php - 我怎样才能使有效的签名 php openssl
问题描述
我如何生成有效签名以及如何使用我的私钥签署请求正文我已经尝试过这样的代码,但结果总是签名无效还有其他方法吗?在问我已经在谷歌搜索解决问题但我还没有正确答案之前
function mgAccount(){
$url = "http://aaaa.com";
$getFields = [
"oaa_id" => 838,
];
$data_string = json_encode($getFields);
$sign = createPrivateAndPublicKey($data_string);
$header = array();
$header[] = "Content-Type: application/json";
$header[] = "Accept: application/json";
$header[] = "Signature: $sign";
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, $header);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $data_string);
$output = curl_exec($ch);
curl_close($ch);
return json_decode($output,true);
}
function createPrivateAndPublicKey($data)
{
// import your private key
$privateKeyId = openssl_pkey_get_private(file_get_contents('private.pem'));
// sign date with your private key
openssl_sign($data, $signature, $privateKeyId, 'RSA-SHA256');
// encode into base64
$sign = base64_encode($signature);
// you may free up memory after, but I wouldn't recommend, since you are going to make many requests
and sign each of them.
// importing key from file each time isn't brightest idea
openssl_free_key($privateKeyId);
// importing public key
$pub_key = openssl_pkey_get_public(file_get_contents('public.pem'));
// verifying signature for $data and imported public key
// note that signature firstly was decoded from base64
$valid = openssl_verify($data, base64_decode($sign), $pub_key, 'RSA-SHA256');
if ($valid == 1){
echo "signature is valid \n";
} else {
echo "signature is NOT valid \n";
}
// same thing about freeing of key
openssl_free_key($pub_key);
}
解决方案
我最好的猜测:您的私钥与您的公钥不匹配。
当我运行此特定代码时:
$private_key = <<<'EOD'
-----BEGIN RSA PRIVATE KEY-----
MIIBOgIBAAJBANDiE2+Xi/WnO+s120NiiJhNyIButVu6zxqlVzz0wy2j4kQVUC4Z
RZD80IY+4wIiX2YxKBZKGnd2TtPkcJ/ljkUCAwEAAQJAL151ZeMKHEU2c1qdRKS9
sTxCcc2pVwoAGVzRccNX16tfmCf8FjxuM3WmLdsPxYoHrwb1LFNxiNk1MXrxjH3R
6QIhAPB7edmcjH4bhMaJBztcbNE1VRCEi/bisAwiPPMq9/2nAiEA3lyc5+f6DEIJ
h1y6BWkdVULDSM+jpi1XiV/DevxuijMCIQCAEPGqHsF+4v7Jj+3HAgh9PU6otj2n
Y79nJtCYmvhoHwIgNDePaS4inApN7omp7WdXyhPZhBmulnGDYvEoGJN66d0CIHra
I2SvDkQ5CmrzkW5qPaE2oO7BSqAhRZxiYpZFb5CI
-----END RSA PRIVATE KEY-----
EOD;
$public_key = <<<'EOD'
-----BEGIN PUBLIC KEY-----
MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDiE2+Xi/WnO+s120NiiJhNyIButVu6
zxqlVzz0wy2j4kQVUC4ZRZD80IY+4wIiX2YxKBZKGnd2TtPkcJ/ljkUCAwEAAQ==
-----END PUBLIC KEY-----
EOD;
$data="test";
$privateKeyId = openssl_pkey_get_private($private_key);
// sign date with your private key
openssl_sign($data, $signature, $privateKeyId, 'RSA-SHA256');
// encode into base64
$sign = base64_encode($signature);
// you may free up memory after, but I wouldn't recommend, since you are going to make many requests and sign each of them.
// importing key from file each time isn't brightest idea
openssl_free_key($privateKeyId);
// importing public key
$pub_key = openssl_pkey_get_public($public_key);
// verifying signature for $data and imported public key
// note that signature firstly was decoded from base64
$valid = openssl_verify($data, base64_decode($sign), $pub_key, 'RSA-SHA256');
if ($valid == 1){
echo "signature is valid \n";
} else {
echo "signature is NOT valid \n";
}
// same thing about freeing of key
openssl_free_key($pub_key);
它输出signature is valid
所以问题可能是你的密钥对。(PScreatePrivateAndPublicKey
是一个不创建任何东西的函数的愚蠢名称......)
你的 curl 代码也很混乱,就像createPrivateAndPublicKey
一个 void 函数一样,它不返回任何东西,所以当你这样做时
$sign = createPrivateAndPublicKey($data_string);
$header[] = "Signature: $sign";
您分配$sign
给 NULL 并且当您将 NULL 添加到字符串时,没有任何反应,所以您设置的标题只是Signature: (blank)
推荐阅读
- sustainsys-saml2 - 登录后使用 Sitecore isAuthenticated 的 Sustainsys Saml2 SSO 为假
- node.js - 使用nodemailer将pdf发送到kindle电子邮件时未添加附件
- c# - 如何更改自动生成的 WCF 合同并在更新服务合同后持续存在?
- python - Python 替换列表中的值
- docker - 如何设置 WhatsApp Business API 客户端的单一实例
- python - 我需要编写一个程序来读取三个 csv 文件
- spring-boot - 类路径冲突问题(com.google.api.client.http.HttpTransport)
- rust - 无法使用 impl Sink
::start_send - powershell - 如何捕获作业的信息输出流?
- java - 在 Android (Java) 中创建时间表的可能有效方法