openssl_sign($message, $raw_sign, $mch_private_key, 'sha256WithRSAEncryption');其中mch_private_key怎么获取

$mch_private_key 是指商户在微信商户平台申请的 RSA 私钥，用于生成数字签名。如果你是微信商户，可以在商户后台的“API安全”中下载到 RSA 私钥文件，文件名通常为：apiclient_key.pem。

在 PHP 中，可以使用以下代码读取私钥文件并将其存储到变量中：

$mch_private_key = file_get_contents('/path/to/apiclient_key.pem');

当然，在读取私钥文件之前，你需要将私钥文件上传到服务器上，并且确保 PHP 能够访问到该文件。另外，为了确保私钥的安全性，应该将私钥文件放到非 Web 根目录下，并且设置文件权限，防止其被非法访问。

相关问题

openssl_sign($message, $raw_sign, $mch_private_key, 'sha256WithRSAEncryption'); $sign = base64_encode($raw_sign);啥意思

这段代码使用 OpenSSL 库中的函数对一个消息进行数字签名，并使用 SHA256 哈希算法和 RSA 算法进行加密。其中，$message 是待签名的消息，$mch_private_key 是商户的私钥，$raw_sign 是签名后的二进制数据，$sign 是将原始签名数据进行 Base64 编码后的字符串。这个数字签名可以用于验证消息的完整性和真实性，以及验证消息的发送者是否为拥有私钥的商户。

转python写法：#!/bin/sh time_stamp=`date +%s` function CheckStop() { if [ $? -ne 0 ]; then echo "execute fail, error on line_no:"$1" exit!!!" exit fi } function GenEcdsaKey() { ec_param_file_path="/tmp/ec_param.pem."$time_stamp openssl ecparam -out $ec_param_file_path -name prime256v1 -genkey CheckStop $LINENO openssl genpkey -paramfile $ec_param_file_path -out $1 CheckStop $LINENO openssl pkey -in $1 -inform PEM -out $2 -outform PEM -pubout CheckStop $LINENO rm $ec_param_file_path echo "gen_ecdsa_key succ prikey_path:"$1" pubkey_path:"$2 } function GenEcdsaSign() { ec_sign_info_file="/tmp/ec_sign_info_file."$time_stamp ec_sign_info_sha256="/tmp/ec_sign_info_sha256."$time_stamp ec_binary_sign_file="/tmp/ec_binary_sign_file."$time_stamp echo -n "$1"_"$2" > $ec_sign_info_file openssl dgst -sha256 -binary -out $ec_sign_info_sha256 $ec_sign_info_file CheckStop $LINENO openssl pkeyutl -sign -in $ec_sign_info_sha256 -out $ec_binary_sign_file -inkey $3 -keyform PEM CheckStop $LINENO openssl base64 -e -in $ec_binary_sign_file -out $4 CheckStop $LINENO rm $ec_sign_info_file $ec_sign_info_sha256 $ec_binary_sign_file echo "gen_ecdsa_sign succ sign_file_path:"$4 } function VerifyEcdsaSign() { ec_sign_info_file="/tmp/ec_sign_info_file."$time_stamp ec_sign_info_sha256="/tmp/ec_sign_info_sha256."$time_stamp ec_binary_sign_file="/tmp/ec_binary_sign_file."$time_stamp echo -n "$1"_"$2" > $ec_sign_info_file openssl dgst -sha256 -binary -out $ec_sign_info_sha256 $ec_sign_info_file CheckStop $LINENO openssl base64 -d -in $4 -out $ec_binary_sign_file CheckStop $LINENO openssl pkeyutl -verify -in $ec_sign_info_sha256 -sigfile $ec_binary_sign_file -pubin -inkey $3 -keyform PEM rm $ec_sign_info_file $ec_sign_info_sha256 $ec_binary_sign_file } function Usage() { echo "Usage:" echo "mmiot_ecdsa_sign.sh gen_ecdsa_key <private_key_file_path> <public_key_file_path>" echo "mmiot_ecdsa_sign.sh gen_ecdsa_sign <product_id> <sn> <private_

