20) { // PKCS#8格式的特征：包含OID标识 (0x06 0x09 0x2a 0x86 0x48 0x86 0xf7 0x0d 0x01 0x01 0x01) // 简单判断：检查是否包含 "0609" (DER编码的OID标识) $hex = bin2hex(substr($decoded, 0, 30)); if (strpos($hex, '06092a864886f70d010101') !== false) { $isPkcs8 = true; } } // 格式化为PEM $keyContent = rtrim(chunk_split($privateKey, 64, "\n"), "\n"); if ($isPkcs8) { // PKCS#8格式 (建行使用的格式) $pem = "-----BEGIN PRIVATE KEY-----\n"; $pem .= $keyContent . "\n"; $pem .= "-----END PRIVATE KEY-----\n"; } else { // PKCS#1格式 (传统格式) $pem = "-----BEGIN RSA PRIVATE KEY-----\n"; $pem .= $keyContent . "\n"; $pem .= "-----END RSA PRIVATE KEY-----\n"; } return $pem; } /** * 生成RSA密钥对（用于测试） * * @param int $bits 密钥长度，默认1024 * @return array 包含public_key和private_key的数组 * @throws \Exception */ public static function generateKeyPair($bits = 1024) { $config = [ 'private_key_bits' => $bits, 'private_key_type' => OPENSSL_KEYTYPE_RSA, ]; // 生成密钥对 $resource = openssl_pkey_new($config); if (!$resource) { throw new \Exception('生成密钥对失败: ' . openssl_error_string()); } // 导出私钥 openssl_pkey_export($resource, $privateKey); // 获取公钥 $details = openssl_pkey_get_details($resource); $publicKey = $details['key']; // 转换为BASE64格式（去除PEM头尾） $privateKey = str_replace(['-----BEGIN RSA PRIVATE KEY-----', '-----END RSA PRIVATE KEY-----', "\n"], '', $privateKey); $publicKey = str_replace(['-----BEGIN PUBLIC KEY-----', '-----END PUBLIC KEY-----', "\n"], '', $publicKey); return [ 'public_key' => $publicKey, 'private_key' => $privateKey ]; } }