为什么我使用openssl和golang生成的RSA签名有所不同? [英] Why are the RSA signatures I generate with openssl and golang different?
问题描述
我使用openssl命令来标记消息Test。,使用hexdump输出
#echoTest。 | openssl rsautl -inkey privite.key -sign -hexdump
0000 - 09 1b ce e2 4b 69 86 be-d7 b1 fb f0 ec e4 53 0e .... Ki ........ S。
0010 - ef 9c a4 7b db d3 21 d5-3e 78 23 61 89 34 7e bc ... {..!。> x#a.4〜。
0020 - e9 1e 5a e9 f4 40 e6 53-07 e4 dd 1a fe 31 ec 42 ..Z .. @。S ..... 1.B
0030 - 98 a5 07 d4 7e d9 f4 01-2f ba a3 65 18 b7 69 a4 ....〜... / .. e ..i。
十六进制字符串为091bcee24b69 ...
My private.Key
#cat private.Key
----- BEGIN RSA PRIVATE KEY-- ---
MIIBOgIBAAJBALKZD0nEffqM1ACuak0bijtqE2QrI / KLADv7l3kK3ppMyCuLKoF0
fd7Ai2KW5ToIwzFofvJcS / STa6HA5gQenRUCAwEAAQJBAIq9amn00aS0h / CrjXqu
/ ThglAXJmZhOMPVn4eiu7 / ROixi9sex436MaVeMqSNf7Ex9a8fRNfWss7Sqd9eWu
RTUCIQDasvGASLqmjeffBNLTXV2A5g4t + kLVCpsEIZAycV5GswIhANEPLmax0ME /
EO + ZJ79TJKN5yiGBRsv5yvx5UiHxajEXAiAhAol5N4EUyq6I9w1rYdhPMGpLfk7A
IU2snfRJ6Nq2CQIgFrPsWRCkV + gOYcajD17rEqmuLrdIRexpg8N1DOSXoJ8CIGlS
tAboUGBxTDq3ZroNism3DaMIbKPyYrAqhKov1h5V
----- END RSA PRIVATE KEY -----
使用Golang生成签名
var prvKeyPem =`----- BEGIN RSA PRIVATE KEY -----
MIIBOgIBAAJBALKZD0nEffqM1ACuak0bijtqE2QrI / KLADv7l3kK3ppMyCuLKoF0
fd7Ai2KW5ToIwzFofvJcS / STa6HA5gQenRUCAwEAAQJBAIq9amn00aS0h / CrjXqu
/ ThglAXJmZhOMPVn4eiu7 / ROIXi9se x436MaVeMqSNf7Ex9a8fRNfWss7Sqd9eWu
RTUCIQDasvGASLqmjeffBNLTXV2A5g4t + kLVCpsEIZAycV5GswIhANEPLmax0ME /
EO + ZJ79TJKN5yiGBRsv5yvx5UiHxajEXAiAhAol5N4EUyq6I9w1rYdhPMGpLfk7A
IU2snfRJ6Nq2CQIgFrPsWRCkV + gOYcajD17rEqmuLrdIRexpg8N1DOSXoJ8CIGlS
tAboUGBxTDq3ZroNism3DaMIbKPyYrAqhKov1h5V
----- END RSA私钥-----`
func GenerateSignature(){
block,_:= pem.Decode([] byte(prvKeyPem))
if block == nil {
panic(failed to parse根证书PEM)
}
privKey,err:= x509.ParsePKCS1PrivateKey(block.Bytes)//x509.ParseCertificate(block.Bytes)
if err!= nil {
panic(未解析证书:+ err.Error())
}
indata:=测试。
h:= sha256.New()
h.Write([] byte(indata))
digest:= h.Sum(nil)
s,err: = rsa.SignPKCS1v15(rand.Reader,privKey,crypto.SHA256,digest)
if err!= nil {
panic(failed to sign:+ err.Error())
}
fmt.Printf(%x\\\
,s)
}
func main(){
GenerateSignature()
}
请运行以下代码:
52e1cce3810c1a89693cf6965d1035618820a9e3a7b95203d885c4153dc3f7424b98e3ba628a186f1074d672bb59a1c0788a9c2064951ca2326eb1bf8e3e49e9
但我认为应该是:
091bcee24b69 ...
我的错在哪里?除了由> echo 所添加的换行符外 在 helmbert的答案中描述,OpenSSL rsautl 命令直接运行所提供的数据,而Go代码首先使用SHA256对数据进行散列化,然后签署结果摘要。
要使用OpenSSL执行Go代码,您可以使用 dgst 命令 (注意,我已经将 -n 选项包含到 -sign echo ):
$ echo -n测试。 | openssl dgst -sha256 -sign private.key -hex
52e1cce3810c1a89693cf6965d1035618820a9e3a7b95203d885c4153dc3f7424b98e3ba628a186f1074d672bb59a1c0788a9c2064951ca2326eb1bf8e3e49e9
以相反方式并在Go代码中对散列消息进行签名,您可以将 hash 参数的值作为 0 传递给< a href =https://golang.org/pkg/crypto/rsa/#SignPKCS1v15 =nofollow noreferrer> rsa.SignPKCS1v15 :
indata:= [] byte(Test。)
s ,err:= rsa.SignPKCS1v15(nil,privKey,0,indata)
I use openssl command to sign the message "Test.", output with hexdump
# echo "Test." | openssl rsautl -inkey privite.key -sign -hexdump
0000 - 09 1b ce e2 4b 69 86 be-d7 b1 fb f0 ec e4 53 0e ....Ki........S.
