有什么方法可以在PHP中生成PSS填充签名? [英] Is there any way to generate PSS padded signatures in PHP?

问题描述

在PHP中，我想用PSS填充和SHA512摘要对一些文档进行签名.

In PHP, I want to sign some documents with a padding of PSS, and a digest of SHA512.

根据文档，位于 http://www.php.net/manual/en/function.openssl-sign.php ，我可以根据需要设置摘要，方法是使用字符串，例如

According to the docs, at http://www.php.net/manual/en/function.openssl-sign.php, I can set the digest however I need, by using a string, such as

openssl_sign($text-to-sign,$binary_signature,$privkey,"sha512");

但是，我看不到任何设置填充的方法.

I don't see any way to set the padding, however.

有人可以帮我理解我如何使用RSA-PSS填充样式(如PKCS#1的2.1版中所示)对文本进行签名吗?

Can anyone please help me understand how I can sign text, using the RSA-PSS padding style, as seen in version 2.1 of PKCS #1?

推荐答案

我和您有相同的需求，但是在2019年(我想我们现在有更好的库了；)

I had the same needs as you, but in 2019 (I assume we got better libraries now ;)

您已经发现，方法是使用 phpseclib ，该版本现在在Debian Stretch中为2.0版

As you already discovered, the way is using phpseclib, which is now at version 2.0 in Debian Stretch.

这是我用于使用8192 RSA密钥，PSS填充和SHA512哈希函数对一些二进制数据进行签名的代码:

This is the code I used to sign some binary data, using a 8192 RSA key, with PSS padding and a SHA512 hash function:

require "/usr/share/php/phpseclib/autoload.php";
use phpseclib\Crypt\RSA;

// INPUT DATA
$privkey = "...";   // I used a RSA private key in PEM format, generated by openssl, but phpseclib supports many formats...
$mydata = "...";    // I generated some binary bytes here...

// SIGNING
$rsa = new RSA();
if ($rsa->loadKey($privkey) != TRUE) {
    echo "Error loading private key";
    return;
}
$rsa->setHash("sha512");
$rsa->setMGFHash("sha512"); // This NEEDS to be set, or the default will be used
$rsa->setSignatureMode(RSA::SIGNATURE_PSS); // This doesn't need to be set, as it is already the default value
$signatureBytes = $rsa->sign($mydata);

$ signatureBytes 是一个 binary 字符串(或一个字节数组，正如您在C/C ++/C#中所称的那样).它没有任何编码，并且可能包含NULL字节.这是您想要的签名.

$signatureBytes is a binary string (or an array of bytes, as you call it in C/C++/C#). It doesn't have any encoding, and may contain NULL bytes. This is your wanted signature.

侧面说明:几乎需要安装php-gmp，否则您的签名时间会很痛苦.此处有一些基准.

Side note: it's nearly required to insall php-gmp, or you'll get painfully slow signing times. Here there are some benchmarks.

openssl dgst -sha512 -sigopt rsa_padding_mode:pss -sigoptrsa_pss_saltlen:-1-验证pubkey.pem -signature signature.binplaintextdata.dat

openssl dgst -sha512 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:-1 -verify pubkey.pem -signature signature.bin plaintextdata.dat

详细地， -sigopt rsa_pss_saltlen:-1 告诉 openssl 使用与哈希算法大小匹配的盐长度.(这是Microsoft API所做的，并且没有办法改变这种行为)

In detail, the -sigopt rsa_pss_saltlen:-1 tells openssl to use a salt length that matches the hashing algorithm size. (this is what the Microsoft APIs do, and there's no way to change that behavior)

为了能够在.NET世界中使用RSA公钥而不使用任何其他库，您需要首先使用openssl将其以BLOB格式导出:

In order to be able to use the RSA public key in the .NET world, without using any other library, you need first to export it in BLOB format using openssl:

openssl rsa -pubin -inform PEM -in pubkey.pem -outform"MS PUBLICKEYBLOB" -out pubkey.blob

openssl rsa -pubin -inform PEM -in pubkey.pem -outform "MS PUBLICKEYBLOB" -out pubkey.blob

然后，您需要使用新的 RSACng CryptoProvider的.NET 4.6.

Then, you need .NET 4.6, with the new RSACng CryptoProvider.

这就是代码:

// Import the public key (as BLOBDATA)
RSACryptoServiceProvider^ rsaCsp = gcnew RSACryptoServiceProvider();
rsaCsp->ImportCspBlob(pubkey);
RSAParameters rsaParams = rsaCsp->ExportParameters(false);

RSA^ rsa = gcnew RSACng();
rsa->ImportParameters(rsaParams);
array<Byte>^ dataBytes = ...;
array<Byte>^ signatureBytes = ...;
bool signIsValid = rsa->VerifyData(dataBytes, signatureBytes, HashAlgorithmName::SHA512, RSASignaturePadding::Pss);

这篇关于有什么方法可以在PHP中生成PSS填充签名?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！