[英]PHP: Get RSA public key from private key string/file
I'm building a basic encrypted chat application with laravel. 我正在使用laravel构建基本的加密聊天应用程序。 Im trying to authenticate a user given a private key that was generated when the user signed up. 我尝试通过给用户注册时生成的私钥对用户进行身份验证。
The users' public key is stored in the DB. 用户的公共密钥存储在数据库中。 When the user wants to log in, the need to upload the private key that was given to them. 当用户想要登录时,需要上载给他们的私钥。 I want to compare the public key in the DB and the public key from the original private key. 我想比较数据库中的公钥和原始私钥中的公钥。
/**
* Validate user key file for login
*/
public function validateKey($attribute, $value, $parameters){
if (!($value instanceof UploadedFile)) return false;
// Get user to match key
$user = $this->data['username'];
// Get public key from file
$privateKey = File::get($value->getRealPath());
dd($privateKey);
}
I am able to get the private key in a string format. 我能够以字符串格式获取私钥。 From here I cannot seem to generate or extract the public key to compare to the DB value. 从这里开始,我似乎无法生成或提取要与DB值进行比较的公钥。
They should also never upload their private key to your server. 他们也不应将自己的私钥上载到您的服务器。 You should never have your private key at a remote location. 永远不要将私钥放在远程位置。
The point of having two keys is one key can decrypt any message encrypted by the other key. 具有两个密钥的要点是一个密钥可以解密由另一个密钥加密的任何消息。 The major difference between the public key and the private key in most algorithms would be more or less which one you keep private and which one you share. 在大多数算法中,公钥和私钥之间的主要区别或多或少是您保留私密密钥和共享私密密钥。 In RSA, the private key is designated, but you still do not want to upload it or share it. 在RSA中,指定了私钥,但是您仍然不想上传或共享它。
Redacted: ~That's not how public/private keys work. 已编辑:〜这不是公钥/私钥的工作方式。 You can't extract one from the other. 您不能从另一个中提取一个。 If you could, that would defeat the purpose of the asymmetric encryption.~ 如果可以的话,那将破坏非对称加密的目的。
As @iainn pointed out, you can extract a public key from an RSA private key, however I still do not recommend having users upload their private key. 正如@iainn指出的那样,您可以从RSA私钥中提取公钥,但是我仍然不建议用户上传其私钥。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.