问题描述
当我看一下paypal文档,他们说请注意,用于PHP的PayPal SDK不需要SSL加密。
这句话的语句,我不必创建一个p12证书,但使用 public_key.pem 和 paypal_public_key.pem ?
如果是:
是否足够安全以创建没有p12证书的加密表单输入元素?
如果否:
它们是什么意思? : - )
在这个问题出现之前,我测试了这个小程序。
有一个配置文件 paypal-wps-config.inc.php 证书。
//尝试使用//'paypal_cert.p12';
$ config ['private_key_path'] ='/home/folder/.cert/pp/prvkey.pem';
//必须与您在创建私钥时设置的一致
$ config ['private_key_password'] =''; //'my_password';
当我尝试使用p12证书时, openssl_error_string c $ c>返回无法签署数据:错误:0906D06C:PEM例程:PEM_read_bio:无开始行 openssl_pkcs7_sign
这里是函数,它对数据进行签名和加密。
函数signAndEncrypt($ dataStr_,$ ewpCertPath_,$ ewpPrivateKeyPath_,$ ewpPrivateKeyPwd_,$ paypalCertPath_)
{
$ dataStrFile = realpath(tempnam('/ tmp','pp_'));
$ fd = fopen($ dataStrFile,'w');
if(!$ fd){
$ error =无法打开临时文件$ dataStrFile。;
返回数组(status=> false,error_msg=> $ error,error_no=> 0);
}
fwrite($ fd,$ dataStr_);
fclose($ fd);
$ signedDataFile = realpath(tempnam('/ tmp','pp_'));
** //这里的错误来自**
if(!@ openssl_pkcs7_sign($ dataStrFile,
$ signedDataFile,
file:// $ ewpCertPath_,
array(file:// $ ewpPrivateKeyPath_,$ ewpPrivateKeyPwd_),
array(),
PKCS7_BINARY)){
unlink($ dataStrFile);
unlink($ signedDataFile);
$ error =无法对数据进行签名:.openssl_error_string();
return array(status=> false,error_msg=> $ error,error_no=> 0);
}
unlink($ dataStrFile);
$ signedData = file_get_contents($ signedDataFile);
$ signedDataArray = explode(\\\
\\\
,$ signedData);
$ signedData = $ signedDataArray [1];
$ signedData = base64_decode($ signedData);
unlink($ signedDataFile);
$ decodedSignedDataFile = realpath(tempnam('/ tmp','pp_'));
$ fd = fopen($ decodedSignedDataFile,'w');
if(!$ fd){
$ error =无法打开临时文件$ decodedSignedDataFile。
return array(status=> false,error_msg=> $ error,error_no=> 0);
}
fwrite($ fd,$ signedData);
fclose($ fd);
$ encryptedDataFile = realpath(tempnam('/ tmp','pp_'));
if(!@ openssl_pkcs7_encrypt($ decodedSignedDataFile,
$ encryptedDataFile,
file_get_contents($ paypalCertPath_),
array(),
PKCS7_BINARY)){
unlink($ decodedSignedDataFile);
unlink($ encryptedDataFile);
$ error =无法加密数据:.openssl_error_string();
return array(status=> false,error_msg=> $ error,error_no=> 0)
}
unlink($ decodedSignedDataFile);
$ encryptedData = file_get_contents($ encryptedDataFile);
if(!$ encryptedData){
$ error =加密和签名数据失败。
return array(status=> false,error_msg=> $ error,error_no=> 0);
}
unlink($ encryptedDataFile);
$ encryptedDataArray = explode(\\\
\\\
,$ encryptedData);
$ encryptedData = trim(str_replace(\\\
,'',$ encryptedDataArray [1]));
return array(status=> true,encryptedData=> $ encryptedData);
} // signAndEncrypt
} // PPCrypto
-
可以使用php的p12证书, ?
-
为什么我在使用
$ b时出现错误openssl_pkcs7_sign
请帮助。
问候
ninchen
您不应将使用SSL与使用SSL与预定义的客户端证书混淆。您链接的文档描述了后者。只需调用 https URL即可启用SSL并提供与浏览器等效的安全性。这是由SDK自动完成的。
预定义的客户端证书防御执行中间人攻击的复杂攻击者。这两种方法将阻止一个不复杂的攻击者直接读取您的网络流量。
客户端证书还用于向您验证PayPal,作为用户/密码/签名的替代。
when i take a look at the paypal documentation, they say "Note that the PayPal SDK for PHP does not require SSL encryption".https://developer.paypal.com/docs/classic/api/apiCredentials/#encrypting-your-certificate
Is the statement of this phrase, that i don't have to create a p12 certificate when working with php, but use the public_key.pem and paypal_public_key.pem?
