php - 与nodejs相比,无法验证php中的openssl签名
问题描述
我可以使用 Nodejs 来验证签名,crypto.createVerify而 PHP:openssl_verify总是返回 false。
Nodejs:获得正确的结果
const encryptKey = 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx';
const crypto = require('crypto');
var data = Buffer.from(JSON.stringify(vd), "utf-8");
var password = Buffer.from(encryptKey, "utf-8");
var hashPassword = crypto.createHash('sha256').update(password).digest();
var data ='oubWLpvUHAX5Z/9fmiCx8PGTqDl0+2sCShXnTdW640q7O1MDybxmDCF0R9SvvgFygFJfGVybK0qndePkJz690Lu96TiAi648PEPfrPjmtOSBLovVjNiIvdI1i16ryJ5BdtT/lp4rWe1LTyXeiRZ8KdVoqKeg76GCQi0jfXG9wUDJgt8tc1qf+ey3jvqa5J04v/fEXhQVoKC6pFwLgvN7HLyXwpRx2UnmP6Szm37QffiVO7uo1IiY3PB0Wh/AXNMIRSKz3Qn6v2iTTDt8k/r2qADNS4c6FaxFrQlNljr7z6t9k3QCTD0gqHy9YlZAFLB1Fi7kspBmnoQpAlweMIf97MfZvE5aXQDRyP7XVlY1upFyfkItyJwVsCLG1D2+jiJfw/VUZ4m2E7GwewsvcZ86Wf4Q0yeI8Ot/im3lw4SA/EXASuj0C6PkxjCjucktyjazpY5Eq0mSHWjhlw/LPVIPIjT6SCtYJId9vxeed95wcgyRjF4IIIwr8KFT4gqHi5BMW0z2r/EPGgNP4eMpMcxCNIz63f6j4/vFmr0ddxqZsDwaUVzGflRu3NO/kkWZdALw63Y1ABV9tl7hSSQdxYegzgZQPiK2oa/RT+0QvosmjjSEvdVCzA+0upt9PM7aHpv7xSdfa8RzaswwFuI9hlj9ZS5rxWf2czNISuqxXfvvKLDlSVlg9m3uRiVVslaoxLzktArW0SBej+7Ly934A5MXQXyhxJG47AEREeduGMw+kAVcEp/OUckmQbrg76IevxydMloa+jwI48ewzgC9J+ZXngg+GNQUh8p8rU2p9JEpUPQ/D/I68quncnuyxWNuEGIh';
var signature = 'xKS+T/p56Yt417SWDpGEMSbdlSrpnudVH6F8ajMw5DorGdh/oTodNq+4rvdWYfQYC4xUTIqwDohAqVqG0smT3dcIda2NiG+sWEJC7iJu4PhDorvcF7P2iwLf942JFaGgyC4dvtmGubV/bs7Eu7bjV7i11YDQJm4kRscWAXF1JskUX89VW2IGya+YdU//aM/eBzNJx1UofGOKLK0SPAkL2E8Ua9o/dk4RZWO/cgjGCQe/KSjpoAsErk+XJLV8DNNzbsLH/3aNANVEkS4jlBLT0TWKHDTZ9ht90ISYt8xFvjcxnrhVsnlWp6di2GNazxi3hIKraCAnIcu1oA0ofp9CjQ==';
const salt = new Buffer.from([1, 2, 3, 4, 5, 6, 7, 8], "utf-8");
var nodeCrypto = crypto.pbkdf2Sync(hashPassword, salt, 1000, 48, 'sha1');
var key = nodeCrypto.slice(0, 32);
var iv = nodeCrypto.slice(32, 48);
var ciperDec = crypto.createDecipheriv('aes-256-cbc', key, iv);
var dataDec = ciperDec2.update(data,"base64","utf8");
dataDec+= ciperDec2.final("utf8");
var verifier = crypto.createVerify('RSA-SHA256');
var data = Buffer.from(dataDec2, "utf-8");
verifier.update(data);
var merchantPublicKey = '';//something
var verify = verifier.verify(merchantPublicKey, signature,'base64');
