使用PHP openssl_verify()函数来验证通过Android客户端APP创建的签名和数据 [英] use PHP openssl_verify() function to verify Signature and data created by Android Client APP
问题描述
我读到帖子上的 openssl_verify()
我想请教一些问题涉及到 openssl_verify()
。
由于我的PHP code无法验证从Java创建签名......
有关服务器端,这是我的PHP code
< PHP
$数据= $ _ POST ['数据'];
$签名= $ _ POST ['签名'];
$ pub_key = $ _ POST ['PUBKEY'];
功能print_input()
{
全球$的数据;
全球$签名;
全球$ pub_key;
////////////////////////////////////////////////// //////////////
//我的输出,将公共密钥文件,并检查以确保它们
//是正确的PEM格式。
////////////////////////////////////////////////// /////////////
$ F =的fopen(./ Personnel_Pubkey / pubkey.pem,瓦特);
FWRITE($ F,$ pub_key);
fclose函数($ F);
$键= openssl_pkey_get_public(./Personnel_Pubkey/pubkey.pem);
如果你使用PEM格式的公钥//不行,只能与X.509格式
//证书,证书和PEM格式的私钥。
$结果= openssl_public_decrypt($签名,$数据,$键);
////////////////////////////////////////////////// //////////////
$ SIG = base64_de code($签字);
//由于某种原因,$确定的值始终为0
$确定= openssl_verify($数据,$ SIG,$键);
如果($确定== 1){
回声好;
}
ELSEIF($ OK == 0){
回声坏;}
其他 {
回声丑陋的,错误校验签名;
}
}
print_input();
?>
有关客户端Android应用程序,这里有code中的相关部分:
//创建公钥和私钥对
凯基= KeyPairGenerator.getInstance(DSA);
SecureRandom的随机= SecureRandom.getInstance(SHA1PRNG);
keyGen.initialize(1024,随机的);
//生成密钥的对的最后一个步骤是生成密钥对
//并存储在PrivateKey和公钥对象的键。
对= keyGen.generateKeyPair();
私法= pair.getPrivate();
酒馆= pair.getPublic();
//更改为PEM格式从原来的OpenSSL的格式
StringWriter的=新的StringWriter();
PEMWriter pemWriter =新PEMWriter(的StringWriter);
pemWriter.writeObject(pair.getPublic());
pemWriter.close();
//初始化签名
SIG = Signature.getInstance(带DSA的SHA1);
sig.initSign(私法);
//这是原始数据
弦乐味精=原味精;
OriginalMsgByteArray = msg.getBytes();
//把原始数据进行签名
sig.update(OriginalMsgByteArray);
// SIGN的数据,并得到签名的字节数组
byte []的realSig = sig.sign();
//改变二进制为Base64格式
signatureB =新的String(Base64.en code(realSig));
基本上,我上传信息
, signatureB
和 stringWriter.toString()
这3个参数,PHP服务器,但它似乎不工作....这是我的PEM文件的内容:
----- BEGIN公钥-----
MIIBtzCCASsGByqGSM44BAEwggEeAoGBAJ6ZIDqo1sh4pVzK8kUUA8SPxWva3sVH
hrK0D86q + xpD11qhzlw28vLnZNLSq7MaPyUNKRLZL2D3x / e4fkILf7IBh6BdfOlo
dI3CtAQ5Xqfw0aU8UZ35H8HlkrvrTu3qw / Ilb9wcc8Ag9C73TzuG6URK65fgvPK2
oN9MdDlVJztNAhUAkI2VBs / 8eHWoG7RBCyTqyVyCwXMCgYBFj9BXduZIhDBGkoub
bLwGWI6zkmC8Xel1jsRFFaRtPVS08li + SQ / XSzekidY6NP3lmYwj / kC9biG9x3mW
c5hELzOVGvLM94y1KksGC + v89M99Tlrx4zVqpajRCFDyPzJQWB / HO493q6J4HwmP
1 / ihdtk5THRGmPkx2uSgLKWlJAOBhQACgYEAirx5dLO2EG71ZFnUQ7FtU8FCVOYW
VgZRP9SLqH8Ig5nnwmg5XFSpngzNvQ8FcWRKZkKFxYoo2j7lmQN9gl5O5cKPtuqj
KecFAJA4 / 0y3jPzM / + 1dTizM6n3WLReH2xlS6OOY5EZQmpWB // qepgTT9GUGPyOL
ampB86OjNSicv0Y =
----- END公钥-----
我看到在code以上的几个潜在的问题。
首先,根据 PHP文件,您要使用openssl_get_publickey的X509证书或私钥。公开密钥不被列为选项。
其次,要做好文件的FREAD到一个变量,然后使用该变量在openssl_get_publickey方法。请看下图:
$计划生育=的fopen(./ cert.pem,R);
$证书= FREAD($计划生育,8192);
fclose函数($ FP);
$键= openssl_get_publickey($证书);
三,$ BSIG未声明或任何定义。
I read about post on openssl_verify()
I would like to ask some questions which relates to openssl_verify()
.
