> <span class="token variable">$response</span><span class="token punctuation">[</span><span class="token string single-quoted-string">&#39;data&#39;</span><span class="token punctuation">]</span><span class="token punctuation">;</span> <span class="token punctuation">}</span> <span class="token keyword">else</span> <span class="token punctuation">{<!-- --></span> <span class="token keyword">throw</span> <span class="token keyword">new</span> <span class="token class-name">Exception</span><span class="token punctuation">(</span><span class="token string double-quoted-string">&#34;Invalid signature&#34;</span><span class="token punctuation">)</span><span class="token punctuation">;</span> <span class="token punctuation">}</span> <span class="token punctuation">}</span> <span class="token keyword">private</span> <span class="token keyword">function</span> <span class="token function-definition function">sendRequest</span><span class="token punctuation">(</span><span class="token variable">$params</span><span class="token punctuation">)</span> <span class="token punctuation">{<!-- --></span> <span class="token comment">// 使用cURL库发送HTTP请求</span> <span class="token variable">$ch</span> <span class="token operator">&#61;</span> <span class="token function">curl_init</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">;</span> <span class="token function">curl_setopt</span><span class="token punctuation">(</span><span class="token variable">$ch</span><span class="token punctuation">,</span> <span class="token constant">CURLOPT_URL</span><span class="token punctuation">,</span> <span class="token variable">$this</span><span class="token operator">-&gt;</span><span class="token property">apiURL</span><span class="token punctuation">)</span><span class="token punctuation">;</span> <span class="token function">curl_setopt</span><span class="token punctuation">(</span><span class="token variable">$ch</span><span class="token punctuation">,</span> <span class="token constant">CURLOPT_POST</span><span class="token punctuation">,</span> <span class="token constant boolean">true</span><span class="token punctuation">)</span><span class="token punctuation">;</span> <span class="token function">curl_setopt</span><span class="token punctuation">(</span><span class="token variable">$ch</span><span class="token punctuation">,</span> <span class="token constant">CURLOPT_POSTFIELDS</span><span class="token punctuation">,</span> <span class="token function">http_build_query</span><span class="token punctuation">(</span><span class="token variable">$params</span><span class="token punctuation">)</span><span class="token punctuation">)</span><span class="token punctuation">;</span> <span class="token function">curl_setopt</span><span class="token punctuation">(</span><span class="token variable">$ch</span><span class="token punctuation">,</span> <span class="token constant">CURLOPT_RETURNTRANSFER</span><span class="token punctuation">,</span> <span class="token constant boolean">true</span><span class="token punctuation">)</span><span class="token punctuation">;</span> <span class="token variable">$response</span> <span class="token operator">&#61;</span> <span class="token function">curl_exec</span><span class="token punctuation">(</span><span class="token variable">$ch</span><span class="token punctuation">)</span><span class="token punctuation">;</span> <span class="token function">curl_close</span><span class="token punctuation">(</span><span class="token variable">$ch</span><span class="token punctuation">)</span><span class="token punctuation">;</span> <span class="token comment">// 解析API响应数据</span> <span class="token keyword">return</span> <span class="token function">json_decode</span><span class="token punctuation">(</span><span class="token variable">$response</span><span class="token punctuation">,</span> <span class="token constant boolean">true</span><span class="token punctuation">)</span><span class="token punctuation">;</span> <span class="token punctuation">}</span> <span class="token punctuation">}</span>

class APIClient { private $apiURL; private $signature; public function __construct($apiURL, $privateKeyPath, $publicKeyPath) { $this->apiURL = $apiURL; // 初始化签名验证类 $this->signature = new Signature($privateKeyPath, $publicKeyPath); } public function callAPI($params) { // 生成签名 $signature = $this->signature->generateSignature($params); // 将签名添加到请求参数中 $params['signature'] = $signature; // 发送API请求 $response = $this->sendRequest($params); // 验证签名 $isValid = $this->signature->verifySignature($params, $response['signature']); // 如果验证通过，则返回API响应数据 if ($isValid) { return $response['data']; } else { throw new Exception("Invalid signature"); } } private function sendRequest($params) { // 使用cURL库发送HTTP请求 $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->apiURL); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($params)); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); $response = curl_exec($ch); curl_close($ch); // 解析API响应数据 return json_decode($response, true); } }

