签名数据使用 openssl_sign 和 openssl_verify 给出不匹配
Signing data gives mismatch using openssl_sign and openssl_verify
最近几天我尝试使用 openssl_sign 在 XML 数据上生成签名,然后使用 openssl_verify 验证这一点。不幸的是 openssl_verify 一直返回 false。由于我不确定从证书中提取的私钥和 public 密钥是否正常,因此我也尝试了 a basic example。
openssl_sign确实是returns二进制签名。到目前为止一切顺利(也使用我从 PEM 证书中提取的私钥完成了此操作)。同样在示例中 openssl_verify returns false。我假设示例中的私钥和 public 密钥是正确的。对如何签名和验证有帮助吗?
<?php
$Data = "ABCDEFGHIJKLMNOPQRSTUVWXYZ";
// $key_private_id = openssl_get_privatekey(file_get_contents($ClientCertFile), $passphrase);
// $key_public_id = openssl_get_publickey(file_get_contents($ClientCertFile));
$key_private_id = <<<EOD
-----BEGIN RSA PRIVATE KEY-----
MIIBOgIBAAJBANDiE2+Xi/WnO+s120NiiJhNyIButVu6zxqlVzz0wy2j4kQVUC4Z
RZD80IY+4wIiX2YxKBZKGnd2TtPkcJ/ljkUCAwEAAQJAL151ZeMKHEU2c1qdRKS9
sTxCcc2pVwoAGVzRccNX16tfmCf8FjxuM3WmLdsPxYoHrwb1LFNxiNk1MXrxjH3R
6QIhAPB7edmcjH4bhMaJBztcbNE1VRCEi/bisAwiPPMq9/2nAiEA3lyc5+f6DEIJ
h1y6BWkdVULDSM+jpi1XiV/DevxuijMCIQCAEPGqHsF+4v7Jj+3HAgh9PU6otj2n
Y79nJtCYmvhoHwIgNDePaS4inApN7omp7WdXyhPZhBmulnGDYvEoGJN66d0CIHra
I2SvDkQ5CmrzkW5qPaE2oO7BSqAhRZxiYpZFb5CI
-----END RSA PRIVATE KEY-----
EOD;
$key_public_id = <<<EOD
-----BEGIN PUBLIC KEY-----
MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDiE2+Xi/WnO+s120NiiJhNyIButVu6
zxqlVzz0wy2j4kQVUC4ZRZD80IY+4wIiX2YxKBZKGnd2TtPkcJ/ljkUCAwEAAQ==
-----END PUBLIC KEY-----
EOD;
if(!openssl_sign($Data, $Signature, $key_private_id, OPENSSL_ALGO_SHA1 )) {
echo "Failed to sign data: $Data ";
}
if(!openssl_verify($Data, $Signature, $key_public_id, OPENSSL_ALGO_SHA1)) {
echo "Verify failed on signed data: $Data ";
}
这是一个常见的错误。 PHP documentation for the heredoc format 表示:
Warning It is very important to note that the line with the closing identifier must contain no other characters, except a semicolon (;). That means especially that the identifier may not be indented, and there may not be any spaces or tabs before or after the semicolon.
确保在 EOD; 之后没有尾随空格,一切都会开始工作。如果您启用了正确的 PHP error logging,您会从赋值语句中得到 "undefined variable" 通知。
最近几天我尝试使用 openssl_sign 在 XML 数据上生成签名,然后使用 openssl_verify 验证这一点。不幸的是 openssl_verify 一直返回 false。由于我不确定从证书中提取的私钥和 public 密钥是否正常,因此我也尝试了 a basic example。
openssl_sign确实是returns二进制签名。到目前为止一切顺利(也使用我从 PEM 证书中提取的私钥完成了此操作)。同样在示例中 openssl_verify returns false。我假设示例中的私钥和 public 密钥是正确的。对如何签名和验证有帮助吗?
<?php
$Data = "ABCDEFGHIJKLMNOPQRSTUVWXYZ";
// $key_private_id = openssl_get_privatekey(file_get_contents($ClientCertFile), $passphrase);
// $key_public_id = openssl_get_publickey(file_get_contents($ClientCertFile));
$key_private_id = <<<EOD
-----BEGIN RSA PRIVATE KEY-----
MIIBOgIBAAJBANDiE2+Xi/WnO+s120NiiJhNyIButVu6zxqlVzz0wy2j4kQVUC4Z
RZD80IY+4wIiX2YxKBZKGnd2TtPkcJ/ljkUCAwEAAQJAL151ZeMKHEU2c1qdRKS9
sTxCcc2pVwoAGVzRccNX16tfmCf8FjxuM3WmLdsPxYoHrwb1LFNxiNk1MXrxjH3R
6QIhAPB7edmcjH4bhMaJBztcbNE1VRCEi/bisAwiPPMq9/2nAiEA3lyc5+f6DEIJ
h1y6BWkdVULDSM+jpi1XiV/DevxuijMCIQCAEPGqHsF+4v7Jj+3HAgh9PU6otj2n
Y79nJtCYmvhoHwIgNDePaS4inApN7omp7WdXyhPZhBmulnGDYvEoGJN66d0CIHra
I2SvDkQ5CmrzkW5qPaE2oO7BSqAhRZxiYpZFb5CI
-----END RSA PRIVATE KEY-----
EOD;
$key_public_id = <<<EOD
-----BEGIN PUBLIC KEY-----
MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDiE2+Xi/WnO+s120NiiJhNyIButVu6
zxqlVzz0wy2j4kQVUC4ZRZD80IY+4wIiX2YxKBZKGnd2TtPkcJ/ljkUCAwEAAQ==
-----END PUBLIC KEY-----
EOD;
if(!openssl_sign($Data, $Signature, $key_private_id, OPENSSL_ALGO_SHA1 )) {
echo "Failed to sign data: $Data ";
}
if(!openssl_verify($Data, $Signature, $key_public_id, OPENSSL_ALGO_SHA1)) {
echo "Verify failed on signed data: $Data ";
}
这是一个常见的错误。 PHP documentation for the heredoc format 表示:
Warning It is very important to note that the line with the closing identifier must contain no other characters, except a semicolon (;). That means especially that the identifier may not be indented, and there may not be any spaces or tabs before or after the semicolon.
确保在 EOD; 之后没有尾随空格,一切都会开始工作。如果您启用了正确的 PHP error logging,您会从赋值语句中得到 "undefined variable" 通知。