我怎样才能使有效的签名PHP openssl [英] how can i make valid signature php openssl

问题描述

我如何生成有效的签名以及如何使用我的私钥对请求正文进行签名 我已经尝试过这样的代码，但结果总是签名无效 还有其他办法吗? 在问我已经搜索过google的问题之前，但我还没有一个正确的答案

how can i generate valid signature and how to sign request body with my private key me already try code like this but the result always signature not valid is there any other way? before asking me already searching google for solved the problem but me not yet have a corret answer

function mgAccount(){

    $url = "http://aaaa.com";

    $getFields = [
        "oaa_id" => 838,
    ];

    $data_string = json_encode($getFields);

    $sign = createPrivateAndPublicKey($data_string);

    $header = array();
    $header[] = "Content-Type: application/json";
    $header[] = "Accept: application/json";
    $header[] = "Signature: $sign";

    $ch = curl_init();
    curl_setopt($ch, CURLOPT_URL, $url);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
    curl_setopt($ch, CURLOPT_HTTPHEADER, $header);                                      
    curl_setopt($ch, CURLOPT_POST, 1);
    curl_setopt($ch, CURLOPT_POSTFIELDS, $data_string);
    $output = curl_exec($ch);

    curl_close($ch);
    return json_decode($output,true);
}

function createPrivateAndPublicKey($data)
{
    // import your private key
    $privateKeyId = openssl_pkey_get_private(file_get_contents('private.pem'));
    // sign date with your private key
    openssl_sign($data, $signature, $privateKeyId, 'RSA-SHA256');
    // encode into base64
    $sign = base64_encode($signature);
    // you may free up memory after, but I wouldn't recommend, since you are going to make many requests 
    and sign each of them.
   // importing key from file each time isn't brightest idea
    openssl_free_key($privateKeyId);
    // importing public key
    $pub_key = openssl_pkey_get_public(file_get_contents('public.pem'));
    // verifying signature for $data and imported public key
    // note that signature firstly was decoded from base64
    $valid = openssl_verify($data, base64_decode($sign), $pub_key, 'RSA-SHA256');

    if ($valid == 1){
      echo "signature is valid \n";
    } else {
      echo "signature is NOT valid \n";
    }
    // same thing about freeing of key
    openssl_free_key($pub_key);
}

推荐答案

我的最佳猜测:您的私钥与公钥不匹配.

my best guess: your private key doesn't match your public key.

当我运行此特定代码时:

when i run this specific code:

$private_key = <<<'EOD'
-----BEGIN RSA PRIVATE KEY-----
MIIBOgIBAAJBANDiE2+Xi/WnO+s120NiiJhNyIButVu6zxqlVzz0wy2j4kQVUC4Z
RZD80IY+4wIiX2YxKBZKGnd2TtPkcJ/ljkUCAwEAAQJAL151ZeMKHEU2c1qdRKS9
sTxCcc2pVwoAGVzRccNX16tfmCf8FjxuM3WmLdsPxYoHrwb1LFNxiNk1MXrxjH3R
6QIhAPB7edmcjH4bhMaJBztcbNE1VRCEi/bisAwiPPMq9/2nAiEA3lyc5+f6DEIJ
h1y6BWkdVULDSM+jpi1XiV/DevxuijMCIQCAEPGqHsF+4v7Jj+3HAgh9PU6otj2n
Y79nJtCYmvhoHwIgNDePaS4inApN7omp7WdXyhPZhBmulnGDYvEoGJN66d0CIHra
I2SvDkQ5CmrzkW5qPaE2oO7BSqAhRZxiYpZFb5CI
-----END RSA PRIVATE KEY-----
EOD;
$public_key = <<<'EOD'
-----BEGIN PUBLIC KEY-----
MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDiE2+Xi/WnO+s120NiiJhNyIButVu6
zxqlVzz0wy2j4kQVUC4ZRZD80IY+4wIiX2YxKBZKGnd2TtPkcJ/ljkUCAwEAAQ==
-----END PUBLIC KEY-----
EOD;
$data="test";
$privateKeyId = openssl_pkey_get_private($private_key);
// sign date with your private key
openssl_sign($data, $signature, $privateKeyId, 'RSA-SHA256');
// encode into base64
$sign = base64_encode($signature);
// you may free up memory after, but I wouldn't recommend, since you are going to make many requests and sign each of them.
  // importing key from file each time isn't brightest idea
openssl_free_key($privateKeyId);
// importing public key
$pub_key = openssl_pkey_get_public($public_key);
// verifying signature for $data and imported public key
// note that signature firstly was decoded from base64
$valid = openssl_verify($data, base64_decode($sign), $pub_key, 'RSA-SHA256');

if ($valid == 1){
  echo "signature is valid \n";
} else {
  echo "signature is NOT valid \n";
}
// same thing about freeing of key
openssl_free_key($pub_key);

它输出signature is valid，所以问题可能出在您的钥匙对上. (PS createPrivateAndPublicKey是一个不创建任何东西的函数的愚蠢名称.)

it outputs signature is valid so the problem is probably your key pair. (PS createPrivateAndPublicKey is a stupid name for a function that doesn't create anything..)

您的curl代码也非常混乱，因为createPrivateAndPublicKey是一个void函数，它不返回任何内容，所以当您这样做

also your curl code is very confused, as createPrivateAndPublicKey is a void function, it doesn't return anything, so when you do

$sign = createPrivateAndPublicKey($data_string);
$header[] = "Signature: $sign";

您将$sign分配给NULL，并且当您将NULL添加到字符串时，什么也没有发生，因此您设置的标头只是Signature: (blank)

you're assigning $sign to NULL and when you to add NULL to a string, nothing happens, so the header you set is just Signature: (blank)

这篇关于我怎样才能使有效的签名PHP openssl的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！