If yes: Is it secure enough to create the encrypted form input elements without p12 certificate?
If no: What do they mean? :-)
Before this question came up, i've tested this little programm.http://www.softarea51.com/blog/how-to-integrate-your-custom-shopping-cart-with-paypal-website-payments-standard-using-php/
There is a config file paypal-wps-config.inc.php where i can define the paths to my certificates.
// tryed to use // 'paypal_cert.p12 ';
$config['private_key_path'] = '/home/folder/.cert/pp/prvkey.pem';
// must match the one you set when you created the private key
$config['private_key_password'] = ''; //'my_password';
When i try to use the p12 certificate, openssl_error_string() returns "Could not sign data: error:0906D06C:PEM routines:PEM_read_bio:no start line openssl_pkcs7_sign
When i instead use the prvkey.pem without password all works fine.
Here is the function, which signs and encrypt the data.
function signAndEncrypt($dataStr_, $ewpCertPath_, $ewpPrivateKeyPath_, $ewpPrivateKeyPwd_, $paypalCertPath_)
{
$dataStrFile = realpath(tempnam('/tmp', 'pp_'));
$fd = fopen($dataStrFile, 'w');
if(!$fd) {
$error = "Could not open temporary file $dataStrFile.";
return array("status" => false, "error_msg" => $error, "error_no" => 0);
}
fwrite($fd, $dataStr_);
fclose($fd);
$signedDataFile = realpath(tempnam('/tmp', 'pp_'));
**// here the error came from**
if(!@openssl_pkcs7_sign( $dataStrFile,
$signedDataFile,
"file://$ewpCertPath_",
array("file://$ewpPrivateKeyPath_", $ewpPrivateKeyPwd_),
array(),
PKCS7_BINARY)) {
unlink($dataStrFile);
unlink($signedDataFile);
$error = "Could not sign data: ".openssl_error_string();
return array("status" => false, "error_msg" => $error, "error_no" => 0);
}
unlink($dataStrFile);
$signedData = file_get_contents($signedDataFile);
$signedDataArray = explode("\n\n", $signedData);
$signedData = $signedDataArray[1];
$signedData = base64_decode($signedData);
unlink($signedDataFile);
$decodedSignedDataFile = realpath(tempnam('/tmp', 'pp_'));
$fd = fopen($decodedSignedDataFile, 'w');
if(!$fd) {
$error = "Could not open temporary file $decodedSignedDataFile.";
return array("status" => false, "error_msg" => $error, "error_no" => 0);
}
fwrite($fd, $signedData);
fclose($fd);
$encryptedDataFile = realpath(tempnam('/tmp', 'pp_'));
if(!@openssl_pkcs7_encrypt( $decodedSignedDataFile,
$encryptedDataFile,
file_get_contents($paypalCertPath_),
array(),
PKCS7_BINARY)) {
unlink($decodedSignedDataFile);
unlink($encryptedDataFile);
$error = "Could not encrypt data: ".openssl_error_string();
return array("status" => false, "error_msg" => $error, "error_no" => 0);
}
unlink($decodedSignedDataFile);
$encryptedData = file_get_contents($encryptedDataFile);
if(!$encryptedData) {
$error = "Encryption and signature of data failed.";
return array("status" => false, "error_msg" => $error, "error_no" => 0);
}
unlink($encryptedDataFile);
$encryptedDataArray = explode("\n\n", $encryptedData);
$encryptedData = trim(str_replace("\n", '', $encryptedDataArray[1]));
return array("status" => true, "encryptedData" => $encryptedData);
} // signAndEncrypt
} // PPCrypto
The main questions:
Is it possible to use p12 cert with php, or is it secure enough to work without it?
Why i become an error when using
openssl_pkcs7_sign
Please help.
Greetingsninchen
You should not confuse 'using SSL' with 'using SSL with a predefined client certificate'. The document you link to describes the latter. Simply calling an https URL will enable SSL and deliver browser-equivalent security. This is done by the SDK automatically.
Predefined client certificates guard against a sophisticated attacker performing a man-in-the-middle attack. Both methods will stop an unsophisticated attacker from reading your network traffic directly.
Client certificates also serve to authenticate you to PayPal, as an alternate for user/password/signature.
这篇关于Paypal开发。加密交易。 php p12的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!