在Ruby / Rails中,如何解密由PKCS7加密和签名的字符串 [英] In Ruby/Rails, how to decrypt a string encrypted and signed by PKCS7
本文介绍了在Ruby / Rails中,如何解密由PKCS7加密和签名的字符串的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
在 PayPal中的RailsCast 中,它向您显示如何在发送之前加密URL参数它到PayPal。
PAYPAL_CERT_PEM = File.read(#{Rails.root} /certs/paypal_cert.pem)
APP_CERT_PEM = File.read(#{Rails.root} /certs/app_cert.pem)
APP_KEY_PEM = File.read(#{Rails.root} /certs/app_key.pem)
def encrypt_for_paypal(values)
signed = OpenSSL :: PKCS7 :: sign(OpenSSL :: X509 :: Certificate.new(APP_CERT_PEM),OpenSSL :: PKey :: RSA.new(APP_KEY_PEM,''),values.map {| k,v |#{k} =#{v}} .join(\\\
),[],OpenSSL :: PKCS7 :: BINARY)
OpenSSL :: PKCS7 :: encrypt ([OpenSSL :: X509 :: Certificate.new(PAYPAL_CERT_PEM)],signed.to_der,OpenSSL :: Cipher :: Cipher :: new(DES3),OpenSSL :: PKCS7 :: BINARY).to_s.gsub( \\\
,)
end
假设我正在为PayPal编写代码服务器。我该如何解密这个字符串?在我看来,这段代码都是公钥标记字符串(以验证真实性),然后加密字符串(提供隐私)。
谢谢。
解决方案约翰,这里是使用ruby openssl加密/解密的例子。
注意它使用AES作为密码,因为DES3似乎被丢弃在我的ruby openssl版本中。
在字符串中调用gsub来替换换行符似乎打破了它,所以我已经把它留下了。
希望它帮助你。
注意它使用AES作为密码,因为DES3似乎被丢弃在我的ruby openssl版本中。
在字符串中调用gsub来替换换行符似乎打破了它,所以我已经把它留下了。
希望它帮助你。
require'openssl'
PAYPAL_CERT_PEM = File。 read(paypal_cert.pem)
@paypal_cert = OpenSSL :: X509 :: Certificate.new(PAYPAL_CERT_PEM)
APP_CERT_PEM = File.read(app_cert.pem)
@app_cert = OpenSSL :: X509 :: Certificate.new(APP_CERT_PEM)
APP_KEY_PEM = File.read(app_key.pem)
@app_key = OpenSSL :: PKey :: RSA .new(APP_KEY_PEM,'')
PAYPAL_KEY_PEM = File.read(paypal_key.pem)
@paypal_key = OpenSSL :: PKey :: RSA.new(PAYPAL_KEY_PEM,'')
CERT_STORE = OpenSSL :: X509 :: Store.new
CERT_STORE.add_cert(@app_cert)
data = Hash.new
data [' customer_id'] ='123456789'
data ['customer_name'] ='史密斯先生'
def encrypt_for_paypal(values)
data_name_values = values.map {| k,v | #{k} =#{v}}
signed_data = OpenSSL :: PKCS7 :: sign(@app_cert,@app_key,data_name_values.join(\\\
),[] OpenSSL :: PKCS7 :: BINARY)
cypher = OpenSSL :: Cipher :: new(AES-128-CFB)
encrypted_data = OpenSSL :: PKCS7 ::加密([@ paypal_cert],signed_data.to_der,cypher,OpenSSL :: PKCS7 :: BINARY)
encrypted_data.to_s#.gsub(\\\
,)
end
def decrypt_by_paypal(encrypted_data)
received_encrypted_data = OpenSSL :: PKCS7.new(encrypted_data)
received_signed_data = received_encrypted_data.decrypt(@paypal_key,@paypal_cert)
p7_received_signed_data = OpenSSL :: PKCS7.new(received_signed_data)
p7_received_signed_data.verify(nil,CERT_STORE,nil,OpenSSL :: PKCS7 :: NOVERIFY)
p7_received_signed_data.data
end
encrypted_txt = encrypt_for_paypal data
puts decrypt_by_paypal encrypted_txt
In this RailsCast on PayPal it shows you how to encrypt a URL parameter before sending it to PayPal.