SDK的使用示例：

<span class="token variable">$apiURL</span> <span class="token operator">&#61;</span> <span class="token string single-quoted-string">&#39;http://ssss.com/api.php&#39;</span><span class="token punctuation">;</span> <span class="token variable">$privateKeyPath</span> <span class="token operator">&#61;</span> <span class="token string single-quoted-string">&#39;/path/to/private.key&#39;</span><span class="token punctuation">;</span> <span class="token variable">$publicKeyPath</span> <span class="token operator">&#61;</span> <span class="token string single-quoted-string">&#39;/path/to/public.key&#39;</span><span class="token punctuation">;</span> <span class="token comment">// 创建APIClient实例</span> <span class="token variable">$client</span> <span class="token operator">&#61;</span> <span class="token keyword">new</span> <span class="token class-name">APIClient</span><span class="token punctuation">(</span><span class="token variable">$apiURL</span><span class="token punctuation">,</span> <span class="token variable">$privateKeyPath</span><span class="token punctuation">,</span> <span class="token variable">$publicKeyPath</span><span class="token punctuation">)</span><span class="token punctuation">;</span> <span class="token comment">// 准备API请求参数</span> <span class="token variable">$params</span> <span class="token operator">&#61;</span> <span class="token keyword">array</span><span class="token punctuation">(</span> <span class="token string single-quoted-string">&#39;param1&#39;</span> <span class="token operator">&#61;&gt;</span> <span class="token string single-quoted-string">&#39;value1&#39;</span><span class="token punctuation">,</span> <span class="token string single-quoted-string">&#39;param2&#39;</span> <span class="token operator">&#61;&gt;</span> <span class="token string single-quoted-string">&#39;value2&#39;</span><span class="token punctuation">,</span> <span class="token punctuation">)</span><span class="token punctuation">;</span> <span class="token keyword">try</span> <span class="token punctuation">{<!-- --></span> <span class="token comment">// 调用API&#xff0c;并获取响应结果</span> <span class="token variable">$result</span> <span class="token operator">&#61;</span> <span class="token variable">$client</span><span class="token operator">-&gt;</span><span class="token function">callAPI</span><span class="token punctuation">(</span><span class="token variable">$params</span><span class="token punctuation">)</span><span class="token punctuation">;</span> <span class="token comment">// 处理API响应数据</span> <span class="token comment">// ...</span> <span class="token punctuation">}</span> <span class="token keyword">catch</span> <span class="token punctuation">(</span><span class="token class-name">Exception</span> <span class="token variable">$e</span><span class="token punctuation">)</span> <span class="token punctuation">{<!-- --></span> <span class="token comment">// 处理异常情况</span> <span class="token comment">// ...</span> <span class="token punctuation">}</span>

$apiURL = 'http://ssss.com/api.php'; $privateKeyPath = '/path/to/private.key'; $publicKeyPath = '/path/to/public.key'; // 创建APIClient实例 $client = new APIClient($apiURL, $privateKeyPath, $publicKeyPath); // 准备API请求参数 $params = array( 'param1' => 'value1', 'param2' => 'value2', ); try { // 调用API，并获取响应结果 $result = $client->callAPI($params); // 处理API响应数据 // ... } catch (Exception $e) { // 处理异常情况 // ... }

🚀四、总结

本文介绍了如何使用PHP设计一套API签名验证的程序。通过生成密钥对、实现签名生成和验证函数以及使用SDK调用API，我们可以提高API请求的安全性，并确保请求以及响应数据的完整性。希望本文能对大家在API开发中对签名验证有一定的了解和帮助。
PHP实践：用openssl打造安全可靠的API签名验证系统
注：在实际的项目中实现方式可能因应用场景和需求的不同而有所差异，建议根据实际情况进行相应调整。

声明：本站所有文章，如无特殊说明或标注，均为本站原创发布。任何个人或组织，在未征得本站同意时，禁止复制、盗用、采集、发布本站内容到任何网站、书籍等各类媒体平台。如若本站内容侵犯了原著者的合法权益，可联系我们进行处理。

PHP实践：用openssl打造安全可靠的API签名验证系统

文章目录

🚀一、引言

🚀二、验证过程概述

🚀三、设计步骤

🔎3.1 生成密钥对

🔎3.2 签名生成和验证函数的实现

🍁3.2.1 准备工作

🍁3.2.2 生成签名

🍁3.2.3 验证签名

🔎3.3 使用SDK调用API

🚀四、总结

相关推荐：

相关文章

IPCC数据库：全球环境变化的权威记录库 (ipcc数据库)

ThinkCMF：数据库连接的解决方案 (thinkcmf 数据库连接)

如何在MySQL中给数据库创建用户？ (mysql 给数据库创建用户)

Mac用户必看：快速下载Access数据库教程 (access数据库下载 mac)

近期文章