如何在PHP中对文件进行数字签名 [英] how to digitally sign a file in PHP

问题描述

我在数据库中创建了一个 user 表，其中包含用于保存用户信息的不同列.另外，我还添加了两列 public_key 和 private_key . 用户注册时，其信息将插入到表中.再加上我正在使用:

I made a user table in my DB with different columns for holding users' info. Also I have added two columns public_key and private_key. When a user registers, his info will be inserted to the table. plus I am using:

// Create the keypair
$res=openssl_pkey_new();

// Get private key
openssl_pkey_export($res, $privatekey);

// Get public key
$publickey=openssl_pkey_get_details($res);
$publickey=$publickey["key"];

创建一个随机密钥对并将其提供给用户，以便每个用户都有一个密钥对. 我希望我的用户具有数字签名功能，所以当他们上传文件时，便对其进行了签名.

to create a random key pair and give it to user so that every user has a key pair. I want my users to have digital-signature ability, so when they upload a file they sign it.

我决定先签名示例文件(msg.txt)，看是否可以，然后继续.看起来很直接:

I decided to sign a sample file(msg.txt) first to see if I can and then proceed. It looks straight forward:

openssl_pkcs7_sign("msg.txt", "signed.txt", "signing_cert.pem",
array("private_key.pem", "mypassphrase"),
array()
);

问题是:什么是signing_cert.pem和private_key.pem?我将生成的公钥粘贴到signing_cert.pem中，将私钥粘贴到private_key.pem中，但是我看到此错误:

The problem is: what are signing_cert.pem and private_key.pem ? I pasted my generated public key in signing_cert.pem and the private one in private_key.pem, but I see this error:

Warning: openssl_pkcs7_sign() [function.openssl-pkcs7-sign]: error getting 
private key in /home/ofathian/public_html/msc/ebook/mine/assymetric-test.php 
on line 40

任何意见都值得赞赏.

推荐答案

我得出了为什么不建立自己的数字签名功能的结论.

I came to conclusion of why not make my own digital signing function.

数字签名算法的工作原理如下: 首先将纯文本进行哈希处理，然后再用用户的私钥进行加密，然后再返回结果 与纯文本串联.

digital signing algorithm works like this: first the plain text is hashed then it is encypted by user's private key, then the result is concatenated with the plain text.

伪代码:

return [input + encrypt(md5(input),private_key)]

用于验证:输入被分为纯文本和签名.然后签名被解密 使用公钥.然后将结果与纯文本的哈希进行比较，如果它们比较 相等，表示签名已经过验证.

For verifying: Input is splitted to plain text and signature. then signature is decrypted using public key. Then the result is compared to the hash of the plain text and if they are equal it means the signature is verified.

伪代码:

explode(input) --> plain_text , signature
if( decrypt(signature,public_key) == md5(plain_text) ) then signature is trusted

现在，我已经测试并且当前正在使用的真实PHP代码:

Now the real PHP code which I have tested and currently using:

function sign($cleartext,$private_key)
{
    $msg_hash = md5($cleartext);
    openssl_private_encrypt($msg_hash, $sig, $private_key);
    $signed_data = $cleartext . "----SIGNATURE:----" . $sig;
    return mysql_real_escape_string($signed_data);
}

function verify($my_signed_data,$public_key)
{
    list($plain_data,$old_sig) = explode("----SIGNATURE:----", $my_signed_data);
    openssl_public_decrypt($old_sig, $decrypted_sig, $public_key);
    $data_hash = md5($plain_data);
    if($decrypted_sig == $data_hash && strlen($data_hash)>0)
        return $plain_data;
    else
        return "ERROR -- untrusted signature";
}

这篇关于如何在PHP中对文件进行数字签名的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！