Because my PHP code fails to verify signature created from Java...
For server side, here's my PHP code
<?php
$data =$_POST['data'];
$signature=$_POST['sig'];
$pub_key=$_POST['pubkey'];
function print_input()
{
global $data;
global $signature;
global $pub_key;
////////////////////////////////////////////////////////////////
// I output the public key to file, and check it to make sure they
// are in correct pem format.
///////////////////////////////////////////////////////////////
$f=fopen("./Personnel_Pubkey/pubkey.pem", "w");
fwrite($f,"$pub_key");
fclose($f);
$key = openssl_pkey_get_public ("./Personnel_Pubkey/pubkey.pem");
// doesn't work if you use PEM format public key, only works with X.509 format
// certificate, and cert and private key in PEM format.
$result=openssl_public_decrypt ( $signature, $data, $key);
////////////////////////////////////////////////////////////////
$sig=base64_decode($signature);
// for some reason, the value of $ok is always 0
$ok = openssl_verify($data, $sig, $key);
if ($ok == 1) {
echo "good";
}
elseif ($ok == 0) {
echo "bad";}
else {
echo "ugly, error checking signature";
}
}
print_input();
?>
For the client Android APP, here's the related part of code:
// create public key and private key pair
keyGen = KeyPairGenerator.getInstance("DSA");
SecureRandom random = SecureRandom.getInstance("SHA1PRNG");
keyGen.initialize(1024, random);
// Generate the Pair of Keys The final step is to generate the key pair
// and to store the keys in PrivateKey and PublicKey objects.
pair = keyGen.generateKeyPair();
priv = pair.getPrivate();
pub = pair.getPublic();
// Change to PEM format from original openssl format
stringWriter = new StringWriter();
PEMWriter pemWriter = new PEMWriter(stringWriter);
pemWriter.writeObject( pair.getPublic());
pemWriter.close();
// initialize the signature
sig = Signature.getInstance("SHA1withDSA");
sig.initSign(priv);
// this is the original data
String msg = "original msg";
OriginalMsgByteArray = msg.getBytes();
// put original data to signature
sig.update(OriginalMsgByteArray);
// sign the data, and get the byte array of signature
byte[] realSig = sig.sign();
// change the binary to base64 format
signatureB = new String(Base64.encode(realSig));
Basically, I upload msg
, signatureB
, and stringWriter.toString()
these 3 parameters to the PHP server, but it seems doesn't work.... here's my PEM file content:
-----BEGIN PUBLIC KEY-----
MIIBtzCCASsGByqGSM44BAEwggEeAoGBAJ6ZIDqo1sh4pVzK8kUUA8SPxWva3sVH
hrK0D86q+xpD11qhzlw28vLnZNLSq7MaPyUNKRLZL2D3x/e4fkILf7IBh6BdfOlo
dI3CtAQ5Xqfw0aU8UZ35H8HlkrvrTu3qw/Ilb9wcc8Ag9C73TzuG6URK65fgvPK2
oN9MdDlVJztNAhUAkI2VBs/8eHWoG7RBCyTqyVyCwXMCgYBFj9BXduZIhDBGkoub
bLwGWI6zkmC8Xel1jsRFFaRtPVS08li+SQ/XSzekidY6NP3lmYwj/kC9biG9x3mW
c5hELzOVGvLM94y1KksGC+v89M99Tlrx4zVqpajRCFDyPzJQWB/HO493q6J4HwmP
1/ihdtk5THRGmPkx2uSgLKWlJAOBhQACgYEAirx5dLO2EG71ZFnUQ7FtU8FCVOYW
VgZRP9SLqH8Ig5nnwmg5XFSpngzNvQ8FcWRKZkKFxYoo2j7lmQN9gl5O5cKPtuqj
KecFAJA4/0y3jPzM/+1dTizM6n3WLReH2xlS6OOY5EZQmpWB//qepgTT9GUGPyOL
ampB86OjNSicv0Y=
-----END PUBLIC KEY-----
I see a few potential issues in the code above.
First, according to the PHP documentation, you want to use openssl_get_publickey on an X509 certificate or a private key. Public key is not listed as an option.
Second, you want to do an fread of the file into a variable and then use that variable in the openssl_get_publickey method. See below:
$fp = fopen("./cert.pem", "r");
$cert = fread($fp, 8192);
fclose($fp);
$key = openssl_get_publickey($cert);
Third, $bsig isn't declared or defined anywhere.
这篇关于使用PHP openssl_verify()函数来验证通过Android客户端APP创建的签名和数据的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!