在ObjectiveC中签名字符串并在PHP中进行验证-不起作用 [英] Signing string in ObjectiveC and Verifying in PHP - Not working

问题描述

我正在ObjectiveC中签名一个字符串，并在PHP中验证生成的签名.

I am signing a string in ObjectiveC and verifying the generated signature in PHP.

让我说我在ObjectiveC中使用带有RSA_sign方法(OpenSSL Lib)的privateKey在字符串"b1be1970fa802f43cdfa382bb3f3a524590b2170"上签名.我得到了生成的签名

lets say I sign a string "b1be1970fa802f43cdfa382bb3f3a524590b2170" using my privateKey with RSA_sign method (OpenSSL Lib) in ObjectiveC. And I get generated signature

我使用带有opensl_verify方法的PublicKey在PHP中验证签名.

I verify the signature in PHP using PublicKey with openssl_verify method.

验证失败

任何想法可能有什么问题.

Any idea what might be wrong..

iOS代码:

NSString *handshakeChallengeStr = [NSString stringWithFormat:@"YjFiZTE5NzBmYTgwMmY0M2NkZmEzODJiYjNmM2E1MjQ1OTBiMjE3MA=="];
NSData *hcData = [NSData dataFromBase64String:handshakeChallengeStr];
const unsigned char *message = (const unsigned char *)[hcData bytes];
unsigned int message_length =strlen((const void *)message); //56

unsigned char *sig = NULL;
unsigned int sig_len = 0;

//Retriving PrivateKey
RSA *privKey = NULL;
EVP_PKEY *PrivateKey;
FILE *priv_key_file;
NSArray *paths = NSSearchPathForDirectoriesInDomains( NSDocumentDirectory, NSUserDomainMask, YES);
NSString *keyFilePath = [[paths objectAtIndex:0]stringByAppendingPathComponent:@"privateKey.pem"];

priv_key_file = fopen([keyFilePath UTF8String], "r");
PrivateKey = PEM_read_PrivateKey(priv_key_file, NULL, NULL, NULL);
privKey = EVP_PKEY_get1_RSA(PrivateKey);

sig = malloc(RSA_size(privKey));

int success = RSA_sign(NID_sha1, message, message_length, sig, &sig_len, privKey);
if(success == 1){
    NSLog(@"Signature Generated!!");
}

PHP代码:

$private = '-----BEGIN PRIVATE KEY-----
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDZz+ztvFV3qYu8
4NHErDVfVzfVhAVoCqQiCFBWpuNJk0xPgGIkwDkehhyIxCT1CD/GNYQSjpoFlfId
….
-----END PRIVATE KEY-----';

$public='-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2c/s7bxVd6mLvODRxKw1
X1c31YQFaAqkIghQVqbjSZNMT4BiJMA5HoYciMQk9Qg/xjWEEo6aBZXyHekc7w1d
……
-----END PUBLIC KEY-----';

$HandshakeStr = base64_decode('YjFiZTE5NzBmYTgwMmY0M2NkZmEzODJiYjNmM2E1MjQ1OTBiMjE3MA==');;

openssl_sign($HandshakeStr, $sig, $private);

推荐答案

PHP openssl_sign 通过使用SHA1进行哈希处理( PHP:openssl_sign ).

OpenSSL RSA_sign 对消息摘要签名 m，大小为m_len(OpenSSL:RSA_sign(3))

OpenSSL RSA_sign signs the message digest m of size m_len (OpenSSL: RSA_sign(3))

使用原始的OpenSSL函数时，您必须自己进行哈希处理:

When you use the raw OpenSSL functions you have to do the hashing yourself:

    unsigned char message_digest[SHA_DIGEST_LENGTH];
    SHA1(message, message_length, message_digest);
    int success = RSA_sign(NID_sha1, message_digest, SHA_DIGEST_LENGTH, sig, &sig_len, privKey);

顺便说一句，使用RSA验证-并非每个签名方案都是确定性的.

By the way, use RSA verify - not every signature scheme is deterministic.

这篇关于在ObjectiveC中签名字符串并在PHP中进行验证-不起作用的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！