0010 - ef 9c a4 7b db d3 21 d5-3e 78 23 61 89 34 7e bc ...{..!.>x#a.4~.
0020 - e9 1e 5a e9 f4 40 e6 53-07 e4 dd 1a fe 31 ec 42 ..Z..@.S.....1.B
0030 - 98 a5 07 d4 7e d9 f4 01-2f ba a3 65 18 b7 69 a4 ....~.../..e..i.
The hex string is 091bcee24b69...
My private.Key
# cat private.Key
-----BEGIN RSA PRIVATE KEY-----
MIIBOgIBAAJBALKZD0nEffqM1ACuak0bijtqE2QrI/KLADv7l3kK3ppMyCuLKoF0
fd7Ai2KW5ToIwzFofvJcS/STa6HA5gQenRUCAwEAAQJBAIq9amn00aS0h/CrjXqu
/ThglAXJmZhOMPVn4eiu7/ROixi9sex436MaVeMqSNf7Ex9a8fRNfWss7Sqd9eWu
RTUCIQDasvGASLqmjeffBNLTXV2A5g4t+kLVCpsEIZAycV5GswIhANEPLmax0ME/
EO+ZJ79TJKN5yiGBRsv5yvx5UiHxajEXAiAhAol5N4EUyq6I9w1rYdhPMGpLfk7A
IU2snfRJ6Nq2CQIgFrPsWRCkV+gOYcajD17rEqmuLrdIRexpg8N1DOSXoJ8CIGlS
tAboUGBxTDq3ZroNism3DaMIbKPyYrAqhKov1h5V
-----END RSA PRIVATE KEY-----
Generate signature with Golang
var prvKeyPem = `-----BEGIN RSA PRIVATE KEY-----
MIIBOgIBAAJBALKZD0nEffqM1ACuak0bijtqE2QrI/KLADv7l3kK3ppMyCuLKoF0
fd7Ai2KW5ToIwzFofvJcS/STa6HA5gQenRUCAwEAAQJBAIq9amn00aS0h/CrjXqu
/ThglAXJmZhOMPVn4eiu7/ROixi9sex436MaVeMqSNf7Ex9a8fRNfWss7Sqd9eWu
RTUCIQDasvGASLqmjeffBNLTXV2A5g4t+kLVCpsEIZAycV5GswIhANEPLmax0ME/
EO+ZJ79TJKN5yiGBRsv5yvx5UiHxajEXAiAhAol5N4EUyq6I9w1rYdhPMGpLfk7A
IU2snfRJ6Nq2CQIgFrPsWRCkV+gOYcajD17rEqmuLrdIRexpg8N1DOSXoJ8CIGlS
tAboUGBxTDq3ZroNism3DaMIbKPyYrAqhKov1h5V
-----END RSA PRIVATE KEY-----`
func GenerateSignature() {
block, _ := pem.Decode([]byte(prvKeyPem))
if block == nil {
panic("failed to parse root certificate PEM")
}
privKey, err := x509.ParsePKCS1PrivateKey(block.Bytes) //x509.ParseCertificate(block.Bytes)
if err != nil {
panic("failed to parse certificate: " + err.Error())
}
indata := "Test."
h := sha256.New()
h.Write([]byte(indata))
digest := h.Sum(nil)
s, err := rsa.SignPKCS1v15(rand.Reader, privKey, crypto.SHA256, digest)
if err != nil {
panic("failed to sign:" + err.Error())
}
fmt.Printf("%x\n", s)
}
func main() {
GenerateSignature()
}
go run this code, following is output: 52e1cce3810c1a89693cf6965d1035618820a9e3a7b95203d885c4153dc3f7424b98e3ba628a186f1074d672bb59a1c0788a9c2064951ca2326eb1bf8e3e49e9
But I think it should be:
091bcee24b69...
Where is my wrong? Thanks
In addition to the newline added by echo described in helmbert’s answer, the OpenSSL rsautl command operates directly on the supplied data, while the Go code first hashes the data with SHA256 and then signs the resulting digest.
To perform the same as the Go code with OpenSSL, you can use the dgst command with the -sign option (note I’ve included the -n option to echo here too):
$ echo -n "Test." | openssl dgst -sha256 -sign private.key -hex
52e1cce3810c1a89693cf6965d1035618820a9e3a7b95203d885c4153dc3f7424b98e3ba628a186f1074d672bb59a1c0788a9c2064951ca2326eb1bf8e3e49e9
To go the other way and sign the raw message without hashing in Go code, you can pass 0 as the value of the hash argument to rsa.SignPKCS1v15:
indata := []byte("Test.")
s, err := rsa.SignPKCS1v15(nil, privKey, 0, indata)
这篇关于为什么我使用openssl和golang生成的RSA签名有所不同?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