以下是转换后的 Python 代码：

#!/usr/bin/env python
import os
import subprocess
import base64

time_stamp = str(int(time.time()))

def check_stop(line_no, ret):
    if ret != 0:
        print("execute fail, error on line_no: ", line_no, " exit!!!")
        exit()

def gen_ecdsa_key(private_key_file_path, public_key_file_path):
    ec_param_file_path = "/tmp/ec_param.pem." + time_stamp
    ret = subprocess.call(["openssl", "ecparam", "-out", ec_param_file_path, "-name", "prime256v1", "-genkey"])
    check_stop(sys._getframe().f_lineno, ret)
    ret = subprocess.call(["openssl", "genpkey", "-paramfile", ec_param_file_path, "-out", private_key_file_path])
    check_stop(sys._getframe().f_lineno, ret)
    ret = subprocess.call(["openssl", "pkey", "-in", private_key_file_path, "-inform", "PEM", "-out", public_key_file_path, "-outform", "PEM", "-pubout"])
    check_stop(sys._getframe().f_lineno, ret)
    os.remove(ec_param_file_path)
    print("gen_ecdsa_key succ prikey_path:", private_key_file_path, " pubkey_path:", public_key_file_path)

def gen_ecdsa_sign(product_id, sn, private_key_file_path, sign_file_path):
    ec_sign_info_file = "/tmp/ec_sign_info_file." + time_stamp
    ec_sign_info_sha256 = "/tmp/ec_sign_info_sha256." + time_stamp
    ec_binary_sign_file = "/tmp/ec_binary_sign_file." + time_stamp
    with open(ec_sign_info_file, 'w') as f:
        f.write(product_id + "_" + sn)
    ret = subprocess.call(["openssl", "dgst", "-sha256", "-binary", "-out", ec_sign_info_sha256, ec_sign_info_file])
    check_stop(sys._getframe().f_lineno, ret)
    ret = subprocess.call(["openssl", "pkeyutl", "-sign", "-in", ec_sign_info_sha256, "-out", ec_binary_sign_file, "-inkey", private_key_file_path, "-keyform", "PEM"])
    check_stop(sys._getframe().f_lineno, ret)
    with open(ec_binary_sign_file, 'rb') as f:
        sign_binary = f.read()
    sign_base64 = base64.b64encode(sign_binary).decode()
    with open(sign_file_path, 'w') as f:
        f.write(sign_base64)
    os.remove(ec_sign_info_file)
    os.remove(ec_sign_info_sha256)
    os.remove(ec_binary_sign_file)
    print("gen_ecdsa_sign succ sign_file_path:", sign_file_path)

def verify_ecdsa_sign(product_id, sn, public_key_file_path, sign_file_path):
    ec_sign_info_file = "/tmp/ec_sign_info_file." + time_stamp
    ec_sign_info_sha256 = "/tmp/ec_sign_info_sha256." + time_stamp
    ec_binary_sign_file = "/tmp/ec_binary_sign_file." + time_stamp
    with open(ec_sign_info_file, 'w') as f:
        f.write(product_id + "_" + sn)
    ret = subprocess.call(["openssl", "dgst", "-sha256", "-binary", "-out", ec_sign_info_sha256, ec_sign_info_file])
    check_stop(sys._getframe().f_lineno, ret)
    with open(sign_file_path, 'r') as f:
        sign_base64 = f.read()
    sign_binary = base64.b64decode(sign_base64)
    with open(ec_binary_sign_file, 'wb') as f:
        f.write(sign_binary)
    ret = subprocess.call(["openssl", "pkeyutl", "-verify", "-in", ec_sign_info_sha256, "-sigfile", ec_binary_sign_file, "-pubin", "-inkey", public_key_file_path, "-keyform", "PEM"])
    os.remove(ec_sign_info_file)
    os.remove(ec_sign_info_sha256)
    os.remove(ec_binary_sign_file)
    print("verify_ecdsa_sign result:", "succ" if ret == 0 else "fail")

if len(sys.argv) < 2:
    print("Usage:")
    print("python mmiot_ecdsa_sign.py gen_ecdsa_key <private_key_file_path> <public_key_file_path>")
    print("python mmiot_ecdsa_sign.py gen_ecdsa_sign <product_id> <sn> <private_key_file_path> <sign_file_path>")
    print("python mmiot_ecdsa_sign.py verify_ecdsa_sign <product_id> <sn> <public_key_file_path> <sign_file_path>")
    exit()

if sys.argv[1] == "gen_ecdsa_key":
    gen_ecdsa_key(sys.argv[2], sys.argv[3])
elif sys.argv[1] == "gen_ecdsa_sign":
    gen_ecdsa_sign(sys.argv[2], sys.argv[3], sys.argv[4], sys.argv[5])
elif sys.argv[1] == "verify_ecdsa_sign":
    verify_ecdsa_sign(sys.argv[2], sys.argv[3], sys.argv[4], sys.argv[5])
else:
    print("Usage:")
    print("python mmiot_ecdsa_sign.py gen_ecdsa_key <private_key_file_path> <public_key_file_path>")
    print("python mmiot_ecdsa_sign.py gen_ecdsa_sign <product_id> <sn> <private_key_file_path> <sign_file_path>")
    print("python mmiot_ecdsa_sign.py verify_ecdsa_sign <product_id> <sn> <public_key_file_path> <sign_file_path>")