PAYPAL_CERT_PEM = File.read("#{Rails.root}/certs/paypal_cert.pem")
APP_CERT_PEM = File.read("#{Rails.root}/certs/app_cert.pem")
APP_KEY_PEM = File.read("#{Rails.root}/certs/app_key.pem")
def encrypt_for_paypal(values)
signed = OpenSSL::PKCS7::sign(OpenSSL::X509::Certificate.new(APP_CERT_PEM), OpenSSL::PKey::RSA.new(APP_KEY_PEM, ''), values.map { |k, v| "#{k}=#{v}" }.join("\n"), [], OpenSSL::PKCS7::BINARY)
OpenSSL::PKCS7::encrypt([OpenSSL::X509::Certificate.new(PAYPAL_CERT_PEM)], signed.to_der, OpenSSL::Cipher::Cipher::new("DES3"), OpenSSL::PKCS7::BINARY).to_s.gsub("\n", "")
end
Suppose I was writing the code for PayPal's server. How would I decrypt this string? It appears to me that this code both public-key signs the string (to verify authenticity) and then encrypts the string (to provide privacy). What would the code be for doing the reverse, decrypting and verifying authenticity?
Thanks.
解决方案
Hi John here is an example of encryption / decryption using ruby openssl. Note its using AES for the cypher as DES3 seemed to be dropped in my version of ruby openssl. Calling gsub on the string to replace newlines seemed to break it so i have left it commented out. Hope it helps you out.
require 'openssl'
PAYPAL_CERT_PEM = File.read("paypal_cert.pem")
@paypal_cert = OpenSSL::X509::Certificate.new(PAYPAL_CERT_PEM)
APP_CERT_PEM = File.read("app_cert.pem")
@app_cert = OpenSSL::X509::Certificate.new(APP_CERT_PEM)
APP_KEY_PEM = File.read("app_key.pem")
@app_key = OpenSSL::PKey::RSA.new(APP_KEY_PEM, '')
PAYPAL_KEY_PEM = File.read("paypal_key.pem")
@paypal_key = OpenSSL::PKey::RSA.new(PAYPAL_KEY_PEM, '')
CERT_STORE = OpenSSL::X509::Store.new
CERT_STORE.add_cert(@app_cert)
data = Hash.new
data['customer_id'] = '123456789'
data['customer_name'] = 'Mr Smith'
def encrypt_for_paypal(values)
data_name_values = values.map { |k, v| "#{k}=#{v}" }
signed_data = OpenSSL::PKCS7::sign(@app_cert, @app_key, data_name_values.join("\n"), [], OpenSSL::PKCS7::BINARY)
cypher = OpenSSL::Cipher::new("AES-128-CFB")
encrypted_data = OpenSSL::PKCS7::encrypt([@paypal_cert], signed_data.to_der, cypher, OpenSSL::PKCS7::BINARY)
encrypted_data.to_s #.gsub("\n", "")
end
def decrypt_by_paypal(encrypted_data)
received_encrypted_data = OpenSSL::PKCS7.new(encrypted_data)
received_signed_data = received_encrypted_data.decrypt(@paypal_key, @paypal_cert)
p7_received_signed_data = OpenSSL::PKCS7.new(received_signed_data)
p7_received_signed_data.verify(nil, CERT_STORE, nil, OpenSSL::PKCS7::NOVERIFY)
p7_received_signed_data.data
end
encrypted_txt = encrypt_for_paypal data
puts decrypt_by_paypal encrypted_txt
这篇关于在Ruby / Rails中,如何解密由PKCS7加密和签名的字符串的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
