问题
openssl_dh_compute_key() makes me think OpenSSL doesn't ECDH. It only talks about DH, not ECDH. Further, the public key is basically just a prime number in base-256 and there are specific instructions on how to remove the -----BEGIN PUBLIC KEY----- part of the public key, as though it's not supported. Plus, technically, strings beginning with -----BEGIN PUBLIC KEY----- are valid base-256 numbers.
Assuming ECDH keys are the same as ECDSA keys, then a public key for ECDH consists of the X, Y coordinates and the curve (be it a named or specified curve) and it's not immediately obvious what format that the public key would need to be in for openssl_dh_compute_key() to work.
None-the-less I tried and, to my surprise, I didn't get an error, but neither did I get any output.
$public = '-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEkldhVs+UpzZ/E6hYF536mSYvdnfN
oEa/Idsfu7pBEcqPGHTsp+zDM/rquKwr8eoxn554LYw/3udRgzEpHk4vag==
-----END PUBLIC KEY-----';
$private = openssl_pkey_get_private('-----BEGIN PRIVATE KEY-----
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgF1ZD0LhQm5q71gL9
O+yzfX8g/sdYTBz/50nkw6wrE16hRANCAAQeZkUZ3ey7W5Czz52pOLmgSBHlnI3u
9gLcbr9NVCecEstDR0EK2+fJMfokogfW+RdoEJKN0qLdHilGPGHV/aq1
-----END PRIVATE KEY-----');
$s = openssl_dh_compute_key($public, $private);
echo bin2hex($s);
echo "\n\n";
echo openssl_error_string();
$s was false.
回答1:
OpenSSL does support ECDH. My guess PHP is not exposing the ECDH methods required to support ECDH like it does for DH.
My guess is that ECH is recommended to use the EVP functionality which will somewhat abstract the DH specifies, whereas use of ECDH_compute_key is not really documented.
It doesn't look like PHP exposes enough of the EVP functionality to support ECDH.
来源:https://stackoverflow.com/questions/56222220/does-openssl-support-ecdh