console.log("verify", verify); //return true
PHP:返回错误
$data ='oubWLpvUHAX5Z/9fmiCx8PGTqDl0+2sCShXnTdW640q7O1MDybxmDCF0R9SvvgFygFJfGVybK0qndePkJz690Lu96TiAi648PEPfrPjmtOSBLovVjNiIvdI1i16ryJ5BdtT/lp4rWe1LTyXeiRZ8KdVoqKeg76GCQi0jfXG9wUDJgt8tc1qf+ey3jvqa5J04v/fEXhQVoKC6pFwLgvN7HLyXwpRx2UnmP6Szm37QffiVO7uo1IiY3PB0Wh/AXNMIRSKz3Qn6v2iTTDt8k/r2qADNS4c6FaxFrQlNljr7z6t9k3QCTD0gqHy9YlZAFLB1Fi7kspBmnoQpAlweMIf97MfZvE5aXQDRyP7XVlY1upFyfkItyJwVsCLG1D2+jiJfw/VUZ4m2E7GwewsvcZ86Wf4Q0yeI8Ot/im3lw4SA/EXASuj0C6PkxjCjucktyjazpY5Eq0mSHWjhlw/LPVIPIjT6SCtYJId9vxeed95wcgyRjF4IIIwr8KFT4gqHi5BMW0z2r/EPGgNP4eMpMcxCNIz63f6j4/vFmr0ddxqZsDwaUVzGflRu3NO/kkWZdALw63Y1ABV9tl7hSSQdxYegzgZQPiK2oa/RT+0QvosmjjSEvdVCzA+0upt9PM7aHpv7xSdfa8RzaswwFuI9hlj9ZS5rxWf2czNISuqxXfvvKLDlSVlg9m3uRiVVslaoxLzktArW0SBej+7Ly934A5MXQXyhxJG47AEREeduGMw+kAVcEp/OUckmQbrg76IevxydMloa+jwI48ewzgC9J+ZXngg+GNQUh8p8rU2p9JEpUPQ/D/I68quncnuyxWNuEGIh';
$sign = 'xKS+T/p56Yt417SWDpGEMSbdlSrpnudVH6F8ajMw5DorGdh/oTodNq+4rvdWYfQYC4xUTIqwDohAqVqG0smT3dcIda2NiG+sWEJC7iJu4PhDorvcF7P2iwLf942JFaGgyC4dvtmGubV/bs7Eu7bjV7i11YDQJm4kRscWAXF1JskUX89VW2IGya+YdU//aM/eBzNJx1UofGOKLK0SPAkL2E8Ua9o/dk4RZWO/cgjGCQe/KSjpoAsErk+XJLV8DNNzbsLH/3aNANVEkS4jlBLT0TWKHDTZ9ht90ISYt8xFvjcxnrhVsnlWp6di2GNazxi3hIKraCAnIcu1oA0ofp9CjQ==';
$pass = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx";
$hashPass = hash("sha256",mb_convert_encoding($pass,"UTF-8"),true);
$salt = implode('', array_map('chr', [ 1, 2, 3, 4, 5, 6, 7, 8 ]));
$pbkdf2 = hash_pbkdf2("SHA1", $hashPass, $salt, 1000, 48,true);
$key = substr($pbkdf2, 0, 32);
$iv = substr($pbkdf2, 32, 48);
$hash = openssl_decrypt($data, 'aes-256-cbc', $key, OPENSSL_ZERO_PADDING, $iv);
$pubkeyid = openssl_get_publickey($publicKey);
$verified = openssl_verify($hash, $sign, $pubkeyid, OPENSSL_ALGO_SHA256);
echo $verified; //returning false
// Free the key.
openssl_free_key($pubkeyid);
解决方案
推荐阅读
- c - Mac OS gcc 链接 c 和 asm
- python-3.x - pip - 无法安装 SSL
- ubuntu - 无法在 kafka 中创建主题
- r - 如何在 RStudio 中抓取可折叠表格
- javascript - Node js重用现有的buff调用
- amazon-web-services - 如何有时使用特定标头缓存云端响应,有时不考虑标头?
- rust - 如何绕过超特征计算周期?
- angular - .map 运算符后打印的 NaN 值
- c# - Excel Dna 从 Excel 功能区读取 UDF 参数
- docker - 在 docker 容器中安装 npm 错误:无法获取 uid/gid